Date Published: June 2026
Supersedes:
SP 800-18 Rev. 1 (02/24/2006)
None selected
Publication:
https://doi.org/10.6028/NIST.SP.800-18r2
Download URL
Supplemental Material:
Security Plan Example Outline (docx)
Privacy Plan Example Outline (docx)
C-SCRM Plan Example Outline (docx)
System Plan-related Roles and Responsibilities (docx)
NIST Risk Management Framework
Document History:
06/04/25: SP 800-18 Rev. 2 (Draft)
06/30/26: SP 800-18 Rev. 2 (Final)
access authorization, authentication, cybersecurity supply chain risk management, planning, privacy, risk management
Laws and RegulationsFederal Information Security Modernization Act, OMB Circular A-130