Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Risk Management

Publications

The following NIST-authored publications are directly related to this project.

Series & Number Title Status Released
SP 800-37 Rev. 2 (DRAFT) Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy Draft 05/09/2018
SP 800-53 Rev. 5 (DRAFT) Security and Privacy Controls for Information Systems and Organizations Draft 08/15/2017
NISTIR 8011 Vol. 1 Automation Support for Security Control Assessments: Overview Final 06/06/2017
NISTIR 8011 Vol. 2 Automation Support for Security Control Assessments: Hardware Asset Management Final 06/06/2017
SP 800-171 Rev. 1 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Withdrawn 12/20/2016
SP 800-160 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems Withdrawn 11/14/2016
SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations Final 01/22/2015
SP 800-53A Rev. 4 Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans Final 12/18/2014
SP 800-37 Rev. 1 Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach Final 06/10/2014
SP 800-30 Rev. 1 Guide for Conducting Risk Assessments Final 09/17/2012
SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Final 09/30/2011
SP 800-128 Guide for Security-Focused Configuration Management of Information Systems Final 08/12/2011
SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View Final 03/01/2011
SP 800-60 Vol. 2 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices Final 08/01/2008
FIPS 200 Minimum Security Requirements for Federal Information and Information Systems Final 03/01/2006
FIPS 199 Standards for Security Categorization of Federal Information and Information Systems Final 02/01/2004
Created November 30, 2016, Updated May 15, 2018