NIST Special Publication 800 -37
Revision 2
Risk Management Framework for
Information Systems and Organizations
A System Life Cycle Approach for Security and Privacy
JOINT TASK FORCE
This publication is available free of charge from :
https://doi.org/10.6028/NIST.SP.800- 37r2
This publication contains comprehensive updates to the
Risk Management Framework . The updates include an
alignment with the co nstructs in the NIST Cybersecurity
Framework; the integration of privacy risk management
processes ; an alignment with system life cycle security
engineering proc esses; and the in corporation of suppl y
chain risk management processes. Organizations can
use the frameworks and processes in a complementary
manner within the RMF to effectively manage security
and privacy risks to organizational operations and
assets, individuals, other organizations, and the Nation.
Revision 2 includes a set of organization -wide RMF tasks
that are designed to prepare information system own ers
to conduct system -level risk management activities. The
intent is to increase the effectiveness, efficiency, and
cost-effectiveness of the RMF by establishing a closer
connection to the organization’s missions and business
functions and improv ing the c ommunications among
senior leaders, managers, and operational personnel. NIST Special Publication 800 -37
Revision 2
Risk Management Framework for
Information Systems and Organizations
A System Life Cycle Approach for Security and Privacy
JOINT TASK FORCE
This publication is available free of charge from:
https://doi.org/10.6028/NIST.SP.800- 37r2
December 2018
U.S. Department of Commerce
Wilbur L. Ross, Jr., Secretary
National Institute of Standards and Technology
Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology NIST SP 800 -37, REVISION 2 RISK MANA GEMENT FRAMEWORK FOR INFORMATION SYSTEMS AND ORGANIZATIONS
A System Life Cycle Approach for Security and Privacy
________________________________________________________________________________________________
PAGE i
This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800 -37r2
Authority
This publication has been developed by NIST to further its statutory responsibiliti es under the
Federal Information Security Modernization Act ( FISMA), 44 U.S.C. § 3551 et seq. , Public Law
(P.L.) 113 -283. NIST is responsible for developing information security standards and guidelines,
including minimum requirements for federal informati on systems, but such standards and
guidelines shall not apply to national security systems without the express approval of the
appropriate federal officials exercising policy authority over such systems. This guideline is
consistent with requirements of th e Office of Management and Budget (OMB) Circular A -130.
Nothing in this publication should be taken to contradict the standards and guidelines made
mandatory and binding on federal agencies by the Secretary of Commerce under statutory
authority. Nor should these guidelines be interpreted as altering or superseding the existing
authorities of the Secretary of Commerce, OMB Director, or any other federal official. This
publication may be used by nongovernmental organizations on a voluntary basis and is not
subject to copyright in the United States. Attribution would, however, be appreciated by NIST.
National Institute of Standards and Techno logy Special Publication 800 -37, Revision 2
Natl. Inst. St and. Technol. Spec. Publ. 800 -37, Rev. 2, 183 page s (December 2
NIST.SP.800-37r2Risk Management Framework for Information Systems and Organizations
安全标准 >
NIST >
文档预览
中文文档
183 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共183页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:13:29上传分享