According to the National Institute of Standards and Technology (NIST), its recent release of the final public draft of Revision 1, of NIST SP 800-37  transforms its certification and accreditation process into a six-step risk management framework (RMF).

Further stated by NIST, “…this revised RMF-based process has the following characteristics:

1.  Promotes the concept of near real-time risk management and ongoing information system authorization through the implementation of robust continuous characteristics;

2.  Encourages the use of automation and automated support tools to provide senior leaders the necessary information to take credible, risk-based decisions with regard to the organizational information systems supporting their core missions and business functions;

3.  Integrates information security more closely into the enterprise architecture and system development life cycle;

4.  Provides equal emphasis on the selection, implementation, assessment, and monitoring of security controls, and the authorization of information systems;

5.  Establishes responsibility and accountability for security controls depolyed within organizational information systems and inherited by those systems – i.e. common controls; and

6.  Links risk management processes at the information system level to risk management processes at the organization-level through a risk executive function.”

We believe this revised  RMF-based process offers valuable guidance to the members of every governmental or non-governmental organization’s risk management team, business continuity planning group, or information management or security team member given the responsibility for that organization’s information system. 

This guidance document can also be a vital reference to help validate a company’s security life cycle approach document.

Click here to view the final public draft of NIST SP 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach.

Pin It on Pinterest