<!DOCTYPE html> <html lang="en-us" xml:lang="en-us"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://csrc.nist.gov/publications/detail/book/1991/a-framework-for-computer-security-risk-management","20211129090535","https://web.archive.org/","web","/_static/", "1638176735"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" /> <!-- End Wayback Rewrite JS Include --> <meta charset="utf-8"/> <title>A Framework for Computer Security Risk Management | CSRC</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <meta http-equiv="content-style-type" content="text/css"/> <meta http-equiv="content-script-type" content="text/javascript"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <meta name="msapplication-config" content="/CSRC/Media/images/favicons/browserconfig.xml"/> <meta name="theme-color" content="#000000"/> <meta name="google-site-verification" content="xbrnrVYDgLD-Bd64xHLCt4XsPXzUhQ-4lGMj4TdUUTA"/> <meta description="For the past few years, the National Institute of Standards and Technology (NIST; formerly the National Bureau of Standards) and the National Security Agency (NSA) have been jointly developing a framework for computer security risk management. The need for this framework became increasingly apparent with the proliferation of personal computer-based risk management tools and approaches. Since many of these tools and approaches rarely contained descriptions of their underlying models, it has been difficult for users to make comparisons of their capabilities. The framework under development, which will identify/define elements of the risk management process and describe the functional relationships between the elements, will provide the means for comparing alternative approaches and for developing new risk management tools. This paper will focus on several key activities/events surrounding the development of the framework including the publication of NIST鈥檚聽Guideline for Automatic Data Processing Risk Analysis, proliferation of PC-based software tools for risk management, development of the first strawman framework, the first Risk Management Model Builders Workshop, which led to a second strawman framework, and the second Model Builders Workshop. The paper concludes with an indication of future plans of NIST and NSA to continue the framework effort."/> <!-- dcterms meta information --> <meta name="dcterms.title" content="A Framework for Computer Security Risk Management"/> <meta name="dcterms.description" content="For the past few years, the National Institute of Standards and Technology (NIST; formerly the National Bureau of Standards) and the National Security Agency (NSA) have been jointly developing a framework for computer security risk management. The need for this framework became increasingly apparent with the proliferation of personal computer-based risk management tools and approaches. Since many of these tools and approaches rarely contained descriptions of their underlying models, it has been difficult for users to make comparisons of their capabilities. The framework under development, which will identify/define elements of the risk management process and describe the functional relationships between the elements, will provide the means for comparing alternative approaches and for developing new risk management tools. This paper will focus on several key activities/events surrounding the development of the framework including the publication of NIST鈥檚聽Guideline for Automatic Data Processing Risk Analysis, proliferation of PC-based software tools for risk management, development of the first strawman framework, the first Risk Management Model Builders Workshop, which led to a second strawman framework, and the second Model Builders Workshop. The paper concludes with an indication of future plans of NIST and NSA to continue the framework effort."/> <!-- dcterms authors --> <meta name="dcterms.creator" content="Author: Stuart Katzke (NIST)"/> <!-- dcterms editors --> <meta name="dcterms.date.created" schema="ISO8601" content="1991-01-01"/> <meta name="dcterms.identifier" content="https://csrc.nist.gov/publications/detail/book/1991/a-framework-for-computer-security-risk-management"/> <meta name="dcterms.language" scheme="DCTERMS.RFC1766" content="EN-US"/> <!