Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-37 Rev. 1

Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach

Date Published: February 2010 (Updated 6/5/2014)

Planning Note (5/9/2018): A draft of SP 800-37 Revision 2 is now available for public comment, until June 22, 2018.

Supersedes: SP 800-37 Rev. 1 (February 2010)

Author(s)

Joint Task Force Transformation Initiative

Abstract

Keywords

common controls; continuous monitoring; FISMA; risk management framework; roles and responsibilities; security authorization; information systems; categorize; security controls
Control Families

Security Assessment and Authorization; Configuration Management; Planning; Program Management; Risk Assessment;