Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-37 Rev. 1

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Date Published: February 2010

Supersedes: SP 800-37 (05/20/2004)


Joint Task Force Transformation Initiative



categorize; information systems; common controls; continuous monitoring; FISMA; risk management framework; roles and responsibilities; security authorization; security controls
Control Families

None selected


NIST SP 800-37 Rev. 1 (pdf)

Supplemental Material:
None available

Document History:
02/22/10: SP 800-37 Rev. 1 (Final)