--Google Scholar Info--> <meta name="citation_title" content="A Framework for Computer Security Risk Management"/> <meta name="citation_publication_date" content="1991"/> <meta name="citation_doi" content="https://doi.org/10.1007/978-1-4899-2370-7"/> <meta name="citation_publisher" content="Springer"/> <meta name="citation_firstpage" content="361"/> <meta name="citation_lastpage" content="374"/> <meta name="citation_keywords" content="computer security,risk management,framework"/> <meta name="citation_language" content="en"/> <meta name="citation_pdf_url" content="https://doi.org/10.1007/978-1-4899-2370-7"/> <meta name="citation_abstract_html_url" content="https://csrc.nist.gov/publications/detail/book/1991/a-framework-for-computer-security-risk-management"/> <meta name="citation_inbook_title" content="A Framework for Computer Security Risk Management"/> <!--Google Scholar Authors--> <meta name="citation_author" content="Katzke, Stuart"/> <!-- Facebook OpenGraph --> <meta name="og:site_name" content="CSRC | NIST"/> <meta name="og:type" content="article"/> <meta name="og:url" content="https://web.archive.org/web/20211129090535im_/https://csrc.nist.gov/publications/detail/book/1991/a-framework-for-computer-security-risk-management"/> <meta name="og:title" content="A Framework for Computer Security Risk Management"/> <meta name="og:description" content="For the past few years, the National Institute of Standards and Technology (NIST; formerly the National Bureau of Standards) and the National Security Agency (NSA) have been jointly developing a framework for computer security risk management. The need for this framework became increasingly apparent with the proliferation of personal computer-based risk management tools and approaches. Since many of these tools and approaches rarely contained descriptions of their underlying models, it has been difficult for users to make comparisons of their capabilities. The framework under development, which will identify/define elements of the risk management process and describe the functional relationships between the elements, will provide the means for comparing alternative approaches and for developing new risk management tools. This paper will focus on several key activities/events surrounding the development of the framework including the publication of NIST鈥檚聽Guideline for Automatic Data..."/> <meta name="article:author" content="Katzke, Stuart"/> <meta name="article:tag" content="computer security,risk management,framework"/> <meta name="article:published_time" content="1991-01-01"/> <meta name="og:image" content="https://web.archive.org/web/20211129090535im_/https://csrc.nist.gov/CSRC/media/images/CSRC-logo-open-graph.png"/> <link rel="apple-touch-icon" sizes="180x180" href="/web/20211129090535im_/https://csrc.nist.gov/images/icons/apple-touch-icon.png"/> <link rel="icon" type="image/png" href="/web/20211129090535im_/https://csrc.nist.gov/images/icons/favicon-32x32.png" sizes="32x32"/> <link rel="icon" type="image/png" href="/web/20211129090535im_/https://csrc.nist.gov/images/icons/favicon-16x16.png" sizes="16x16"/> <link rel="manifest" href="/web/20211129090535/https://csrc.nist.gov/images/icons/manifest.json"/> <link rel="mask-icon" href="/web/20211129090535im_/https://csrc.nist.gov/images/icons/safari-pinned-tab.svg" color="#000000"/> <link href="/web/20211129090535im_/https://csrc.nist.gov/CSRC/Media/images/favicons/favicon.ico" type="image/x-icon" rel="shortcut icon"/> <link href="/web/20211129090535im_/https://csrc.nist.gov/CSRC/Media/images/favicons/favicon.ico" type="image/x-icon" rel="icon"/> <!-- <link href="/dist/katex/katex.min.css" rel="stylesheet"/> --> <link href="/web/20211129090535cs_/https://csrc.nist.gov/dist/app.css" rel="stylesheet"/> <!-- reCAPTCHA v3 --> <style> .grecaptcha-badge { visibility: hidden; } </style> <script async type="text/javascript" id="_fed_an_ua_tag" src="https://web.archive.org/web/20211129090535js_/https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=nist&amp;subagency=csrc&amp;pua=UA-66610693-15&amp;yt=true&amp;exts=xsd,xml,wav,mpg,mpeg,avi,rtf,webm,ogg,ogv,oga,map,otf,eot,svg,ttf,woff"></script> <style id="antiClickjack"> body > * { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body > * { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> </head> <body> <div id="antiClickjack" style="display: none;"> <strong style="font-size: 1.6rem;">You are viewing this page in an unauthorized frame window.</strong> <p>This is a potential security issue, you are being redirected to <a href="https://web.archive.org/web/20211129090535/https://csrc.nist.gov/">https://csrc.nist.gov</a>.