U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

NIST Risk Management Framework RMF

Publications

The following NIST-authored publications are directly related to this project.

Series & Number Title Status Released
SP 800-53A Rev. 5 (Draft) Assessing Security and Privacy Controls in Information Systems and Organizations Draft 08/03/2021
SP 800-47 Rev. 1 Managing the Security of Information Exchanges Final 07/20/2021
NISTIR 8212 ISCMA: An Information Security Continuous Monitoring Program Assessment Final 03/31/2021
SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations Final 12/10/2020
SP 800-53B Control Baselines for Information Systems and Organizations Final 12/10/2020
SP 800-137A Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment Final 05/21/2020
NISTIR 8011 Vol. 4 Automation Support for Security Control Assessments: Software Vulnerability Management Final 04/28/2020
SP 800-160 Vol. 2 Developing Cyber Resilient Systems: A Systems Security Engineering Approach Final 11/27/2019
SP 800-128 Guide for Security-Focused Configuration Management of Information Systems Final 10/10/2019
SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy Final 12/20/2018
NISTIR 8011 Vol. 3 Automation Support for Security Control Assessments: Software Asset Management Final 12/06/2018
SP 800-160 Vol. 1 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems Final 03/21/2018
SP 800-12 Rev. 1 An Introduction to Information Security Final 06/22/2017
NISTIR 8011 Vol. 1 Automation Support for Security Control Assessments: Volume 1: Overview Final 06/06/2017
NISTIR 8011 Vol. 2 Automation Support for Security Control Assessments: Volume 2: Hardware Asset Management Final 06/06/2017
NISTIR 8023 Risk Management for Replication Devices Final 02/23/2015
SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations Withdrawn 01/22/2015
SP 800-53A Rev. 4 Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans Final 12/18/2014
SP 800-30 Rev. 1 Guide for Conducting Risk Assessments Final 09/17/2012
SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Final 09/30/2011
SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View Final 03/01/2011
SP 800-60 Vol. 1 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories Final 08/01/2008
SP 800-60 Vol. 2 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices Final 08/01/2008
FIPS 200 Minimum Security Requirements for Federal Information and Information Systems Final 03/01/2006
SP 800-18 Rev. 1 Guide for Developing Security Plans for Federal Information Systems Final 02/24/2006
FIPS 199 Standards for Security Categorization of Federal Information and Information Systems Final 02/01/2004
SP 800-59 Guideline for Identifying an Information System as a National Security System Final 08/20/2003
Created November 30, 2016, Updated November 01, 2021