NIST releases ‘Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach’

The final publication of the ‘Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach’ (NIST Special Publication 800-37, Revision 1) is now available on the National Institute of Standards and Technology’s Computer Security Resource Center (csrc.nist.gov).

The new document describes the transformation of the federal government’s Certification and Accreditation process into a Risk Management Framework that stresses security from an information system’s initial design phase through implementation and daily operations. It places equal emphasis both on defining the correct set of security controls and on implementing them in a robust continuous monitoring process.

The full text of SP 800-37, Revision 1, can be found here. (PDF)

•Date: 4th March 2010 • Region: US •Type: Article •Topic: IT continuity
Rate this article or make a comment - click here