The Risk Management Framework (RMF) was first developed by the Department of Defense (DoD) to act as criteria for strengthening and standardizing the risk management process of information security organizations. The framework later became widely adopted by the rest of the U.S.
Read full article on CIO.com