This page is currently queued for revision.
NIST SP 800-37*
Guide for Applying the Risk Management Framework to Federal Information Systems
Acronyms, Abbreviations, and Initialisms
|Short Form||Full Form|
|NIST||National Institute of Standards and Technology|
NIST SP 800-37 is the Guide for Implementing the Risk Management Framework (RMF). This particular risk management framework is a methodology for handling all organizational risk in a holistic, comprehensive, and continual manner. This RMF supersedes the old "Certification and Accreditation" model of cyclical inspections that have a specific duration.
This RMF relies heavily on the use of automated solutions, risk analysis and assessment, and implementing controls based on those assessments, with continuous monitoring and improvement.
- Categorize information systems
- Select security controls
- Implement security controls
- Assess security controls
- Authorize information systems
- Monitor security controls