Citation Edit

NIST, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, (NIST Special Publication 800-37) (Rev. 1, Feb. 2010) (full-text).

Overview Edit

This publication replaces the traditional certification and accreditation process with the six-step risk management framework, including a process of assessment and authorization.[1] According to the publication, effective risk management processes should

(1) build information security capabilities into information systems through the application of management, operational, and technical security controls;
(2) maintain awareness of the security state of information systems on an ongoing basis though enhanced monitoring processes; and
(3) provide essential information to senior leaders to facilitate system authorization decisions regarding the acceptance of risk to organizational operations and assets, individuals, other organizations, and the nation arising from the operation and use of information systems.

According to NIST guidance these risk management processes:

References Edit

  1. The assessment and authorization process replaces the process known as certification and accreditation described in the previous version of SP 800-37.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.