NIST Special Publication 800-37, Revision 2, titled “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy,” provides comprehensive guidelines for applying the Risk Management Framework (RMF) to federal information systems and organizations. The publication outlines a structured, flexible, and repeatable process for managing security and privacy risks throughout the system development life cycle. Key activities include categorizing information systems, selecting and implementing appropriate security and privacy controls, assessing control effectiveness, authorizing system operation, and continuously monitoring controls. The framework emphasizes integration with organizational processes, automation for near real-time risk management, and alignment with both security and privacy requirements. NIST SP 800-37 Revision 2 was published in December 2018.
Publication's URL
URL: https://csrc.nist.gov/pubs/sp/800/37/r2/finalPublication's scorecard
Country: USA
Scope: Cyber
Typology: Standard
Publication's date: December 1, 2018
Category: Governance Framework
Sector: Cross-Sector
Rating:
(No Ratings Yet)
Loading...