CINXE.COM

NIST Risk Management Framework | CSRC

<!DOCTYPE html> <html lang="en-us" xml:lang="en-us"> <head><script type="text/javascript" src="https://web-static.archive.org/_static/js/bundle-playback.js?v=7YQSqjSh" charset="utf-8"></script> <script type="text/javascript" src="https://web-static.archive.org/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="https://web-static.archive.org/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://csrc.nist.gov/Projects/risk-management/publications","20240419061540","https://web.archive.org/","web","https://web-static.archive.org/_static/", "1713507340"); </script> <link rel="stylesheet" type="text/css" href="https://web-static.archive.org/_static/css/banner-styles.css?v=p7PEIJWi" /> <link rel="stylesheet" type="text/css" href="https://web-static.archive.org/_static/css/iconochive.css?v=3PDvdIFv" /> <!-- End Wayback Rewrite JS Include --> <meta charset="utf-8"/> <title>NIST Risk Management Framework | CSRC</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <meta http-equiv="content-style-type" content="text/css"/> <meta http-equiv="content-script-type" content="text/javascript"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <meta name="msapplication-config" content="/CSRC/Media/images/favicons/browserconfig.xml"/> <meta name="theme-color" content="#000000"/> <meta name="google-site-verification" content="xbrnrVYDgLD-Bd64xHLCt4XsPXzUhQ-4lGMj4TdUUTA"/> <meta name="description" content="Publications related to the project NIST Risk Management Framework"/> <!-- dcterms meta information --> <meta name="dcterms.title" content="NIST Risk Management Framework | CSRC | CSRC"/> <meta name="dcterms.description" content="Recent Updates April 10, 2024:聽NIST releases introductory courses for SP 800-53, SP 800-53A, and SP 800-53B. Each 45-60 minute course provides a high-level overview of the SP 800-53 controls, SP 800-53A assessment procedures, and SP 800-53B control..."/> <meta name="dcterms.creator" content="Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, U.S. Department of Commerce"/> <meta name="dcterms.date.created" scheme="ISO8601" content="2016-11-30"/> <meta name="dcterms.date.reviewed" scheme="ISO8601" content="2024-04-10"/> <meta name="dcterms.language" scheme="DCTERMS.RFC1766" content="EN-US"/> <!-- Facebook OpenGraph Tags --> <meta name="og:site_name" content="CSRC | NIST"/> <meta name="og:type" content="article"/> <meta name="og:url" content="https://web.archive.org/web/20240419061540im_/https://csrc.nist.gov/Projects/risk-management/publications"/> <meta name="og:title" content="NIST Risk Management Framework | CSRC | CSRC"/> <meta name="og:description" content="Recent Updates April 10, 2024:聽NIST releases introductory courses for SP 800-53, SP 800-53A, and SP 800-53B. Each 45-60 minute course provides a high-level overview of the SP 800-53 controls, SP 800-53A assessment procedures, and SP 800-53B control baselines. January 31, 2024:聽NIST seeks to update and improve the guidance in SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. Specifically, NIST seeks feedback on its current use, proposed updates in the Revision 2 initial working draft and information types taxonomy, and opportunities for ongoing improvement to SP 800-60. The public is invited to provide input by March 18, 2024. November 7, 2023:聽 NIST issues SP 800-53 Release 5.1.1 in the Cybersecurity and Privacy Reference Tool (CPRT).聽 The corresponding assessment procedures in SP 800-53A have also been updated , and the SP 800-53A assessment procedures and SP 800-53B control baselines are also now available in the CPRT.聽 For more information, see:..."/> <meta name="article:tag" content="general security &amp; privacy; privacy; risk management; security measurement; security programs &amp; operations; E-Government Act; Federal Information Security Modernization Act"/> <meta name="article:published_time" content="2016-11-30"/> <meta name="article:modified_time" content="2024-04-10"/> <link rel="apple-touch-icon" sizes="180x180" href="/web/20240419061540im_/https://csrc.nist.gov/images/icons/apple-touch-icon.png"/> <link rel="icon" type="image/png" href="/web/20240419061540im_/https://csrc.nist.gov/images/icons/favicon-32x32.png" sizes="32x32"/> <link rel="icon" type="image/png" href="/web/20240419061540im_/https://csrc.nist.gov/images/icons/favicon-16x16.png" sizes="16x16"/> <link rel="manifest" href="/web/20240419061540/https://csrc.nist.gov/images/icons/manifest.json"/> <link rel="mask-icon" href="/web/20240419061540im_/https://csrc.nist.gov/images/icons/safari-pinned-tab.svg" color="#000000"/> <link href="/web/20240419061540im_/https://csrc.nist.gov/CSRC/Media/images/favicons/favicon.ico" type="image/x-icon" rel="shortcut icon"/> <link href="/web/20240419061540im_/https://csrc.nist.gov/CSRC/Media/images/favicons/favicon.ico" type="image/x-icon" rel="icon"/> <link href="/web/20240419061540cs_/https://csrc.nist.gov/dist/app.css" rel="stylesheet"/> <!-- Highlight.js --> <link href="/web/20240419061540cs_/https://csrc.nist.gov/dist/highlight-js/github.css" rel="stylesheet"/> <!-- USWDS Top --> <link href="/web/20240419061540cs_/https://csrc.nist.gov/dist/uswds/css/uswds.css" type="text/css" rel="stylesheet"/> <script type="text/javascript" src="/web/20240419061540js_/https://csrc.nist.gov/dist/uswds/js/uswds-init.min.js"></script> <!-- reCAPTCHA v3 --> <style> .grecaptcha-badge { visibility: hidden; } </style> <script async type="text/javascript" id="_fed_an_ua_tag" src="https://web.archive.org/web/20240419061540js_/https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=nist&amp;subagency=csrc&amp;pua=UA-66610693-15&amp;yt=true&amp;exts=xsd,xml,wav,mpg,mpeg,avi,rtf,webm,ogg,ogv,oga,map,otf,eot,svg,ttf,woff"></script> <style id="antiClickjackCss"> body > * { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body > * { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjackCss"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <!-- Google tag (gtag.js) --> <script async src="https://web.archive.org/web/20240419061540js_/https://www.googletagmanager.com/gtag/js?id=G-TSQ0PLGJZP"></script> <script> 聽聽window.dataLayer = window.dataLayer || []; 聽聽function gtag(){dataLayer.push(arguments);} 聽聽gtag('js', new Date()); 聽聽gtag('config', 'G-TSQ0PLGJZP'); </script> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://web.archive.org/web/20240419061540/https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-MZQC4NCJ');</script> <!