Skip to content
Home / Function (NIST CSF 2.0) / GV - Govern / OC - Org. Context

NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

This document focuses on:

NIST Special Publication 800-37, Revision 2, titled “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy,” provides comprehensive guidelines for applying the Risk Management Framework (RMF) to federal information systems and organizations. The publication outlines a structured, flexible, and repeatable process for managing security and privacy risks throughout the system development life cycle. Key activities include categorizing information systems, selecting and implementing appropriate security and privacy controls, assessing control effectiveness, authorizing system operation, and continuously monitoring controls. The framework emphasizes integration with organizational processes, automation for near real-time risk management, and alignment with both security and privacy requirements. NIST SP 800-37 Revision 2 was published in December 2018.


Publication's URL

https://csrc.nist.gov/pubs/sp/800/37/r2/final

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *