Risk Management Framework Update: NIST Publishes Special Publication 800-37 Revision 2

0

NIST has published NIST Special Publication (SP) 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. This update to NIST Special Publication 800-37 develops the next-generation Risk Management Framework (RMF) for information systems, organizations, and individuals, in response to Executive Order 13800, OMB Circular A-130, and OMB Memoranda M-17-25 and M-19-03. This is the first NIST publication to address security and privacy risk management in an integrated, robust, and flexible methodology.

One of the key changes in this RMF update is the addition of the Prepare step, which was incorporated to achieve more effective, efficient, and cost-effective security and privacy risk management processes.

Visit the CSRC Update link below for more information about the seven major objectives of this update, as well as its objectives for institutionalizing organization-level and system-level preparation. By achieving those objectives, organizations can simplify RMF execution, employ innovative approaches for managing risk, and increase the level of automation when carrying out specific tasks.

CSRC Update:
https://csrc.nist.gov/news/2018/rmf-update-nist-publishes-sp-800-37-rev-2

Publication details:
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

Share.