-- End Google Tag Manager --> </head> <body> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://web.archive.org/web/20240419061540if_/https://www.googletagmanager.com/ns.html?id=GTM-MZQC4NCJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <div id="antiClickjack" style="display: none;"> <strong style="font-size: 1.6rem;">You are viewing this page in an unauthorized frame window.</strong> <p>This is a potential security issue, you are being redirected to <a href="https://web.archive.org/web/20240419061540/https://csrc.nist.gov/">https://csrc.nist.gov</a>.</p> </div> <section class="usa-banner" aria-label="Official website of the United States government"> <div class="usa-accordion"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <div class="usa-banner__inner"> <div class="grid-col-auto"> <img aria-hidden="true" class="usa-banner__header-flag" src="/web/20240419061540im_/https://csrc.nist.gov/dist/uswds/img/us_flag_small.png" alt=""/> </div> <div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"> <p class="usa-banner__header-text"> An official website of the United States government </p> <p class="usa-banner__header-action">Here鈥檚 how you know</p> </div> <button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default"> <span class="usa-banner__button-text">Here鈥檚 how you know</span> </button> </div> </header> <div class="usa-banner__content usa-accordion__content" id="gov-banner-default"> <div class="grid-row grid-gap-lg"> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/web/20240419061540im_/https://csrc.nist.gov/dist/uswds/img/icon-dot-gov.svg" role="img" alt="" aria-hidden="true"/> <div class="usa-media-block__body"> <p> <strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/web/20240419061540im_/https://csrc.nist.gov/dist/uswds/img/icon-https.svg" role="img" alt="" aria-hidden="true"/> <div class="usa-media-block__body"> <p> <strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> ( <span class="icon-lock"> <svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewbox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"> <title id="banner-lock-title-default">Lock</title> <desc id="banner-lock-description-default">Locked padlock icon</desc> <path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"/> </svg> </span>) or <strong>https://</strong> means you鈥檝e safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </section> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row"> <!-- Brand --> <div class="col-xs-6 col-md-4 navbar-header"> <a class="navbar-brand" href="https://web.archive.org/web/20240419061540/https://www.nist.gov/" target="_blank" id="navbar-brand-image"> <img src="/web/20240419061540im_/https://csrc.nist.gov/CSRC/media/images/svg/nist-logo.svg" alt="National Institute of Standards and Technology" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <div class="form-inline hidden-sm hidden-xs"> <form name="site-search" id="site-search-form" action="/web/20240419061540/https://csrc.nist.gov/search" method="GET"> <label for="search-csrc-query" class="element-invisible">Search</label> <input autocomplete="off" class="form-control" id="search-csrc-query" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC"/> <input type="hidden" name="ipp" value="25"/> <input type="hidden" name="sortBy" value="relevance"/> <input type="hidden" name="showOnly" value="publications,projects,news,events,presentations,glossary,topics"/> <input type="hidden" name="topicsMatch" value="ANY"/> <input type="hidden" name="status" value="Final,Draft"/> <button type="submit" id="search-csrc-submit-btn" class="form-submit"> <span class="element-invisible">Search</span> <i class="fa fa-search"></i> </button> </form> </div> <span id="nvd-menu-button" class="pull-right"> <a href="#" id="nvd-menu-button-link"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text">CSRC MENU</span> </a> </span> </div> </div> </div> <div class="form-inline hidden-md hidden-lg"> <form name="site-search-mobile" id="site-search-form-mobile" action="/web/20240419061540/https://csrc.nist.gov/search" method="GET"> <label for="search-csrc-query-mobile" class="element-invisible">Search</label> <input autocomplete="off" class="form-control" id="search-csrc-query-mobile" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC"/> <button type="submit" id="search-csrc-submit-btn-mobile" class="form-submit"> <span class="element-invisible">Search</span> <i class="fa fa-search"></i> </button> </form> </div> <div class="main-menu-row container"> <!-- Collect the nav links, forms, and other content for toggling --> <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/web/20240419061540/https://csrc.nist.gov/projects">Projects</a></li> <li> <a href="/web/20240419061540/https://csrc.nist.gov/publications"> Publications <span class="expander fa fa-plus" id="main-menu-pubs-expander" data-expander-name="publications" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="publications" id="main-menu-pubs-expanded"> <div class="row"> <div class="col-lg-4"> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/drafts-open-for-comment">Drafts for Public Comment</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/draft-pubs">All Public Drafts</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/final-pubs">Final Pubs</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/fips">FIPS <small>(standards)</small></a></p> </div> <div class="col-lg-4"> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/sp">Special Publications (SP<small>s</small>)</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/ir">IR <small>(interagency/internal reports)</small></a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/cswp">CSWP <small>(cybersecurity white papers)</small></a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/itl-bulletin">ITL Bulletins</a></p> </div> <div class="col-lg-4"> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/project-description">Project Descriptions</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/journal-article">Journal Articles</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/conference-paper">Conference Papers</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/publications/book">Books</a></p> </div> </div> </div> </li> <li> <a href="/web/20240419061540/https://csrc.nist.gov/topics"> Topics <span class="expander fa fa-plus" id="main-menu-topics-expander" data-expander-name="topics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="topics" id="main-menu-topics-expanded"> <div