Re: Tools for NIST RMF

AlexDersch · ‎03-20-2024

Hi, we are looking for a tool to support us in the paperwork of the RMF processes. Something similar to ServiceNow Integrated Risk Management.

Any ideas or suggestions?

thanks in advanced

Alex

Caute_cautim · ‎03-20-2024

@AlexDersch Build your own approach for better understanding within the corporation:

Example: https://www.ibm.com/policy/ibms-approach-to-implementing-the-nist-ai-rmf/

Regards

Caute_Cautim

AlexDersch · ‎03-21-2024

Thanks for your feedback Caute_Cautim,

it not about the processes, my request is more related to tracking poam's, risks, in excel is quite a pain.

Greetings from Switzerland

Alex

Early_Adopter · ‎03-21-2024

If pedigree is important and money no issues then Archer would probably work for you.

Panaseer is a small startup that will do things for you.

OneTrust got very big, very quick on a privacy push from GDPR, then shrunk a bit.

Or you can roll your own with the help of some open source efforts.

That would be more challenging but fun. Even more effort gets you your own data store and some BI visualisations.

Just plugged Vendors so I might as well add this:

https://www.gartner.com/reviews/market/it-risk-management-solutions

https://www.gartner.com/reviews/market/it-risk-management-solutions

Hard to say what’s a fit with limited info I’m afraid.

AlexDersch · ‎03-21-2024

Thanks, Early Adopter, I am not a fan of open source solutions. I will have a look at the Gartner reports.
Best regards
Alex

Steve-Wilme · ‎03-21-2024

It's perfectly possible to implement risk management in ServiceNow without purchasing the dedicate risk module if your support team has the skill set.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS