# NIST SP 800-37*

Guide for Applying the Risk Management Framework to Federal Information Systems

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
NIST National Institute of Standards and Technology
SP Special Publication

# Overview

NIST SP 800-37 is the Guide for Implementing the Risk Management Framework (RMF). This particular risk management framework is a methodology for handling all organizational risk in a holistic, comprehensive, and continual manner. This RMF supersedes the old "Certification and Accreditation" model of cyclical inspections that have a specific duration.

This RMF relies heavily on the use of automated solutions, risk analysis and assessment, and implementing controls based on those assessments, with continuous monitoring and improvement.

# Components

  • Categorize information systems
  • Select security controls
  • Implement security controls
  • Assess security controls
  • Authorize information systems
  • Monitor security controls