Date Published: February 2010 (Updated 6/5/2014)
Planning Note (5/9/2018):
A draft of SP 800-37 Revision 2 is now available for public comment, until June 22, 2018.
Supersedes: SP 800-37 Rev. 1 (February 2010)
Author(s)
Joint Task Force Transformation Initiative
The purpose of SP 800-37 Rev 1 is to provide guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system authorization, and security control monitoring.
The purpose of SP 800-37 Rev 1 is to provide guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system...
See full abstract
The purpose of SP 800-37 Rev 1 is to provide guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system authorization, and security control monitoring.
Hide full abstract
Keywords
common controls; continuous monitoring; FISMA; risk management framework; roles and responsibilities; security authorization; information systems; categorize; security controls
Control Families
Security Assessment and Authorization;
Configuration Management;
Planning;
Program Management;
Risk Assessment;