Guide for Applying the Risk Management Framework to Federal Information Systems

Citation: NIST, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, SP 800-37, rev. 1 (Feb. 2010).

Overview
This publication replaces the traditional certification and accreditation process with the six-step risk management framework, including a process of assessment and authorization. According to the publication, the revised process emphasizes building information security capabilities into federal information systems through the application of security controls while implementing an ongoing monitoring process.

It also provides information to senior leaders to facilitate better decisions regarding the acceptance of risk arising from the operation and use of information systems.