What federal document outlines the Cybersecurity Risk Management framework?

The document that outlines the Cybersecurity Risk Management framework is NIST Special Publication 800-37. This publication specifically details the Risk Management Framework (RMF) for federal information systems, providing guidelines for integrating security and risk management activities into the system development lifecycle. The RMF is designed to protect an organization's information and systems while ensuring compliance with federal regulations.

NIST SP 800-37 focuses on a structured approach that includes the categorization of information systems, selection of security controls, implementation of those controls, assessment of their effectiveness, authorization of the system, and continuous monitoring. This comprehensive framework is crucial for managing cybersecurity risks and ensuring that federal agencies comply with federal policies and standards.

While the other documents listed are important in their own right, they don't specifically detail the risk management framework. FIPS Publication 199 addresses the security categorization of federal information and information systems, while OMB Circular A-130 provides guidance on the management of federal information resources. NIST SP 800-53 outlines the security and privacy controls for information systems, but it is a complementary publication rather than the one that establishes the framework itself.