NIST SP 800-37 Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems - Brossura

Sinossi

NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems is prepared by The National Institute of Standards and Technology. The purpose of this publication is to provide guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization,9 security control selection and implementation, security control assessment, information system authorization,10 and security control monitoring. The guidelines have been developed: To ensure that managing information system-related security risks is consistent with the organization’s mission/business objectives and overall risk strategy established by the senior leadership through the risk executive (function); To ensure that information security requirements, including necessary security controls, are integrated into the organization’s enterprise architecture and system development life cycle processes; To support consistent, well-informed, and ongoing security authorization decisions (through continuous monitoring), transparency of security and risk management-related information, and reciprocity; and To achieve more secure information and information systems within the federal through the implementation of appropriate risk mitigation strategies. Disclaimer This hardcopy is not published by National Institute of Standards and Technology (NIST), the US Government or US Department of Commerce. The publication of this document should not in any way imply any relationship or affiliation to the above named organizations and Government.

Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.