There is significantly more detail about RMF in the NIST publication;
               please review that document for a complete perspective on risk

               frameworks.

               The NIST RMF is the primary focus of the CISSP exam, but you might
               want to review other risk management frameworks for use in the real
               world. Please consider operationally critical threat, asset, and
               vulnerability evaluation (OCTAVE), Factor Analysis of Information
               Risk (FAIR), and Threat Agent Risk Assessment (TARA). For further

               research, you’ll find a useful article here:
               www.csoonline.com/article/2125140/metrics-budgets/it-risk-
               assessment-frameworks–real-world-experience.html. Understanding
               that there are a number of well-recognized frameworks and that
               selecting one that fits your organization’s requirements and style is
               important.