Date Published: December 2018
Supersedes:
SP 800-37 Rev. 1 (06/05/2014); CSWP 3 (06/03/2014)
Assessment, Authorization and Monitoring; Configuration Management; Planning; Program Management; Risk Assessment
Publication:
https://doi.org/10.6028/NIST.SP.800-37r2
Download URL
Supplemental Material:
None available
Related NIST Publications:
Document History:
09/28/17: SP 800-37 Rev. 2 (Draft)
05/09/18: SP 800-37 Rev. 2 (Draft)
10/02/18: SP 800-37 Rev. 2 (Draft)
12/20/18: SP 800-37 Rev. 2 (Final)
audit & accountability, continuous monitoring, controls, planning, risk assessment
Applications Laws and RegulationsExecutive Order 13800, Federal Information Security Modernization Act, Homeland Security Presidential Directive 7, OMB Circular A-130