The final publication of the Guide for
Applying the Risk Management Framework to Federal Information Systems: A
Security Life Cycle Approach (NIST Special Publication 800-37,
Revision 1) is now available on the National Institute of Standards and
Technology’s (NIST) Computer Security Resource Center (csrc.nist.gov).
The new document describes the transformation of the
federal government’s Certification and Accreditation process into a Risk
Management Framework that stresses security from an information
system’s initial design phase through implementation and daily
operations. It places equal emphasis both on defining the correct set of
security controls and on implementing them in a robust continuous
monitoring process.
The publication is the second in a series of
publications produced by the Joint Task Force Transformation Initiative,
which is a partnership of NIST, the Office of the Director of National
Intelligence, the Department of Defense and the Committee on National
Security Systems to develop a common information security framework for
the federal government and its support contractors.
The full text of SP 800-37, Revision 1, can be found at
http://csrc.nist.gov/publications/PubsSPs.html#800-37.
