Sign In

Communications of the ACM

ACM News

Guide For Applying Risk Management Framework to Information Systems Released

View as: Print Mobile App Share:

The final publication of the 93-page Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST Special Publication 800-37, Revision 1) is now available on the National Institute of Standards and Technology's (NIST) Computer Security Resource Center.

The new document describes the transformation of the U.S. government's Certification and Accreditation process into a Risk Management Framework that stresses security from an information system's initial design phase through implementation and daily operations. It places equal emphasis both on defining the correct set of security controls and on implementing them in a robust continuous monitoring process.

The publication is the second in a series of publications produced by the Joint Task Force Transformation Initiative, which is a partnership of NIST, the Office of the Director of National Intelligence, the Department of Defense and the Committee on National Security Systems to develop a common information security framework for the federal government and its support contractors.


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account