Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Joint Task Force Transformation Initiative

doi:https://doi.org/10.6028/NIST.SP.800-37r1

SP 800-37 Rev. 1

Withdrawn on December 20, 2019. Superseded by SP 800-37 Rev. 2

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Documentation Topics

Date Published: February 2010 (Updated 6/5/2014)

Supersedes: SP 800-37 Rev. 1 (02/22/2010)

Author(s)

Joint Task Force Transformation Initiative

Abstract

The purpose of SP 800-37 Rev 1 is to provide guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system authorization, and security control monitoring.

Keywords

risk management framework; roles and responsibilities; security authorization; information systems; common controls; FISMA; categorize; security controls; continuous monitoring

Control Families

Assessment, Authorization and Monitoring; Configuration Management; Planning; Program Management; Risk Assessment

Documentation

Publication:
SP 800-37 Rev. 1 (DOI)
Local Download

Supplemental Material:
Supplemental Guidance on Ongoing Authorization, (June 2014) (other)
Press Release (other)

Related NIST Publications:
White Paper

Document History:
06/05/14: SP 800-37 Rev. 1

Topics

Security and Privacy
audit & accountability; planning; risk assessment

Laws and Regulations
Federal Information Security Modernization Act; Homeland Security Presidential Directive 7; OMB Circular A-130

Information Technology Laboratory

Computer Security Resource Center

Computer Security Resource Center

SP 800-37 Rev. 1

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Author(s)

Abstract

Keywords

Control Families

Documentation

Topics