U.S. flag   An official website of the United States government

SP 800-37 Rev. 1

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Date Published: February 2010 (Updated 6/5/2014)

Supersedes: SP 800-37 Rev. 1 (02/22/2010)


Joint Task Force Transformation Initiative



risk management framework; roles and responsibilities; security authorization; information systems; common controls; FISMA; categorize; security controls; continuous monitoring
Control Families

Assessment, Authorization and Monitoring; Configuration Management; Planning; Program Management; Risk Assessment