Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Joint Task Force Transformation Initiative

SP 800-37 Rev. 1

Withdrawn on June 10, 2014. Superseded by SP 800-37 Rev. 1

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Documentation

Date Published: February 2010

Supersedes: SP 800-37 (05/20/2004)

Author(s)

Joint Task Force Transformation Initiative

Abstract

The purpose of SP 800-37 Rev 1 is to provide guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system authorization, and security control monitoring.

Keywords

categorize; information systems; common controls; continuous monitoring; FISMA; risk management framework; roles and responsibilities; security authorization; security controls

Control Families

None selected

Documentation

Publication:
Archived File

Supplemental Material:
None available

Document History:
02/22/10: SP 800-37 Rev. 1

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

Computer Security Resource Center

Computer Security Resource Center

SP 800-37 Rev. 1

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Author(s)

Abstract

Keywords

Control Families

Documentation