Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-37 Rev. 1

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Date Published: February 2010 (Updated 6/5/2014)

Supersedes: SP 800-37 Rev. 1 (02/22/2010)


Joint Task Force Transformation Initiative



risk management framework; roles and responsibilities; security authorization; information systems; common controls; FISMA; categorize; security controls; continuous monitoring
Control Families

Assessment, Authorization and Monitoring; Configuration Management; Planning; Program Management; Risk Assessment