Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Risk Management

Publications

The following NIST-authored publications are directly related to this project.

Series & Number Title Status Released
SP 800-171A Assessing Security Requirements for Controlled Unclassified Information Final 06/13/2018
SP 800-171 Rev. 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations Final 06/07/2018
SP 800-37 Rev. 2 (DRAFT) Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy Draft 05/09/2018
NISTIR 8011 Vol. 3 (DRAFT) Automation Support for Security Control Assessments: Software Asset Management Draft 04/05/2018
SP 800-160 Vol. 1 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems Final 03/21/2018
SP 800-160 Vol. 2 (DRAFT) Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems Draft 03/21/2018
SP 800-53 Rev. 5 (DRAFT) Security and Privacy Controls for Information Systems and Organizations Draft 08/15/2017
NISTIR 8011 Vol. 1 Automation Support for Security Control Assessments: Overview Final 06/06/2017
NISTIR 8011 Vol. 2 Automation Support for Security Control Assessments: Hardware Asset Management Final 06/06/2017
SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations Final 01/22/2015
SP 800-53A Rev. 4 Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans Final 12/18/2014
SP 800-37 Rev. 1 Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach Final 06/10/2014
SP 800-30 Rev. 1 Guide for Conducting Risk Assessments Final 09/17/2012
SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Final 09/30/2011
SP 800-128 Guide for Security-Focused Configuration Management of Information Systems Final 08/12/2011
SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View Final 03/01/2011
SP 800-60 Vol. 2 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices Final 08/01/2008
FIPS 200 Minimum Security Requirements for Federal Information and Information Systems Final 03/01/2006
SP 800-18 Rev. 1 Guide for Developing Security Plans for Federal Information Systems Final 02/24/2006
FIPS 199 Standards for Security Categorization of Federal Information and Information Systems Final 02/01/2004
Created November 30, 2016, Updated August 06, 2018