NIST SP 800 37, Guide For Applying The Risk Management Framework To Federal Information Systems: A Security Life Cycle Approach A.7 37 Systems

A.7_NIST%20800-37%20Guide%20for%20Applying%20the%20Risk%20Management%20Framework%20to%20Federal%20Information%20Systems

User Manual:

Open the PDF directly: View PDF .
Page Count: 93

Scroll down to view the document on your mobile browser.

February 2010
- U.S. Department of Commerce
- National Institute of Standards and Technology
introduction
- 1.1 background
- 1.2 purpose and applicability
- 1.3 target audience
the fundamentals
- 2.1 integrated organization-wide risk management
- 2.2 system development life cycle
- 2.3 information system boundaries
- 2.4 security control allocation
subsystem
LAN TWO
subsystem GUARD
subsystem
LAN ONE
DYNAMIC SUBSYSTEM
DYNAMIC SUBSYSTEM
the process
- 3.2 rmf step 2 – select security controls
- 3.3 rmf step 3 – implement security controls
- 3.4 rmf step 4 – assess security controls
- 3.5 rmf step 5 – authorize information system
- 3.6 rmf step 6 – monitor security controls
references
glossary
acronyms
roles and responsibilities
summary of rmf tasks
security authorization
- Authorization to Operate
- Denial of Authorization to Operate
continuous monitoring
- g.1 monitoring strategy
- g.2 selection of security controls for monitoring
- g.3 key document updates and status reporting
operational scenarios
security controls in external environments

Navigation menu