NIST Releases Guide for Applying the Risk Management Framework to Federal Information Systems
For Immediate Release: March 2, 2010
The final publication of the Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST Special Publication 800-37, Revision 1) is now available on the National Institute of Standards and Technology’s (NIST) Computer Security Resource Center (csrc.nist.gov).
The new document describes the transformation of the federal government’s Certification and Accreditation process into a Risk Management Framework that stresses security from an information system’s initial design phase through implementation and daily operations. It places equal emphasis both on defining the correct set of security controls and on implementing them in a robust continuous monitoring process.
The publication is the second in a series of publications produced by the Joint Task Force Transformation Initiative, which is a partnership of NIST, the Office of the Director of National Intelligence, the Department of Defense and the Committee on National Security Systems to develop a common information security framework for the federal government and its support contractors.
The full text of SP 800-37, Revision 1, can be found at http://csrc.nist.gov/publications/PubsSPs.html#800-37.