</p> </div> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion container"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <img class="usa-banner__header-flag" src="/web/20211129090535im_/https://csrc.nist.gov/images/usbanner/us_flag_small.png" alt="U.S. flag"> &nbsp; <span class="usa-banner__header-text">An official website of the United States government</span> <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="true" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here's how you know</span> </button> </header> <div class="usa-banner__content usa-accordion__content collapse in" role="tabpanel" id="gov-banner" aria-expanded="true"> <div class="row"> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20211129090535im_/https://csrc.nist.gov/images/usbanner/icon-dot-gov.svg" alt="Dot gov"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> </div> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20211129090535im_/https://csrc.nist.gov/images/usbanner/icon-https.svg" alt="Https"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<img class="usa-banner__lock" src="/web/20211129090535im_/https://csrc.nist.gov/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> </section> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row"> <!-- Brand --> <div class="col-xs-6 col-md-4 navbar-header"> <a class="navbar-brand" href="https://web.archive.org/web/20211129090535/https://www.nist.gov/" target="_blank" id="navbar-brand-image"> <img src="/web/20211129090535im_/https://csrc.nist.gov/CSRC/media/images/svg/nist-logo.svg" alt="National Institute of Standards and Technology" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <div class="form-inline hidden-sm hidden-xs"> <form name="site-search" id="site-search-form" action="/web/20211129090535/https://csrc.nist.gov/search" method="GET"> <label for="search-csrc-query" class="element-invisible">Search</label> <input autocomplete="off" class="form-control" id="search-csrc-query" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC"/> <input type="hidden" name="ipp" value="25"/> <input type="hidden" name="sortBy" value="relevance"/> <input type="hidden" name="showOnly" value="publications,projects,news,events,presentations,glossary,topics"/> <input type="hidden" name="topicsMatch" value="ANY"/> <input type="hidden" name="status" value="Final,Draft"/> <input type="hidden" name="series" value="FIPS,SP,NISTIR,ITL Bulletin,White Paper,Building Block,Use Case,Journal Article,Conference Paper,Book"/> <button type="submit" id="search-csrc-submit-btn" class="form-submit"> <span class="element-invisible">Search</span> <i class="fa fa-search"></i> </button> </form> </div> <span id="nvd-menu-button" class="pull-right"> <a href="#" id="nvd-menu-button-link"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text">CSRC MENU</span> </a> </span> </div> </div> </div> <div class="form-inline hidden-md hidden-lg"> <form name="site-search-mobile" id="site-search-form-mobile" action="/web/20211129090535/https://csrc.nist.gov/search" method="GET"> <label for="search-csrc-query" class="element-invisible">Search</label> <input autocomplete="off" class="form-control" id="search-csrc-query-mobile" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC"/> <button type="submit" id="search-csrc-submit-btn-mobile" class="form-submit"> <span class="element-invisible">Search</span> <i class="fa fa-search"></i> </button> </form> </div> <div class="main-menu-row container"> <!-- Collect the nav links, forms, and other content for toggling --> <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/web/20211129090535/https://csrc.nist.gov/projects">Projects</a></li> <li> <a href="/web/20211129090535/https://csrc.nist.gov/publications"> Publications <span class="expander fa fa-plus" id="main-menu-pubs-expander" data-expander-name="publications" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="publications" id="main-menu-pubs-expanded"> <div class="row"> <div class="col-lg-4"> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/drafts-open-for-comment">Drafts for Public Comment</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/draft-pubs">All Public Drafts</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/final-pubs">Final Pubs</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/fips">FIPS</a></p> </div> <div class="col-lg-4"> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/sp">Special Publications (SP<small>s</small>)</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/nistir">NISTIR<small>s</small></a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/itl-bulletin">ITL Bulletins</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/white-paper">White