Helpful tips

What is the purpose of NIST 800-37?

2020-03-06 by Chase Collins

What is the purpose of NIST 800-37?

The goal of the RMF is to prepare organizations to execute appropriate risk management activities through a life cycle. The framework also provides a cybersecurity roadmap to provide near real-time risk management on information systems with a decision tree supporting privacy and security.

Which type of document is SP 800-37?

NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems” is an in-depth publication put forth by the National Institute of Standards and Technology (NIST) that discusses the essential elements of risk and the importance of undertaking documented information security risk …

When was NIST 800-37 created?

February 2010
NIST Special Publication 800-37 Rev. 1 was published in February 2010 under the title “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach”.

Which of the following is a step in the RMF process according to NIST SP 800-37 Guideline for Applying the Risk Management Framework to Federal information systems?

The six-step RMF includes security categorization, security control selection, security control implementation, security control assessment, information system authorization, and security control monitoring.

What does NIST stand for?

National Institute of Standards and Technology
National Institute of Standards and Technology | NIST.

What is the purpose of NIST 800 53?

What is NIST 800-53? NIST SP 800-53 provides a list of controls that support the development of secure and resilient federal information systems. These controls are the operational, technical, and management standards and guidelines used by information systems to maintain confidentiality, integrity, and availability.

What is the purpose of NIST 800-53?

Is NIST compliance mandatory?

It’s perhaps not surprising that NIST compliance is mandatory for all federal agencies, and has been so since 2017. For private sector businesses that don’t bid on government contracts, compliance with NIST standards is voluntary.

Is NIST an agency?

Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

What is the difference between NIST 800-53 and 800?

The key distinction between NIST 800-171 vs 800-53 is that 800-171 refers to non-federal networks and NIST 800-53 applies directly to any federal organization.

Who does NIST 800-53 apply to?

All U.S. federal government agencies and contractors are required to comply with NIST SP 800‐53; however, many state and local governments, as well as private organizations, also use NIST SP 800‐53 as their security controls framework.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.