Which framework provides a risk management approach specifically designed for federal information systems?

Correct answer: NIST Risk Management Framework (RMF)

Option C is correct because the NIST Risk Management Framework (RMF), defined in NIST SP 800-37, was specifically created to provide a structured process for integrating security, privacy, and risk management into federal information systems, and its use is mandated by FISMA for U.S. federal agencies. Option A is incorrect because ISO 27001 is an internationally recognized standard for information security management systems but is not specifically designed or mandated for federal information systems. Option B is incorrect because COBIT is an IT governance framework developed by ISACA that focuses broadly on IT management and governance, not specifically on federal risk management. Option D is incorrect because ITIL is a framework for IT service management best practices and does not address risk management for federal information systems.