Papers</a></p> </div> <div class="col-lg-4"> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/journal-article">Journal Articles</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/conference-paper">Conference Papers</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/publications/book">Books</a></p> </div> </div> </div> </li> <li> <a href="/web/20211129090535/https://csrc.nist.gov/topics"> Topics <span class="expander fa fa-plus" id="main-menu-topics-expander" data-expander-name="topics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="topics" id="main-menu-topics-expanded"> <div class="row"> <div class="col-lg-4"> <p><a href="/web/20211129090535/https://csrc.nist.gov/Topics/Security-and-Privacy">Security &amp; Privacy</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/Topics/Applications">Applications</a></p> </div> <div class="col-lg-4"> <p><a href="/web/20211129090535/https://csrc.nist.gov/Topics/Technologies">Technologies</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/Topics/Sectors">Sectors</a></p> </div> <div class="col-lg-4"> <p><a href="/web/20211129090535/https://csrc.nist.gov/Topics/Laws-and-Regulations">Laws &amp; Regulations</a></p> <p><a href="/web/20211129090535/https://csrc.nist.gov/Topics/Activities-and-Products">Activities &amp; Products</a></p> </div> </div> </div> </li> <li><a href="/web/20211129090535/https://csrc.nist.gov/news">News &amp; Updates</a></li> <li><a href="/web/20211129090535/https://csrc.nist.gov/events">Events</a></li> <li><a href="/web/20211129090535/https://csrc.nist.gov/glossary">Glossary</a></li> <li> <a href="/web/20211129090535/https://csrc.nist.gov/about"> About CSRC <span class="expander fa fa-plus" id="main-menu-about-expander" data-expander-name="about" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="about" id="main-menu-about-expanded"> <div class="row"> <div class="col-lg-6"> <p> <strong><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Computer-Security-Division">Computer Security Division</a></strong><br/> <ul> <li><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Computer-Security-Division/Cryptographic-Technology">Cryptographic Technology</a></li> <li><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Computer-Security-Division/Secure-Systems-and-Applications">Secure Systems and Applications</a></li> <li><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Computer-Security-Division/Security-Components-and-Mechanisms">Security Components and Mechanisms</a></li> <li><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Computer-Security-Division/Security-Engineering-and-Risk-Management">Security Engineering and Risk Management</a></li> <li><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Computer-Security-Division/Security-Testing-Validation-and-Measurement">Security Testing, Validation, and Measurement</a></li> </ul> </p> </div> <div class="col-lg-6"> <p> <strong><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Applied-Cybersecurity-Division">Applied Cybersecurity Division</a></strong><br/> <ul> <li><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Applied-Cybersecurity-Division/Cybersecurity-and-Privacy-Applications">Cybersecurity and Privacy Applications</a></li> <li><a href="/web/20211129090535/https://csrc.nist.gov/Groups/Applied-Cybersecurity-Division/National-Cybersecurity-Center-of-Excellence">National Cybersecurity Center of Excellence (NCCoE)</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/nice/">National Initiative for Cybersecurity Education (NICE)</a></li> </ul> </p> <p> <a href="/web/20211129090535/https://csrc.nist.gov/contact"> Contact Us </a> </p> </div> </div> </div> </li> </ul> </div><!-- /#mobile-nav-container --> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <h2 class="hidden-xs hidden-sm"> <a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/itl" target="_blank" id="itl-header-link">Information Technology Laboratory</a> </h2> <h1 class="hidden-xs hidden-sm"> <a href="/web/20211129090535/https://csrc.nist.gov/" id="csrc-header-link-lg">Computer Security Resource Center</a> </h1> <h1 class="hidden-xs text-center hidden-md hidden-lg" id="csrc-header-link-md">Computer Security Resource Center</h1> </div> <div class="col-sm-12 col-md-4"> <a id="logo-csrc" href="/web/20211129090535/https://csrc.nist.gov/" style="width: 100%; text-align: center; display: block; margin-top: 1rem;"><img id="img-logo-csrc" src="/web/20211129090535im_/https://csrc.nist.gov/CSRC/Media/images/CSRC-white-134-38.png" alt="CSRC