U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects NIST Risk Management Framework

NIST Risk Management Framework RMF

News and Updates

New Online Tool to Improve Stakeholder Engagement with SP 800-53
September 28, 2021
A new SP 800-53 controls Public Comment Site is now available for interacting with, downloading, and submitting security and privacy controls, baselines, and assessments.
NISTIR 8212: ISCM Program Assessment and Tool
March 31, 2021
NIST has published NISTIR 8212, "An Information Security Continuous Monitoring Program Assessment," and the ISCMAx tool that implements the ISCM program assessment described in SP 800-137A.
NIST Publishes SP 800-172
February 2, 2021
NIST announces the release of Special Publication (SP) 800-172, "Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171"
Draft NIST SP 800-47 Rev. 1 Available for Comment
January 26, 2021
Draft NIST SP 800-47 Revision 1, "Managing the Security of Information Exchanges," is now available for public comment through March 12, 2021.
Control Catalog and Baselines as Spreadsheets
January 26, 2021
New supplemental materials are available for SP 800-53 Rev. 5 and SP 800-53B: spreadsheets for the Control Catalog and Control Baselines.
Updates to SP 800-53 Rev 5 and 800-53B
December 10, 2020
NIST has issued supplemental materials and errata updates for both SP 800-53 Rev. 5 and SP 800-53B, which were originally published in September 2020. New materials include control mappings and control comparisons. 
Control Baselines: NIST Publishes SP 800-53B
October 29, 2020
NIST Special Publication (SP) 800-53B, "Control Baselines for Information Systems and Organizations," has been published.
ISCMA Draft NISTIR 8212 Available for Comment
October 1, 2020
Draft NISTIR 8212, "ISCMA: An Information Security Continuous Monitoring Program Assessment," is available for public comment through November 13, 2020.
SP 800-53 Revision 5 Published
September 23, 2020
NIST Special Publication (SP) 800-53 Revision 5, "Security and Privacy Controls for Information Systems and Organizations," represents a multi-year effort to develop the next generation of controls needed to strengthen and...
Control Baselines: Draft SP 800-53B
July 31, 2020
NIST has released Draft SP 800-53B, "Control Baselines for Information Systems and Organizations," for public comment. The comment period is open through September 11, 2020.
Draft SP 800-172: Enhanced Security Reqs for CUI
July 6, 2020
NIST has released a final public draft for comment: Draft Special Publication (SP) 800-172. The comment period ends on August 21, 2020.
Assessing ISCM Programs: NIST SP 800-137A
May 21, 2020
NIST has published Special Publication (SP) 800-137A, "Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment."
NIST Publishes NISTIR 8011 Vol. 4
April 28, 2020
NIST has published Volume 4 of NISTIR 8011:  "Automation Support for Security Control Assessments: Software Vulnerability Management."
NIST Releases FPD SP 800-53 Rev. 5
March 16, 2020
NIST has released the Final Public Draft of Special Publication (SP) 800-53 Revision 5, "Security and Privacy Controls for Information Systems and Organizations," for public comment. Comments are due by May 29, 2020.
Assessing ISCM Programs: NIST Releases Draft SP 800-137A
January 13, 2020
NIST has released Draft Special Publication (SP) 800-137A, "Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment." Public comments are due by February 28, 2020.
NIST Releases Draft NISTIR 8011 Vol. 4 for Comment
November 20, 2019
NIST has released Draft NISTIR 8011 Volume 4, "Automation Support for Security Control Assessments: Software Vulnerability Management," for public comment.  The comment period ends December 20, 2019.
NIST Updates SP 800-128
October 15, 2019
NIST has updated Special Publication (SP) 800-128, "Guide for Security-Focused Configuration Management of Information Systems"
Withdrawal of SP 800-64 Rev. 2
May 31, 2019
NIST has withdrawn Special Publication 800-64 Revision 2, "Security Considerations in the System Development Life Cycle."
RMF Update: NIST Publishes SP 800-37 Rev. 2
December 20, 2018
NIST has published an update to its Risk Management Framework specification, in NIST Special Publication (SP) 800-37 Revision 2.

Contacts

NIST Risk Management Framework Team
sec-cert@nist.gov

Created November 30, 2016, Updated November 01, 2021