U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Revised Guide Helps Federal Organizations Improve Their Risk Management Practices and Information System Security

Published

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. Developed by NIST in partnership with the Joint Task Force Transformation Initiative, the publication supports federal managers in both defense and civil agencies in making informed decisions about the security of their information systems. The revised guide explains the basic concepts to be applied to the management of security risks to information systems. The bulletin discusses issues emphasized in the publication: planning and building information security capabilities into information systems throughout the system life cycle; implementing up-to-date management, operational, and technical security controls; and maintaining awareness of the security condition of information systems though improved monitoring. The Risk Management Framework is explained, and references are provided to additional sources of information on risk management.
Citation
ITL Bulletin -
NIST Pub Series
ITL Bulletin
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

accreditation, authorization, availability, categorization, certification, confidentiality, FISMA, integrity, information security, information systems security, Joint Task Force, risk management, Risk Management Framework, security controls, security plans, security risks, system development life cycle
Information technology and Cybersecurity and privacy

Citation

Radack, S. (2010), Revised Guide Helps Federal Organizations Improve Their Risk Management Practices and Information System Security, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=905359 (Accessed May 1, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created March 29, 2010, Updated February 19, 2017
Was this page helpful?