Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Risk Management Framework RMF

Publications

The following NIST-authored publications are directly related to this project.

Series & Number Title Status Released
SP 1314 NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide: A Comprehensive, Flexible, Risk-Based Approach to Managing Information Security and Privacy Risk Final 07/23/2024
SP 800-60 Rev. 2 Guide for Mapping Types of Information and Systems to Security Categories Draft 01/31/2024
CSWP 30 Automation Support for Control Assessments: Project Update and Vision Final 12/06/2023
SP 800-53A Rev. 5 Assessing Security and Privacy Controls in Information Systems and Organizations Final 01/25/2022
SP 800-47 Rev. 1 Managing the Security of Information Exchanges Final 07/20/2021
IR 8212 ISCMA: An Information Security Continuous Monitoring Program Assessment Final 03/31/2021
SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations Final 12/10/2020
SP 800-53B Control Baselines for Information Systems and Organizations Final 12/10/2020
SP 800-137A Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment Final 05/21/2020
IR 8011 Vol. 4 Automation Support for Security Control Assessments: Software Vulnerability Management Final 04/28/2020
SP 800-160 Vol. 2 Developing Cyber Resilient Systems: A Systems Security Engineering Approach Withdrawn 11/27/2019
SP 800-128 Guide for Security-Focused Configuration Management of Information Systems Final 10/10/2019
SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy Final 12/20/2018
IR 8011 Vol. 3 Automation Support for Security Control Assessments: Software Asset Management Final 12/06/2018
SP 800-12 Rev. 1 An Introduction to Information Security Final 06/22/2017
IR 8011 Vol. 1 Automation Support for Security Control Assessments: Volume 1: Overview Final 06/06/2017
IR 8011 Vol. 2 Automation Support for Security Control Assessments: Volume 2: Hardware Asset Management Final 06/06/2017
IR 8023 Risk Management for Replication Devices Final 02/23/2015
SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations Withdrawn 01/22/2015
SP 800-53A Rev. 4 Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans Withdrawn 12/18/2014
SP 800-30 Rev. 1 Guide for Conducting Risk Assessments Final 09/17/2012
SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Final 09/30/2011
SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View Final 03/01/2011
SP 800-60 Vol. 1 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories Final 08/01/2008
SP 800-60 Vol. 2 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices Final 08/01/2008
FIPS 200 Minimum Security Requirements for Federal Information and Information Systems Final 03/01/2006
SP 800-18 Rev. 1 Guide for Developing Security Plans for Federal Information Systems Final 02/24/2006
FIPS 199 Standards for Security Categorization of Federal Information and Information Systems Final 02/01/2004
SP 800-59 Guideline for Identifying an Information System as a National Security System Final 08/20/2003
Created November 30, 2016, Updated September 24, 2024