1. Preparation
This step in Revision 2 of RMF was added by NIST, realizing the necessity of training the company to get the maximum benefit from RMF, concentrating critically on contact. According to NIST, “Prepare carries out essential activities at the organization, mission and business process, and information system levels of the enterprise to help prepare the organization to manage its security and privacy risks using the Risk Management Framework.”