Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide for the Security Certification and Accreditation of Federal Information Systems



Ronald S. Ross, Marianne M. Swanson, G Stoneburner, Stuart W. Katzke, L A. Johnson


[Superseded by SP 800-37 Rev. 1 (February 2010):] The purpose of this publication is to provide guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal government by: i) enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; ii) promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and iii) creating more complete, reliable, and trustworthy information for authorizing officials--to facilitate more informed security accreditation decisions.
Special Publication (NIST SP) - 800-37
Report Number


information systems, SDLC, security accreditation, security certification, System Development Life Cycle


Ross, R. , Swanson, M. , Stoneburner, G. , Katzke, S. and Johnson, L. (2004), Guide for the Security Certification and Accreditation of Federal Information Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed May 28, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created May 20, 2004, Updated February 19, 2017