The Risk Management Process: An Interagency Security Committee Standard (RMP Standard) establishes a single, formalized process for specifying the standards and guidelines to follow when determining federal facility security requirements. The Risk Management Process (RMP) uses a five-step methodology to ensure a comprehensive approach to meet federal facility security in today's threat environment enabling organizations to make informed decisions, allocate resources effectively, and prioritize risk mitigation efforts. The goal of the RMP is to provide a level of protection (LOP) equal to the level of risk at the site-specific location.
The process is continuous and begins with determining the facility security level (FSL) and baseline LOP.
THIS STANDARD IS SUPPORTED BY SEVERAL KEY APPENDICES:
Appendix A: The Design-Basis Threat Report (FOUO) – Creates a profile of the adversary’s type, composition, and capabilities across a range of Undesirable Events.
Appendix B: Countermeasures (FOUO) – Establishes security countermeasures that correspond to LOPs applied to all federal facilities, subject to following the RMP.
Appendix C: Child-Care Center Level of Protection Implementation Guidance (FOUO)
FIVE FACTORS TO DETERMINE FSL:
1. Mission Criticality
2. Facility Population
3. Symbolism
4. Facility Size
5. Threat to Tennant Agencies
Additional resources include:
- Guidance on establishing and conducting a Facility Security Committee.
- Assistance on establishing or refining performance measurement programs.
- Commonly used fillable forms and templates in support of the RMP.