Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

NIST Releases Guide for Applying the Risk Management Framework to Federal Information Systems

For Immediate Release: March 2, 2010

Bookmark and Share

Contact: Evelyn Brown

The final publication of the Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST Special Publication 800-37, Revision 1) is now available on the National Institute of Standards and Technology’s (NIST) Computer Security Resource Center (csrc.nist.gov).

The new document describes the transformation of the federal government’s Certification and Accreditation process into a Risk Management Framework that stresses security from an information system’s initial design phase through implementation and daily operations. It places equal emphasis both on defining the correct set of security controls and on implementing them in a robust continuous monitoring process.

The publication is the second in a series of publications produced by the Joint Task Force Transformation Initiative, which is a partnership of NIST, the Office of the Director of National Intelligence, the Department of Defense and the Committee on National Security Systems to develop a common information security framework for the federal government and its support contractors.

The full text of SP 800-37, Revision 1, can be found at http://csrc.nist.gov/publications/PubsSPs.html#800-37.