Ypifany RMF

Environment (All Change Agents — threats & opportunities) LOW TRUST ZONE Minimal control • Disconnect/Filter if unexpected MEDIUM TRUST ZONE Shared control • Verify outputs • Contracts/SLAs HIGH TRUST ZONE Direct control • Configure & correct immediately GROUND ZERO Continuity of my control Biases • Habits • Assumptions Examples by Zone High Trust: your router OS, self-hosted server, local password vault Medium Trust: vendor-managed CRM, partner doc platform Low Trust: ISP modem/router, public social platforms, open web Outer ring = less control Inner ring = more control

RMF Lifecycle

  1. Prepare: Know yourself first — your blind spots, habits, and mission.

  2. Categorize: Define your boundaries — what’s inside your system, what’s outside.

  3. Select: Choose what roles signals are allowed to take inside each zone.

  4. Implement: Put in the controls — configure routers, firewalls, DNS, and VLANs.

  5. Assess: Test whether signals are actually getting the roles you intended.

  6. Authorize: Make a conscious decision: “Yes, this system can run with these risks.”

  7. Monitor: Keep checking — are things still aligned with your mission, or do you need to adjust?