The Risk Management Framework (RMF) is a U.S. federal government policy and set of standards developed by the National Institute of Standards and Technology (NIST) in Gaithersburg, Md., for the assessment and authorization of mission systems.
Given that systems typically are an integration of several products, using component products that meet functional and assurance security requirements, such as Common Criteria (CC) protection profiles, can streamline assessing the integrated system.
Increasingly, U.S. military programs are using RMF to address cybersecurity and trusted-computing requirements, and for some systems, it is required to get Approval to Operate computer engineering salary. Because RMF is a system-level certification, it is for certifying whole systems -- not just an individual component. This includes all the hardware and software in that system, and there are some steps that system designers can take for board-level hardware and software components to make RMF certification easier.