Risk Management Framework

44871 Words 180 Pages
NIST Special Publication 800-37 Revision 1

Guide for Applying the Risk Management Framework to Federal Information Systems
A Security Life Cycle Approach

JOINT TASK FORCE TRANSFORMATION INITIATIVE

INFORMATION

SECURITY

Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930

February 2010

U.S. Department of Commerce
Gary Locke, Secretary

National Institute of Standards and Technology
Patrick D. Gallagher, Director

Special Publication 800-37

Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approach

________________________________________________________________________________________________
…show more content…
interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations… “ “…For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations…” “…Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other …show more content…
As part of the overall governance structure established by the organization, the risk management strategy is propagated to organizational officials and contractors with programmatic, planning, developmental, acquisition, operational, and oversight responsibilities, including for example: (i) authorizing officials; (ii) chief information officers; (iii) senior information security officers; (iv) enterprise/information security architects; (v) information system owners/program managers; (vi) information owners/stewards; (vii) information system security officers; (viii)

Related Documents