Logo" class="csrc-header-logo"></a> </div> </div> </div> </section> <div id="body-section" class="container"> <div class="publications-detail"> <ol class="breadcrumb"> <a href="/web/20211129090535/https://csrc.nist.gov/publications" class="breadcrumb-link">Publications</a> </ol> <h3 id="pub-header-display-container"> <span id="pub-header-full-display"> Book Section </span> </h3> <h1 id="pub-title">A Framework for Computer Security Risk Management</h1> <div class="page-social-buttons" id="&quot;page-social-buttons&quot;"> <a href="#" class="social-facebook"><i class="fa fa-facebook fa-fw" aria-hidden="true"></i></a> <a href="#" class="social-twitter"><i class="fa fa-twitter fa-fw" aria-hidden="true"></i></a> </div> <p class="hidden-lg hidden-md"> &nbsp;&nbsp;&nbsp; <a href="#pubs-documentation" class="btn btn-lg btn-info" id="pub-topics-anchor-sm">Documentation</a> &nbsp;&nbsp;&nbsp; <a href="#pubs-topics" class="btn btn-lg btn-info" id="pub-topics-anchor-sm">Topics</a> </p> <div class="row"> <div class="col-md-8 col-sm-12 publication-panel"> <strong>Source Title:</strong> <span id="pub-source-title">The Analysis, Communication, and Perception of Risk</span><br/> <p> <strong>Date Published:</strong> <span id="pub-release-date">1991</span><br/> </p> <h4>Author(s)</h4> <p> <strong id="pub-authors-container" data-total="1"> <span id="pub-author-0">Stuart Katzke (NIST)</span> </strong> </p> <div class="bs-callout bs-callout-success pub-abstract-callout"> <h4 id="pubs-abstract-header">Abstract</h4> <div class="hidden-sm hidden-xs hidden-xxs" id="pub-detail-abstract-info">For the past few years, the National Institute of Standards and Technology (NIST; formerly the National Bureau of Standards) and the National Security Agency (NSA) have been jointly developing a framework for computer security risk management. The need for this framework became increasingly apparent with the proliferation of personal computer-based risk management tools and approaches. Since many of these tools and approaches rarely contained descriptions of their underlying models, it has been difficult for users to make comparisons of their capabilities. The framework under development, which will identify/define elements of the risk management process and describe the functional relationships between the elements, will provide the means for comparing alternative approaches and for developing new risk management tools. This paper will focus on several key activities/events surrounding the development of the framework including the publication of NIST鈥檚&nbsp;<em>Guideline for Automatic Data Processing Risk Analysis</em>, proliferation of PC-based software tools for risk management, development of the first strawman framework, the first Risk Management Model Builders Workshop, which led to a second strawman framework, and the second Model Builders Workshop. The paper concludes with an indication of future plans of NIST and NSA to continue the framework effort.</div> <div class="hidden-lg hidden-md"> <div id="pub-detail-abstract-min"> For the past few years, the National Institute of Standards and Technology (NIST; formerly the National Bureau of Standards) and the National Security Agency (NSA) have been jointly developing a framework for computer security risk management. The need for this framework became increasingly apparent... <a href="#pubs-abstract-header" id="pub-detail-abs-show">See full abstract</a> </div> <div id="pub-detail-abstract-all" style="display: none;"> For the past few years, the National Institute of Standards and Technology (NIST; formerly the National Bureau of Standards) and the National Security Agency (NSA) have been jointly developing a framework for computer security risk management. The need for this framework became increasingly apparent with the proliferation of personal computer-based risk management tools and approaches. Since many of these tools and approaches rarely contained descriptions of their underlying models, it has been difficult for users to make comparisons of their capabilities. The framework under development, which will identify/define elements of the risk management process and describe the functional relationships between the elements, will provide the means for comparing alternative approaches and for developing new risk management tools. This paper will focus on several key activities/events surrounding the development of the framework including the publication of NIST鈥檚&nbsp;<em>Guideline for Automatic Data Processing Risk Analysis</em>, proliferation of PC-based software tools for risk management, development of the first strawman framework, the first Risk Management Model Builders Workshop, which led to a second strawman framework, and the second Model Builders Workshop. The paper concludes with an indication of future plans of NIST and NSA to continue the framework effort.