Guide for the Security Certification and Accreditation of Federal Information Systems

Ross, Ron; Swanson, Marianne; Stoneburner, Gary; Katzke, Stuart; Johnson, L.

doi:https://doi.org/10.6028/NIST.SP.800-37

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

NIST SP 800-37

Withdrawn on February 22, 2010. Superseded by SP 800-37 Rev. 1

Guide for the Security Certification and Accreditation of Federal Information Systems

Documentation

Date Published: May 2004

Author(s)

Ron Ross (NIST), Marianne Swanson (NIST), Gary Stoneburner (NIST), Stuart Katzke (NIST), L. Johnson (NIST)

Abstract

The purpose of this publication is to provide guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal government by: i) enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; ii) promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and iii) creating more complete, reliable, and trustworthy information for authorizing officials--to facilitate more informed security accreditation decisions.

Keywords

information systems; SDLC; security accreditation; security certification; System Development Life Cycle

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-37
Download URL

Supplemental Material:
None available

Document History:
05/20/04: SP 800-37 (Final)