Cybersecurity & Data Privacy Risk Management Model (C|P-RMM)

The Cybersecurity & Data Privacy Risk Management Model (C|P-RMM) is built directly into the Secure Controls Framework (SCF). The concept of creating the C|P-RMM was to create an efficient methodology to identify, assess, report and mitigate risk. This project was approached from the perspective of asking the question, “How should I management risk?” and was a collaboration between ComplianceForge and the SCF. The C|P-RMM takes a holistic approach to controls, risks and threats as a way to reduce or eliminate the traditional Fear, Uncertainty and Doubt (FUD) that makes many risk assessments meaningless. The C|P-RMM is free to use and is licensed under the Creative Commons licensing model.

Security & Privacy Risk Management Model

All organizations have a need to manage risk. Most organizations are compelled to management risk and these requirements come from a broad range of statutory, regulatory and contractual origins. Regardless of your industry, requirements to manage cybersecurity risk exist and failing to manage risk could leave your organization exposed to liabilities from non-compliance:

In risk management, the old adage of “the path to hell is paved with good intentions” is very applicable. The reason for this is all too often, risk management personnel are tasked with generating risk assessments and creating the questions to ask in those assessments without having a centralized set of organization-wide cybersecurity and privacy controls to work from. This generally leads to risk teams making up risks and asking questions that are not supported by the organization’s policies and standards. For example, an organization is an “ISO shop” that operates an ISO 27002-based Information Security Management System (ISMS) to govern its policies and standards, but its risk team is asking questions about NIST SP 800-53 or 800-171 controls that are not applicable to the organization. This scenario of “making up risks” points to a few security program governance issues:

Security & Privacy Risk management Model  

 

C|P-RMM: Applicability To NIST 800-171 & CMMC

An immediate need for many organizations is compliance with NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC). The Cybersecurity & Data Privacy Risk Management Model (C|P-RMM) is a tool that can be used to address the following NIST SP 800-171 requirements:

Browse Our Products

  • Digital Security Program (DSP)

    Digital Security Program (DSP) - SCF Policy Template

    Secure Controls Framework (SCF)

    Secure Controls Framework (SCF) "Premium Content" - Expertise-Class Policies, Control Objectives, Standards, Guidelines, Controls & Metrics. Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about...

    $9,500.00
    Choose Options
  • Cybersecurity Standardized Operating Procedures (CSOP) Template - Digital Security Program (DSP) Version

    DSP & SCF Procedures Template

    Secure Controls Framework (SCF)

    Cybersecurity Standardized Operating Procedures (CSOP)  DSP | SCF Version Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about what the CSOP is to help answer common questions we receive...

    $5,825.00
    Choose Options
  • NIST 800-171 Compliance Program (NCP). This is a bundle of products that are specific to NIST 800-171 and CMMC 2.0 compliance - policies, standards, procedures, SSP & POA&M templates. Editable CMMC 2.0 Level 2 (old Level 3) policies, standards, procedures, SSP & POA&M templates. CMMC policies & standards. NIST 800-171 policies & standards.

    NIST 800-171 Compliance Program (NCP): CMMC Level 2

    ComplianceForge - NIST 800-171 & CMMC

    NIST SP 800-171 & CMMC Editable & Affordable Cybersecurity Documentation This short product walkthrough video is designed to give a brief overview about what the NCP is to help answer common questions we receive. NIST 800-171 Rev 3...

    $8,950.00
    $8,950.00
    $5,200.00
    Choose Options
  • C-SCRM Compliance Bundle 2 - NIST SP 800-161 R1-based C-SCRM Program

    C-SCRM Bundle 2: DSP version (SCF alignment)

    ComplianceForge

    Cybersecurity Supply Chain Risk Management (C-SCRM) Bundle #2 - DSP Version (45% discount) This is a bundle that includes the following thirteen (13) ComplianceForge products that are focused on operationalizing Cybersecurity Supply Chain Risk...

    $45,350.00
    $45,350.00
    $24,943.00
    Choose Options
  • DSP Bundle 1: DSP-CSOP

    DSP Bundle 1: Policies, Standards, Procedures & Controls

    Secure Controls Framework (SCF)

    Digital Security Plan (DSP) Bundle #1 - SCF-Aligned Policies, Standards & Procedures (25% Discount) This is a bundle that includes the following two (2) ComplianceForge products that are focused on operationalizing the Secure Controls Framework...

    $15,325.00
    $15,325.00
    $11,494.00
    Choose Options
  • DSP Bundle 2

    DSP Bundle 2: Enhanced Digital Security Documentation

    Secure Controls Framework (SCF)

    Digital Security Plan (DSP) Bundle #2 - ENHANCED DIGITAL SECURITY (35% Discount) This is a bundle that includes the following seven (7) ComplianceForge products that are focused on operationalizing the Secure Controls Framework (SCF): Digital...

    $26,850.00
    $26,850.00
    $17,453.00
    Choose Options
  • DSP Bundle 3: Whole Enchilada

    DSP Bundle 3: Robust Digital Security Documentation

    Secure Controls Framework (SCF)

    Digital Security Plan (DSP) Bundle #3 - ROBUST DIGITAL SECURITY (45% Discount) This is a bundle that includes the following thirteen (13) ComplianceForge products that are focused on operationalizing the Secure Controls Framework (SCF): Digital...

    $45,350.00
    $45,350.00
    $24,943.00
    Choose Options
  • NIST 800-171 Compliance Bundle 4: Secure Controls Framework (SCF) / Digital Security Program (DSP) Documentation. CMMC policies & standards. NIST 800-171 policies & standards.

    CMMC Bundle 4: Levels 1-3 (DSP & SCF)

    Secure Controls Framework (SCF)

    NIST 800-171 & CMMC 2.0 Compliance Bundle #4 - EXPERT  CMMC 2.0 Levels 1-3  (45% discount) This is a bundle that includes the following thirteen (13) ComplianceForge products that are focused on operationalizing NIST SP 800-171...

    $43,240.00
    $43,240.00
    $23,782.00
    Choose Options
  • Privacy Bundle 2: DSP-based

    Privacy Bundle 2: DSP version (SCF alignment)

    ComplianceForge

    Privacy Bundle #2 - DSP Version (45% discount) This is a bundle that includes the following twelve (12) ComplianceForge products that are focused on operationalizing the cybersecurity and privacy principles: Digital Security Program (DSP) Cybersecurity...

    $41,500.00
    $41,500.00
    $22,825.00
    Choose Options

Learn More About Cybersecurity & Data Privacy