The NIST Risk Management Framework (RMF), defined in NIST Special Publication 800-37, provides a disciplined and structured process for managing security and privacy risk in federal information systems and organizations. The seven steps include Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor. Organizations use the RMF to ensure consistent application of security controls across their technology infrastructure. For example, a federal agency implementing a new cloud platform would follow the RMF to select appropriate controls, assess their effectiveness, and obtain authorization to operate before deployment.