Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Releases Guide for Applying the Risk Management Framework to Federal Information Systems

The final publication of the Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST Special Publication 800-37, Revision 1) is now available on the National Institute of Standards and Technology's (NIST) Computer Security Resource Center (csrc.nist.gov).

The new document describes the transformation of the federal government's Certification and Accreditation process into a Risk Management Framework that stresses security from an information system's initial design phase through implementation and daily operations. It places equal emphasis both on defining the correct set of security controls and on implementing them in a robust continuous monitoring process.

The publication is the second in a series of publications produced by the Joint Task Force Transformation Initiative, which is a partnership of NIST, the Office of the Director of National Intelligence, the Department of Defense and the Committee on National Security Systems to develop a common information security framework for the federal government and its support contractors.

The full text of SP 800-37, Revision 1, can be found at http://csrc.nist.gov/publications/PubsSPs.html#800-37.

Released March 2, 2010, Updated May 4, 2021