class="row"> <div class="col-lg-4"> <p><a href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy">Security &amp; Privacy</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/Topics/Applications">Applications</a></p> </div> <div class="col-lg-4"> <p><a href="/web/20240419061540/https://csrc.nist.gov/Topics/Technologies">Technologies</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/Topics/Sectors">Sectors</a></p> </div> <div class="col-lg-4"> <p><a href="/web/20240419061540/https://csrc.nist.gov/Topics/Laws-and-Regulations">Laws &amp; Regulations</a></p> <p><a href="/web/20240419061540/https://csrc.nist.gov/Topics/Activities-and-Products">Activities &amp; Products</a></p> </div> </div> </div> </li> <li><a href="/web/20240419061540/https://csrc.nist.gov/news">News &amp; Updates</a></li> <li><a href="/web/20240419061540/https://csrc.nist.gov/events">Events</a></li> <li><a href="/web/20240419061540/https://csrc.nist.gov/glossary">Glossary</a></li> <li> <a href="/web/20240419061540/https://csrc.nist.gov/about"> About CSRC <span class="expander fa fa-plus" id="main-menu-about-expander" data-expander-name="about" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="about" id="main-menu-about-expanded"> <div class="row"> <div class="col-lg-6"> <p> <strong><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Computer-Security-Division">Computer Security Division</a></strong><br/> <ul> <li><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Computer-Security-Division/Cryptographic-Technology">Cryptographic Technology</a></li> <li><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Computer-Security-Division/Secure-Systems-and-Applications">Secure Systems and Applications</a></li> <li><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Computer-Security-Division/Security-Components-and-Mechanisms">Security Components and Mechanisms</a></li> <li><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Computer-Security-Division/Security-Engineering-and-Risk-Management">Security Engineering and Risk Management</a></li> <li><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Computer-Security-Division/Security-Testing-Validation-and-Measurement">Security Testing, Validation, and Measurement</a></li> </ul> </p> </div> <div class="col-lg-6"> <p> <strong><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Applied-Cybersecurity-Division">Applied Cybersecurity Division</a></strong><br/> <ul> <li><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Applied-Cybersecurity-Division/Cybersecurity-and-Privacy-Applications">Cybersecurity and Privacy Applications</a></li> <li><a href="/web/20240419061540/https://csrc.nist.gov/Groups/Applied-Cybersecurity-Division/National-Cybersecurity-Center-of-Excellence">National Cybersecurity Center of Excellence (NCCoE)</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/nice/">National Initiative for Cybersecurity Education (NICE)</a></li> </ul> </p> <p> <a href="/web/20240419061540/https://csrc.nist.gov/contact"> Contact Us </a> </p> </div> </div> </div> </li> </ul> </div><!-- /#mobile-nav-container --> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <div class="hidden-xs hidden-sm" id="itl-header-lg"> <a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/itl" target="_blank" id="itl-header-link">Information Technology Laboratory</a> </div> <div class="hidden-xs hidden-sm" id="csrc-header-lg"> <a href="/web/20240419061540/https://csrc.nist.gov/" id="csrc-header-link-lg">Computer Security Resource Center</a> </div> </div> <div class="col-sm-12 col-md-4"> <div class="hidden-xs hidden-sm hidden-md"> <a id="logo-csrc-lg" href="/web/20240419061540/https://csrc.nist.gov/"><img id="img-logo-csrc-lg" src="/web/20240419061540im_/https://csrc.nist.gov/CSRC/Media/images/nist-logo-csrc-white.svg" alt="CSRC Logo" class="csrc-header-logo"></a> </div> <div class="hidden-lg"> <a id="logo-csrc-sm" href="/web/20240419061540/https://csrc.nist.gov/"><img id="img-logo-csrc-sm" src="/web/20240419061540im_/https://csrc.nist.gov/CSRC/Media/images/nist-logo-csrc-white.svg" alt="CSRC Logo" class="csrc-header-logo"></a> </div> </div> </div> </div> </section> <div id="body-section" class="container"> <div class="breadcrumb"> <a href="/web/20240419061540/https://csrc.nist.gov/projects" class="breadcrumb-link">Projects</a> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management" class="breadcrumb-link">NIST Risk Management Framework</a> </div> <h1 id="projectName">NIST Risk Management Framework <small id="project-acronym">RMF</small></h1> <div class="page-social-buttons" id="&quot;news-social-buttons&quot;"> <a href="https://web.archive.org/web/20240419061540/https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcsrc.nist.gov%2Fprojects%2Frisk-management%2Fpublications" class="social-facebook"><i class="fa fa-facebook fa-fw" aria-hidden="true"></i><span class="sr-only">Share to Facebook</span></a> <a href="https://web.archive.org/web/20240419061540/https://twitter.com/share?url=https%3A%2F%2Fcsrc.nist.gov%2Fprojects%2Frisk-management%2Fpublications" class="social-twitter"><i class="fa fa-twitter fa-fw" aria-hidden="true"></i><span class="sr-only">Share to Twitter</span></a> <a href="https://web.archive.org/web/20240419061540/https://www.linkedin.com/shareArticle?mini=true&amp;url=https%3A%2F%2Fcsrc.nist.gov%2Fprojects%2Frisk-management%2Fpublications&amp;source=csrc.nist.gov" class="social-linked-in"><i class="fa fa-linkedin fa-fw" aria-hidden="true"></i><span class="sr-only">Share to LinkedIn</span></a> <a href="https://web.archive.org/web/20240419061540/mailto:/?subject=csrc.nist.gov&amp;body=Check out this site https://csrc.nist.gov/Projects/risk-management/publications" class="social-email"><i class="fa fa-envelope fa-fw" aria-hidden="true"></i><span class="sr-only">Share ia Email</span></a> </div> <div class="row visible-sm visible-xs visible-md"> <div class="col-sm-12"> <div class="bs-callout bs-callout-subnav" id="projectLinksContainer-sm"> <h4><i class="fa fa-link"></i> Project Links</h4> <div class="project-icons-container"> <span> <a href="/web/20240419061540/https://csrc.nist.gov/projects/risk-management" id="NavOverviewLink-sm"> <i class="fa fa-info-circle"></i> Overview </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/faqs" id="NavFaqsLink-sm"> <i class="fa fa-question-circle"></i> FAQs </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/news" id="NavNewsLink-sm" data-count="23"> <i class="fa fa-newspaper-o"></i> News &amp; Updates </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/events" id="NavEventsLink-sm" data-count="4"> <i class="fa fa-calendar-o"></i> Events </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/publications" id="NavPubsLink-sm" data-count="28"> <i class="fa fa-file-text"></i> Publications </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/presentations" id="NavPresLink-sm" data-count="18"> <i class="fa fa-desktop"></i> Presentations </a> </span> </div> </div> </div> </div> <div class="row"> <div class="col-lg-8 col-sm-12"> <h3>Publications</h3> <p>The following NIST-authored publications are directly related to this project.