Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NIST Releases Guide for Applying the Risk Management Framework to Federal Information Systems

The final publication of the Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST Special Publication 800-37, Revision 1) is now available on the National Institute of Standards and Technology's (NIST) Computer Security Resource Center (csrc.nist.gov).

The new document describes the transformation of the federal government's Certification and Accreditation process into a Risk Management Framework that stresses security from an information system's initial design phase through implementation and daily operations. It places equal emphasis both on defining the correct set of security controls and on implementing them in a robust continuous monitoring process.

The publication is the second in a series of publications produced by the Joint Task Force Transformation Initiative, which is a partnership of NIST, the Office of the Director of National Intelligence, the Department of Defense and the Committee on National Security Systems to develop a common information security framework for the federal government and its support contractors.

The full text of SP 800-37, Revision 1, can be found at http://csrc.nist.gov/publications/PubsSPs.html#800-37.

Released March 2, 2010, Updated January 8, 2018