Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
NIST will release the final version of Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. This publication represents the second in a series of publications being developed under the auspices of the Joint Task Force Transformation Initiative.
For the past three years, NIST has been working in partnership with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DOD), and the Committee on National Security Systems (CNSS) to develop a common information security framework for the federal government and its support contractors.
The initial publication produced by the task force, NIST Special Publication 800-53, Revision 3, was historic in nature—in that it created a unified security control catalog reflecting the information security requirements of both the national security community and the nonnational security community.
NIST Special Publication 800-37, Revision 1, completes the transformation of the traditional process employed by the federal government to certify and accredit federal information systems to a near real-time assessment and authorization. The revised process provides greater emphasis on: (i) building information security capabilities into information systems through the application of state-of-the-practice management, operational, and technical security controls; (ii) maintaining awareness of the security state of information systems on an ongoing basis though enhanced monitoring processes; and (iii) understanding and accepting the risk to organizational operations and assets, individuals, other organizations, and the Nation arising from the use of information systems.
The most significant change in the Final Version of the Special Publication 800-37, Revision 1, is the full transformation of the Certification and Accreditation (C&A) process into the six-step Risk Management Framework (RMF).
This Potomac Forum Workshop will review the new document, changes from the previoius document and assist in the transformation to the new Risk Management approach.