</p> <div class="responsive-table"> <table class="table table-striped table-bordered project-pubs-table" id="project-pubs-list" data-total-records="28"> <thead> <tr> <th nowrap>Series &amp; Number</th> <th>Title</th> <th>Status</th> <th>Released</th> </tr> </thead> <tbody> <tr id="pub-item-0"> <td id="full-pub-display-0">SP 800-60 Rev. 2</td> <td><a id="pub-link-0" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/60/r2/iwd">Guide for Mapping Types of Information and Systems to Security Categories</a></td> <td id="pub-status-0">Draft</td> <td id="pub-release-date-0">01/31/2024</td> </tr> <tr id="pub-item-1"> <td id="full-pub-display-1">CSWP 30</td> <td><a id="pub-link-1" href="/web/20240419061540/https://csrc.nist.gov/pubs/cswp/30/automation-support-for-control-assessments-project/final">Automation Support for Control Assessments: Project Update and Vision</a></td> <td id="pub-status-1">Final</td> <td id="pub-release-date-1">12/06/2023</td> </tr> <tr id="pub-item-2"> <td id="full-pub-display-2">SP 800-53A Rev. 5</td> <td><a id="pub-link-2" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/53/a/r5/final">Assessing Security and Privacy Controls in Information Systems and Organizations</a></td> <td id="pub-status-2">Final</td> <td id="pub-release-date-2">01/25/2022</td> </tr> <tr id="pub-item-3"> <td id="full-pub-display-3">SP 800-47 Rev. 1</td> <td><a id="pub-link-3" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/47/r1/final">Managing the Security of Information Exchanges</a></td> <td id="pub-status-3">Final</td> <td id="pub-release-date-3">07/20/2021</td> </tr> <tr id="pub-item-4"> <td id="full-pub-display-4">IR 8212</td> <td><a id="pub-link-4" href="/web/20240419061540/https://csrc.nist.gov/pubs/ir/8212/final">ISCMA: An Information Security Continuous Monitoring Program Assessment</a></td> <td id="pub-status-4">Final</td> <td id="pub-release-date-4">03/31/2021</td> </tr> <tr id="pub-item-5"> <td id="full-pub-display-5">SP 800-53 Rev. 5</td> <td><a id="pub-link-5" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final">Security and Privacy Controls for Information Systems and Organizations</a></td> <td id="pub-status-5">Final</td> <td id="pub-release-date-5">12/10/2020</td> </tr> <tr id="pub-item-6"> <td id="full-pub-display-6">SP 800-53B</td> <td><a id="pub-link-6" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/53/b/upd1/final">Control Baselines for Information Systems and Organizations</a></td> <td id="pub-status-6">Final</td> <td id="pub-release-date-6">12/10/2020</td> </tr> <tr id="pub-item-7"> <td id="full-pub-display-7">SP 800-137A</td> <td><a id="pub-link-7" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/137/a/final">Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment</a></td> <td id="pub-status-7">Final</td> <td id="pub-release-date-7">05/21/2020</td> </tr> <tr id="pub-item-8"> <td id="full-pub-display-8">IR 8011 Vol. 4</td> <td><a id="pub-link-8" href="/web/20240419061540/https://csrc.nist.gov/pubs/ir/8011/v4/final">Automation Support for Security Control Assessments: Software Vulnerability Management</a></td> <td id="pub-status-8">Final</td> <td id="pub-release-date-8">04/28/2020</td> </tr> <tr id="pub-item-9"> <td id="full-pub-display-9">SP 800-160 Vol. 2</td> <td><a id="pub-link-9" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/160/v2/final">Developing Cyber Resilient Systems: A Systems Security Engineering Approach</a></td> <td id="pub-status-9">Withdrawn</td> <td id="pub-release-date-9">11/27/2019</td> </tr> <tr id="pub-item-10"> <td id="full-pub-display-10">SP 800-128</td> <td><a id="pub-link-10" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/128/upd1/final">Guide for Security-Focused Configuration Management of Information Systems</a></td> <td id="pub-status-10">Final</td> <td id="pub-release-date-10">10/10/2019</td> </tr> <tr id="pub-item-11"> <td id="full-pub-display-11">SP 800-37 Rev. 2</td> <td><a id="pub-link-11" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/37/r2/final">Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy</a></td> <td id="pub-status-11">Final</td> <td id="pub-release-date-11">12/20/2018</td> </tr> <tr id="pub-item-12"> <td id="full-pub-display-12">IR 8011 Vol. 3</td> <td><a id="pub-link-12" href="/web/20240419061540/https://csrc.nist.gov/pubs/ir/8011/v3/final">Automation Support for Security Control Assessments: Software Asset Management</a></td> <td id="pub-status-12">Final</td> <td id="pub-release-date-12">12/06/2018</td> </tr> <tr id="pub-item-13"> <td id="full-pub-display-13">SP 800-12 Rev. 1</td> <td><a id="pub-link-13" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/12/r1/final">An Introduction to Information Security</a></td> <td id="pub-status-13">Final</td> <td id="pub-release-date-13">06/22/2017</td> </tr> <tr id="pub-item-14"> <td id="full-pub-display-14">IR 8011 Vol. 1</td> <td><a id="pub-link-14" href="/web/20240419061540/https://csrc.nist.gov/pubs/ir/8011/v1/final">Automation Support for Security Control Assessments: Volume 1: Overview</a></td> <td id="pub-status-14">Final</td> <td id="pub-release-date-14">06/06/2017</td> </tr> <tr id="pub-item-15"> <td id="full-pub-display-15">IR 8011 Vol. 2</td> <td><a id="pub-link-15" href="/web/20240419061540/https://csrc.nist.gov/pubs/ir/8011/v2/final">Automation Support for Security Control Assessments: Volume 2: Hardware Asset Management</a></td> <td id="pub-status-15">Final</td> <td id="pub-release-date-15">06/06/2017</td> </tr> <tr id="pub-item-16"> <td id="full-pub-display-16">IR 8023</td> <td><a id="pub-link-16" href="/web/20240419061540/https://csrc.nist.gov/pubs/ir/8023/final">Risk Management for Replication Devices</a></td> <td id="pub-status-16">Final</td> <td id="pub-release-date-16">02/23/2015</td> </tr> <tr id="pub-item-17"> <td id="full-pub-display-17">SP 800-53 