Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Risk Management Framework RMF

News and Updates

Introducing the RMF Small Enterprise Quick Start Guide
July 24, 2024
The NIST Risk Management Framework Small Enterprise Quick Start Guide is designed to help small, under-resourced entities understand the value and core components of the RMF.
Online Intro Courses for NIST SP 800-53, SP 800-53A, and SP 800-53B
April 10, 2024
NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.
NIST has released Cybersecurity White Paper (CSWP) 30
December 6, 2023
NIST has released Cybersecurity White Paper (CSWP) 30, Automation Support for Control Assessments – Project Update and Vision, which describes planned updates to the NIST Interagency Report (IR) 8011 series.
NIST Invites Public Comments on SP 800-53 Controls
October 17, 2023
NIST is issuing one new proposed control and two control enhancements with corresponding assessment procedures for an expedited 2-week public comment period for October 17–31, 2023.
NIST Updates Security and Privacy Control Assessment Procedures
January 25, 2022
NIST has released Special Publication (SP) 800-53A Revision 5, "Assessing Security and Privacy Controls in Information Systems and Organizations."
New Online Tool to Improve Stakeholder Engagement with SP 800-53
September 28, 2021
A new SP 800-53 controls Public Comment Site is now available for interacting with, downloading, and submitting security and privacy controls, baselines, and assessments.
NISTIR 8212: ISCM Program Assessment and Tool
March 31, 2021
NIST has published NISTIR 8212, "An Information Security Continuous Monitoring Program Assessment," and the ISCMAx tool that implements the ISCM program assessment described in SP 800-137A.
NIST Publishes SP 800-172
February 2, 2021
NIST announces the release of Special Publication (SP) 800-172, "Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171"
Control Catalog and Baselines as Spreadsheets
January 26, 2021
New supplemental materials are available for SP 800-53 Rev. 5 and SP 800-53B: spreadsheets for the Control Catalog and Control Baselines.
Draft NIST SP 800-47 Rev. 1 Available for Comment
January 26, 2021
Draft NIST SP 800-47 Revision 1, "Managing the Security of Information Exchanges," is now available for public comment through March 12, 2021.
Updates to SP 800-53 Rev 5 and 800-53B
December 10, 2020
NIST has issued supplemental materials and errata updates for both SP 800-53 Rev. 5 and SP 800-53B, which were originally published in September 2020. New materials include control mappings and control comparisons. 
Control Baselines: NIST Publishes SP 800-53B
October 29, 2020
NIST Special Publication (SP) 800-53B, "Control Baselines for Information Systems and Organizations," has been published.
ISCMA Draft NISTIR 8212 Available for Comment
October 1, 2020
Draft NISTIR 8212, "ISCMA: An Information Security Continuous Monitoring Program Assessment," is available for public comment through November 13, 2020.
SP 800-53 Revision 5 Published
September 23, 2020
NIST Special Publication (SP) 800-53 Revision 5, "Security and Privacy Controls for Information Systems and Organizations," represents a multi-year effort to develop the next generation of controls needed to strengthen and...
Control Baselines: Draft SP 800-53B
July 31, 2020
NIST has released Draft SP 800-53B, "Control Baselines for Information Systems and Organizations," for public comment. The comment period is open through September 11, 2020.
Draft SP 800-172: Enhanced Security Reqs for CUI
July 6, 2020
NIST has released a final public draft for comment: Draft Special Publication (SP) 800-172. The comment period ends on August 21, 2020.
Assessing ISCM Programs: NIST SP 800-137A
May 21, 2020
NIST has published Special Publication (SP) 800-137A, "Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment."
NIST Publishes NISTIR 8011 Vol. 4
April 28, 2020
NIST has published Volume 4 of NISTIR 8011:  "Automation Support for Security Control Assessments: Software Vulnerability Management."
NIST Releases FPD SP 800-53 Rev. 5
March 16, 2020
NIST has released the Final Public Draft of Special Publication (SP) 800-53 Revision 5, "Security and Privacy Controls for Information Systems and Organizations," for public comment. Comments are due by May 29, 2020.
Assessing ISCM Programs: NIST Releases Draft SP 800-137A
January 13, 2020
NIST has released Draft Special Publication (SP) 800-137A, "Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment." Public comments are due by February 28, 2020.
NIST Releases Draft NISTIR 8011 Vol. 4 for Comment
November 20, 2019
NIST has released Draft NISTIR 8011 Volume 4, "Automation Support for Security Control Assessments: Software Vulnerability Management," for public comment.  The comment period ends December 20, 2019.
NIST Updates SP 800-128
October 15, 2019
NIST has updated Special Publication (SP) 800-128, "Guide for Security-Focused Configuration Management of Information Systems"
Withdrawal of SP 800-64 Rev. 2
May 31, 2019
NIST has withdrawn Special Publication 800-64 Revision 2, "Security Considerations in the System Development Life Cycle."
RMF Update: NIST Publishes SP 800-37 Rev. 2
December 20, 2018
NIST has published an update to its Risk Management Framework specification, in NIST Special Publication (SP) 800-37 Revision 2.
Created November 30, 2016, Updated September 24, 2024