Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide for the Security Certification and Accreditation of Federal Information Systems

Published

Author(s)

Ronald S. Ross, Marianne M. Swanson, G Stoneburner, Stuart W. Katzke, L A. Johnson

Abstract

[Superseded by SP 800-37 Rev. 1 (February 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=904985] The purpose of this publication is to provide guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal government by: i) enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; ii) promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and iii) creating more complete, reliable, and trustworthy information for authorizing officials--to facilitate more informed security accreditation decisions.
Citation
Special Publication (NIST SP) - 800-37
Report Number
800-37

Keywords

information systems, SDLC, security accreditation, security certification, System Development Life Cycle

Citation

Ross, R. , Swanson, M. , Stoneburner, G. , Katzke, S. and Johnson, L. (2004), Guide for the Security Certification and Accreditation of Federal Information Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed June 17, 2021)
Created May 20, 2004, Updated February 19, 2017