Rev. 4</td> <td><a id="pub-link-17" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/53/r4/upd3/final">Security and Privacy Controls for Federal Information Systems and Organizations</a></td> <td id="pub-status-17">Withdrawn</td> <td id="pub-release-date-17">01/22/2015</td> </tr> <tr id="pub-item-18"> <td id="full-pub-display-18">SP 800-53A Rev. 4</td> <td><a id="pub-link-18" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/53/a/r4/upd1/final">Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans</a></td> <td id="pub-status-18">Withdrawn</td> <td id="pub-release-date-18">12/18/2014</td> </tr> <tr id="pub-item-19"> <td id="full-pub-display-19">SP 800-30 Rev. 1</td> <td><a id="pub-link-19" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/30/r1/final">Guide for Conducting Risk Assessments</a></td> <td id="pub-status-19">Final</td> <td id="pub-release-date-19">09/17/2012</td> </tr> <tr id="pub-item-20"> <td id="full-pub-display-20">SP 800-137</td> <td><a id="pub-link-20" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/137/final">Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations</a></td> <td id="pub-status-20">Final</td> <td id="pub-release-date-20">09/30/2011</td> </tr> <tr id="pub-item-21"> <td id="full-pub-display-21">SP 800-39</td> <td><a id="pub-link-21" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/39/final">Managing Information Security Risk: Organization, Mission, and Information System View</a></td> <td id="pub-status-21">Final</td> <td id="pub-release-date-21">03/01/2011</td> </tr> <tr id="pub-item-22"> <td id="full-pub-display-22">SP 800-60 Vol. 1 Rev. 1</td> <td><a id="pub-link-22" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/60/v1/r1/final">Guide for Mapping Types of Information and Information Systems to Security Categories</a></td> <td id="pub-status-22">Final</td> <td id="pub-release-date-22">08/01/2008</td> </tr> <tr id="pub-item-23"> <td id="full-pub-display-23">SP 800-60 Vol. 2 Rev. 1</td> <td><a id="pub-link-23" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/60/v2/r1/final">Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices</a></td> <td id="pub-status-23">Final</td> <td id="pub-release-date-23">08/01/2008</td> </tr> <tr id="pub-item-24"> <td id="full-pub-display-24">FIPS 200</td> <td><a id="pub-link-24" href="/web/20240419061540/https://csrc.nist.gov/pubs/fips/200/final">Minimum Security Requirements for Federal Information and Information Systems</a></td> <td id="pub-status-24">Final</td> <td id="pub-release-date-24">03/01/2006</td> </tr> <tr id="pub-item-25"> <td id="full-pub-display-25">SP 800-18 Rev. 1</td> <td><a id="pub-link-25" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/18/r1/final">Guide for Developing Security Plans for Federal Information Systems</a></td> <td id="pub-status-25">Final</td> <td id="pub-release-date-25">02/24/2006</td> </tr> <tr id="pub-item-26"> <td id="full-pub-display-26">FIPS 199</td> <td><a id="pub-link-26" href="/web/20240419061540/https://csrc.nist.gov/pubs/fips/199/final">Standards for Security Categorization of Federal Information and Information Systems</a></td> <td id="pub-status-26">Final</td> <td id="pub-release-date-26">02/01/2004</td> </tr> <tr id="pub-item-27"> <td id="full-pub-display-27">SP 800-59</td> <td><a id="pub-link-27" href="/web/20240419061540/https://csrc.nist.gov/pubs/sp/800/59/final">Guideline for Identifying an Information System as a National Security System</a></td> <td id="pub-status-27">Final</td> <td id="pub-release-date-27">08/20/2003</td> </tr> </tbody> </table> </div> </div> <div class="col-lg-4 hidden-xs hidden-sm hidden-md"> <div class="project-nav-container"> <div class="bs-callout bs-callout-subnav" id="projectLinksContainer-lg"> <h4><i class="fa fa-link"></i> Project Links</h4> <div class="project-icons-container"> <span> <a href="/web/20240419061540/https://csrc.nist.gov/projects/risk-management" id="SideNavOverviewLink"> <i class="fa fa-info-circle"></i> Overview </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/faqs" id="SideNavFaqsLink"> <i class="fa fa-question-circle"></i> FAQs </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/news" id="SideNavNewsLink" data-count="23"> <i class="fa fa-newspaper-o"></i> News &amp; Updates </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/events" id="SideNavEventsLink" data-count="4"> <i class="fa fa-calendar-o"></i> Events </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/publications" id="SideNavPubsLink" data-count="28"> <i class="fa fa-file-text"></i> Publications </a> </span> <span> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/presentations" id="SideNavPresLink" data-count="18"> <i class="fa fa-desktop"></i> Presentations </a> </span> </div> <h4>Additional Pages</h4> <div id="projectPagesCallout-lg"> <a class="csrc-add-page" data-node-level="0" data-node-order="1" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/fisma-background" id="projPage0" style="border-left: solid 0rem transparent;">FISMA Background</a> <a class="csrc-add-page" data-node-level="0" data-node-order="2" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf" id="projPage1" style="border-left: solid 0rem transparent;">About the RMF</a> <a class="csrc-add-page" data-node-level="1" data-node-order="1" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/prepare-step" id="projPage2" style="border-left: solid 1rem transparent;">Prepare Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="2" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/categorize-step" id="projPage3" style="border-left: solid 1rem transparent;">Categorize Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="3" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/select-step" id="projPage4" style="border-left: solid 1rem transparent;">Select Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="4" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/implement-step" id="projPage5" style="border-left: solid 1rem transparent;">Implement Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="5" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/assess-step" id="projPage6" style="border-left: solid 1rem transparent;">Assess Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="7" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/authorize-step" id="projPage7" style="border-left: solid 1rem transparent;">Authorize Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="8" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/monitor-step" id="projPage8" style="border-left: