This is a presentation of research completed to compare higher education information security policies to the NIST risk management framework. A surprising event occurred when it was found that the higher ed institutions were using the NIST cybersecurity framework instead, which incorporates parts of the RMF. This workshop presents the results of this research along with a discussion.