diff --git a/README.md b/README.md
index f5fa3c3..d7223db 100644
--- a/README.md
+++ b/README.md
@@ -217,6 +217,8 @@
 
 [NIST CSF](https://www.nist.gov/national-security-standards) is a voluntary framework primarily intended for critical infrastructure organizations to manage and mitigate cybersecurity risk based on existing best practice.
 
+[NIST RMF](https://csrc.nist.gov/projects/risk-management/about-rmf) provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. 
+
 [EU GDPR (General Data Protection Regulation)](https://gdpr.eu/) is a privacy and data protection law that supersedes existing national data protection laws across the EU, bringing uniformity by introducing just one main data protection law for companies/organizations to comply with.
 
 [CCPA (California Consumer Privacy Act)](https://www.oag.ca.gov/privacy/ccpa) is a data privacy law that took effect on January 1, 2020 in the State of California. It applies to businesses that collect California residents’ personal information, and its privacy requirements are similar to those of the EU’s GDPR (General Data Protection Regulation).