solid 1rem transparent;">Monitor Step</a> <a class="csrc-add-page" data-node-level="0" data-node-order="3" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls" id="projPage9" style="border-left: solid 0rem transparent;">SP 800-53 Controls</a> <a class="csrc-add-page" data-node-level="1" data-node-order="1" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search" id="projPage10" style="border-left: solid 1rem transparent;">SP 800-53 Release Search</a> <a class="csrc-add-page" data-node-level="1" data-node-order="2" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/downloads" id="projPage11" style="border-left: solid 1rem transparent;">Downloads</a> <a class="csrc-add-page" data-node-level="1" data-node-order="3" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/public-comments-home" id="projPage12" style="border-left: solid 1rem transparent;">Control Catalog Public Comments Overview</a> <a class="csrc-add-page" data-node-level="1" data-node-order="4" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/public-comments" id="projPage13" style="border-left: solid 1rem transparent;">Public Comments: Submit and View</a> <a class="csrc-add-page" data-node-level="1" data-node-order="5" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/overlay-repository" id="projPage14" style="border-left: solid 1rem transparent;">Control Overlay Repository</a> <a class="csrc-add-page" data-node-level="0" data-node-order="4" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/rmf-courses" id="projPage15" style="border-left: solid 0rem transparent;">RMF Introductory Courses</a> <a class="csrc-add-page" data-node-level="0" data-node-order="5" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/mailing-list" id="projPage16" style="border-left: solid 0rem transparent;">RMF Email List</a> <a class="csrc-add-page" data-node-level="0" data-node-order="6" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/meet-the-rmf-team" id="projPage17" style="border-left: solid 0rem transparent;">Meet the RMF Team</a> <a class="csrc-add-page" data-node-level="0" data-node-order="7" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/rmf-presentation-request" id="projPage18" style="border-left: solid 0rem transparent;">RMF Presentation Request</a> </div> </div> </div> <div class="bs-callout bs-callout-success" id="contactsCallout-lg"> <h4><i class="fa fa-user"></i> Contacts</h4> <p id="projContact0"><span class="contact-display"><strong data-field="full-name"> <span data-field="firstname">NIST Risk Management Framework</span> <span data-field="lastname">Team</span> </strong><br/><a href="https://web.archive.org/web/20240419061540/mailto:sec-cert@nist.gov" data-field="email">sec-cert@nist.gov</a><br/></span></p> </div> <div class="bs-callout bs-callout-danger" id="owningGroupCallout-lg"> <h4><i class="fa fa-sitemap"></i> Group</h4> <a href="/web/20240419061540/https://csrc.nist.gov/Groups/Computer-Security-Division/Security-Engineering-and-Risk-Management">Security Engineering and Risk Management</a> </div> <div class="bs-callout bs-callout-danger" id="topicsCallout-lg"> <h4><i class="fa fa-tag"></i> Topics</h4> <p> <strong id="catName0-lg">Security and Privacy:</strong> <a id="catTopLink0-0-lg" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/general-security-and-privacy">general security &amp; privacy</a>, <a id="catTopLink0-1-lg" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/privacy">privacy</a>, <a id="catTopLink0-2-lg" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/risk-management">risk management</a>, <a id="catTopLink0-3-lg" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/security-measurement">security measurement</a>, <a id="catTopLink0-4-lg" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/security-programs-and-operations">security programs &amp; operations</a> </p> <p> <strong id="catName1-lg">Laws and Regulations:</strong> <a id="catTopLink1-0-lg" href="/web/20240419061540/https://csrc.nist.gov/Topics/Laws-and-Regulations/laws/E-Gov-Act">E-Government Act</a>, <a id="catTopLink1-1-lg" href="/web/20240419061540/https://csrc.nist.gov/Topics/Laws-and-Regulations/laws/FISMA">Federal Information Security Modernization Act</a> </p> </div> <div class="bs-callout bs-callout-warning" id="relatedProjectsCallout-lg"> <h4>Related Projects</h4> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/cybersecurity-framework" id="relProjLink0">Cybersecurity Framework</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management" id="relProjLink1">Cybersecurity Supply Chain Risk Management</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/forum" id="relProjLink2">Federal Cybersecurity &amp; Privacy Forum</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/macos-security" id="relProjLink3">macOS Security</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/open-security-controls-assessment-language" id="relProjLink4">Open Security Controls Assessment Language</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/operational-technology-security" id="relProjLink5">Operational Technology Security</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/privacy-engineering" id="relProjLink6">Privacy Engineering</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/protecting-controlled-unclassified-information" id="relProjLink7">Protecting CUI</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/systems-security-engineering-project" id="relProjLink8">Systems Security Engineering (SSE) Project</a><br/> </div> </div> </div> <div class="row visible-sm visible-xs visible-md"> <div class="col-sm-12"> <div class="bs-callout bs-callout-subnav" id="projectPagesCallout-sm"> <h4>Additional Pages</h4> <p> <a class="csrc-add-page" data-node-level="0" data-node-order="1" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/fisma-background" id="projPage0-sm" style="border-left: solid 0rem transparent;">FISMA Background</a> <a class="csrc-add-page" data-node-level="0" data-node-order="2" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf" id="projPage1-sm" style="border-left: solid 0rem transparent;">About the RMF</a> <a class="csrc-add-page" data-node-level="1" data-node-order="1" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/prepare-step" id="projPage2-sm" style="border-left: solid 1rem transparent;">Prepare Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="2" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/categorize-step" id="projPage3-sm" style="border-left: solid 1rem transparent;">Categorize Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="3" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/select-step" id="projPage4-sm" style="border-left: solid 1rem transparent;">Select Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="4" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/implement-step" id="projPage5-sm" style="border-left: solid 1rem transparent;">Implement Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="5" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/assess-step" id="projPage6-sm" style="border-left: solid 1rem transparent;">Assess Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="7" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/authorize-step" id="projPage7-sm" style="border-left: solid 1rem transparent;">Authorize Step</a> <a class="csrc-add-page" data-node-level="1" data-node-order="8" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/about-rmf/monitor-step" id="projPage8-sm" style="border-left: solid 1rem transparent;">Monitor Step</a> <a class="csrc-add-page" data-node-level="0" data-node-order="3" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls" id="projPage9-sm" style="border-left: solid 0rem transparent;">SP 800-53 Controls</a> <a class="csrc-add-page" data-node-level="1" data-node-order="1" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search" id="projPage10-sm" style="border-left: solid 1rem transparent;">SP 800-53 Release Search</a> <a class="csrc-add-page" data-node-level="1" data-node-order="2" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/downloads" id="projPage11-sm" style="border-left: solid 1rem transparent;">Downloads</a> <a class="csrc-add-page" data-node-level="1" data-node-order="3" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/public-comments-home" id="projPage12-sm" style="border-left: solid 1rem transparent;">Control Catalog Public Comments Overview</a> <a class="csrc-add-page" data-node-level="1" data-node-order="4" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/public-comments" id="projPage13-sm" style="border-left: solid 1rem transparent;">Public Comments: Submit and View</a> <a class="csrc-add-page" data-node-level="1" data-node-order="5" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/overlay-repository" id="projPage14-sm" style="border-left: solid 1rem transparent;">Control Overlay Repository</a> <a class="csrc-add-page" data-node-level="0" data-node-order="4" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/rmf-courses" id="projPage15-sm" style="border-left: solid 0rem transparent;">RMF Introductory Courses</a> <a class="csrc-add-page" data-node-level="0" data-node-order="5" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/mailing-list" id="projPage16-sm" style="border-left: solid 0rem transparent;">RMF Email List</a> <a class="csrc-add-page" data-node-level="0" data-node-order="6" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/meet-the-rmf-team" id="projPage17-sm" style="border-left: solid 0rem transparent;">Meet the RMF Team</a> <a class="csrc-add-page" data-node-level="0" data-node-order="7" href="/web/20240419061540/https://csrc.nist.gov/Projects/risk-management/rmf-presentation-request" id="projPage18-sm" style="border-left: solid 0rem transparent;">RMF Presentation Request</a> </p> </div> <div class="bs-callout bs-callout-subnav" id="contactsCallout-sm"> <h4><i class="fa fa-user"></i> Contacts</h4> <p style="padding-left: 15px;"> <span id="projContact0-sm"><span class="contact-display"><strong data-field="full-name"> <span data-field="firstname">NIST Risk Management Framework</span> <span data-field="lastname">Team</span> </strong><br/><a href="https://web.archive.org/web/20240419061540/mailto:sec-cert@nist.gov" data-field="email">sec-cert@nist.gov</a><br/></span></span><br/> </p> </div> <div class="bs-callout bs-callout-danger" id="owningGroupCallout-sm"> <h4><i class="fa fa-sitemap"></i> Group</h4> <a href="/web/20240419061540/https://csrc.nist.gov/Groups/Computer-Security-Division/Security-Engineering-and-Risk-Management">Security Engineering and Risk Management</a> </div> <div class="bs-callout bs-callout-danger" id="topicsCallout-sm"> <h4><i class="fa fa-tag"></i> Topics</h4> <p> <strong id="catName0-sm">Security and Privacy:</strong> <a id="catTopLink0-0-sm" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/general-security-and-privacy">general security &amp; privacy</a>, <a id="catTopLink0-1-sm" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/privacy">privacy</a>, <a id="catTopLink0-2-sm" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/risk-management">risk management</a>, <a id="catTopLink0-3-sm" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/security-measurement">security measurement</a>, <a id="catTopLink0-4-sm" href="/web/20240419061540/https://csrc.nist.gov/Topics/Security-and-Privacy/security-programs-and-operations">security programs &amp; operations</a> </p> <p> <strong id="catName1-sm">Laws and Regulations:</strong> <a id="catTopLink1-0-sm" href="/web/20240419061540/https://csrc.nist.gov/Topics/Laws-and-Regulations/laws/E-Gov-Act">E-Government Act</a>, <a id="catTopLink1-1-sm" href="/web/20240419061540/https://csrc.nist.gov/Topics/Laws-and-Regulations/laws/FISMA">Federal Information Security Modernization Act</a> </p> </div> <div class="bs-callout bs-callout-warning" id="relatedProjectsCallout-sm"> <h4>Related Projects</h4> <p> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/cybersecurity-framework" id="relProjLink0-sm">Cybersecurity Framework</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management" id="relProjLink1-sm">Cybersecurity Supply Chain Risk Management</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/forum" id="relProjLink2-sm">Federal Cybersecurity &amp; Privacy Forum</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/macos-security" id="relProjLink3-sm">macOS Security</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/open-security-controls-assessment-language" id="relProjLink4-sm">Open Security Controls Assessment Language</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/operational-technology-security" id="relProjLink5-sm">Operational Technology Security</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/privacy-engineering" id="relProjLink6-sm">Privacy Engineering</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/protecting-controlled-unclassified-information" id="relProjLink7-sm">Protecting CUI</a><br/> <a href="/web/20240419061540/https://csrc.nist.gov/Projects/systems-security-engineering-project" id="relProjLink8-sm">Systems Security Engineering (SSE) Project</a><br/> </p> </div> </div> </div> <div class="row"> <div class="col-md-12 historical-data-area" id="historical-data-area"> <span>Created <span id="page-created-date">November 30, 2016</span>, Updated <span id="page-updated-date">April 10, 2024</span></span> </div> </div> <div id="footer-pusher"></div> </div> <footer id="footer"> <div class="container"> <div class="row"> <div class="col-sm-6"> <span class="hidden-xs"> <a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo" id="footer-nist-logo-link"> <img src="/web/20240419061540im_/https://csrc.nist.gov/CSRC/Media/images/nist-logo-brand-white.svg" alt="National Institute of Standards and Technology logo" id="footer-nist-logo"/> </a> </span> <div class="row footer-contact-container"> <div class="col-sm-12" id="footer-address"> <strong>HEADQUARTERS</strong><br> 100 Bureau Drive<br> Gaithersburg, MD 20899 </div> </div> </div> <div class="col-sm-6"> <ul class="social-list text-right" style="display: block;"> <li class="field-item service-twitter list-horiz"> <a href="https://web.archive.org/web/20240419061540/https://twitter.com/NISTCyber" class="social-btn social-btn--large extlink ext" id="footer-social-twitter-link"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-facebook list-horiz"> <a href="https://web.archive.org/web/20240419061540/https://www.facebook.com/NIST" class="social-btn social-btn--large extlink ext" id="footer-social-facebook-link"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-linkedin list-horiz"> <a href="https://web.archive.org/web/20240419061540/https://www.linkedin.com/company/nist" class="social-btn social-btn--large extlink ext" id="footer-social-linkedin-link"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-instagram list-horiz"> <a href="https://web.archive.org/web/20240419061540/https://www.instagram.com/usnistgov/" class="social-btn social-btn--large extlink ext" id="footer-social-instagram-link"> <i class="fa fa-instagram fa-fw"><span class="element-invisible">instagram</span></i> <span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-youtube list-horiz"> <a href="https://web.archive.org/web/20240419061540/https://www.youtube.com/user/USNISTGOV" class="social-btn social-btn--large extlink ext" id="footer-social-youtube-link"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-rss list-horiz"> <a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/news-events/nist-rss-feeds" class="social-btn social-btn--large extlink" id="footer-social-rss-link"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a> </li> <li class="field-item service-govdelivery list-horiz last"> <a href="https://web.archive.org/web/20240419061540/https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" class="social-btn social-btn--large extlink ext" title="Subscribe to CSRC and publication updates, and other NIST cybersecurity news" id="footer-social-govdelivery-link"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> </ul> <p class="text-right"> Want updates about CSRC and our publications? <a href="https://web.archive.org/web/20240419061540/https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" class="btn btn-lg btn-primary" style="background-color: #12659c!important; border-color: #12659c!important;" id="footer-subscribe-link">Subscribe</a> </p> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo" id="footer-bottom-nist-logo-link"> <img src="/web/20240419061540im_/https://csrc.nist.gov/CSRC/Media/images/logo_rev.png" alt="National Institute of Standards and Technology logo" id="footer-bottom-nist-logo"/> </a> </div> </div> <div class="row"> <div class="col-sm-6"> <p> <a href="/web/20240419061540/https://csrc.nist.gov/about/contact" id="footer-contact-us-link">Contact Us</a> | <a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/about-nist/our-organization" style="display: inline-block;" id="footer-org-link">Our Other Offices</a> </p> </div> <div class="col-sm-6"> <span class="pull-right text-right"> Send inquiries to <a href="https://web.archive.org/web/20240419061540/mailto:csrc-inquiry@nist.gov?subject=CSRC Inquiry" style="display: inline-block;" id="footer-inquiries-link">csrc-inquiry@nist.gov</a> </span> </div> </div> <div class="row"> <div class="footer-bottom-links-container" id="footer-bottom-links-container"> <ul> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/privacy-policy">Site Privacy</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/oism/accessibility">Accessibility</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/privacy">Privacy Program</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/oism/copyrights">Copyrights</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/foia">FOIA</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/environmental-policy-statement">Environmental Policy</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.commerce.gov/">Commerce.gov</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.science.gov/">Science.gov</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://www.usa.gov/">USA.gov</a></li> <li><a href="https://web.archive.org/web/20240419061540/https://vote.gov/">Vote.gov</a></li> </ul> </div> </div> </div> </footer> <script type="text/javascript" src="/web/20240419061540js_/https://csrc.nist.gov/dist/js/quick-collapse.js"></script> <script type="text/javascript" src="/web/20240419061540js_/https://csrc.nist.gov/dist/app.bundle.js"></script> <!-- USWDS Bottom --> <script type="text/javascript" src="/web/20240419061540js_/https://csrc.nist.gov/dist/uswds/js/uswds.min.js"></script> <script type="text/javascript" src="/web/20240419061540js_/https://csrc.nist.gov/dist/projects.bundle.js"></script> </body> </html> <!-- FILE ARCHIVED ON 06:15:40 Apr 19, 2024 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 23:07:42 Feb 17, 2025. JAVASCRIPT APPENDED BY WAYBACK MACHINE, COPYRIGHT INTERNET ARCHIVE. ALL OTHER CONTENT MAY ALSO BE PROTECTED BY COPYRIGHT (17 U.S.C. SECTION 108(a)(3)). --> <!-- playback timings (ms): captures_list: 1.327 exclusion.robots: 0.067 exclusion.robots.policy: 0.026 esindex: 0.015 cdx.remote: 86.781 LoadShardBlock: 546.921 (3) PetaboxLoader3.resolve: 252.317 (3) PetaboxLoader3.datanode: 344.332 (4) load_resource: 100.551 -->

Pages: 1 2 3 4 5 6 7 8 9 10