<br/> <a href="#pubs-abstract-header" id="pub-detail-abs-hide">Hide full abstract</a> </div> </div> <h4>Keywords</h4> <span id="pub-keywords-container" data-total="3"> <span id="pub-keyword-0">computer security</span>; <span id="pub-keyword-1">risk management</span>; <span id="pub-keyword-2">framework</span> </span> </div> <h5>Control Families</h5> <p> <span id="pub-control-fam-container" data-total="0">None selected</span> </p> </div> <div class="col-md-4 col-sm-12"> <div class="bs-callout bs-callout-success" id="pubs-documentation"> <h4>Documentation</h4> <p> <strong>Publication:</strong><br/> <a href="https://web.archive.org/web/20211129090535/https://doi.org/10.1007/978-1-4899-2370-7" data-identity="first-link-display" id="pub-doc-0"><i class="fa fa-external-link" aria-hidden="true"></i> Book Section (DOI)</a><br/> </p> <p> <strong>Supplemental Material:</strong><br/> <span id="pub-supp-container" data-total="0">None available</span><br/> </p> <p> <strong>Related NIST Publications:</strong><br/> <span id="pub-related-container" data-total="2"> <a href="/web/20211129090535/https://csrc.nist.gov/publications/detail/fips/102/archive/1983-09-27" id="pub-related-link-0">FIPS 102</a><br/> <a href="/web/20211129090535/https://csrc.nist.gov/publications/detail/fips/65/archive/1979-08-01" id="pub-related-link-1">FIPS 65</a><br/> </span> </p> <p> <strong>Document History:</strong><br/> <span id="pub-history-container" data-total="1"> 01/01/91: <span id="pub-history-link-0" data-current-document="true">Book Section (Final)</span><br/> </span> </p> </div> <div class="bs-callout bs-callout-danger" id="pubs-topics"> <h4>Topics</h4> <span id="pub-categories-container" data-total="1"> <p> <strong id="pub-cat-0">Security and Privacy</strong><br/> <span id="pub-cat-top-container-0" data-total="1"> <a href="/web/20211129090535/https://csrc.nist.gov/Topics/Security-and-Privacy/risk-management" id="pub-cat-top-0-0">risk management</a> </span> </p> </span> </div> </div> </div> </div> <div id="footer-pusher"></div> </div> <footer id="footer"> <div class="container"> <div class="row"> <div class="col-sm-6"> <span class="hidden-xs"> <a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo" id="footer-nist-logo-link"> <img src="/web/20211129090535im_/https://csrc.nist.gov/CSRC/Media/images/logo_rev.png" alt="National Institute of Standards and Technology logo" id="footer-nist-logo"/> </a> </span> <div class="row footer-contact-container"> <div class="col-sm-12" id="footer-address"> <strong>HEADQUARTERS</strong><br> 100 Bureau Drive<br> Gaithersburg, MD 20899 </div> </div> </div> <div class="col-sm-6"> <ul class="social-list text-right" style="display: block;"> <li class="field-item service-twitter list-horiz"> <a href="https://web.archive.org/web/20211129090535/https://twitter.com/NISTCyber" class="social-btn social-btn--large extlink ext" id="footer-social-twitter-link"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-facebook list-horiz"> <a href="https://web.archive.org/web/20211129090535/https://www.facebook.com/NIST" class="social-btn social-btn--large extlink ext" id="footer-social-facebook-link"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-linkedin list-horiz"> <a href="https://web.archive.org/web/20211129090535/https://www.linkedin.com/company/nist" class="social-btn social-btn--large extlink ext" id="footer-social-linkedin-link"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-instagram list-horiz"> <a href="https://web.archive.org/web/20211129090535/https://www.instagram.com/usnistgov/" class="social-btn social-btn--large extlink ext" id="footer-social-instagram-link"> <i class="fa fa-instagram fa-fw"><span class="element-invisible">instagram</span></i> <span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-youtube list-horiz"> <a href="https://web.archive.org/web/20211129090535/https://www.youtube.com/user/USNISTGOV" class="social-btn social-btn--large extlink ext" id="footer-social-youtube-link"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-rss list-horiz"> <a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/news-events/nist-rss-feeds" class="social-btn social-btn--large extlink" id="footer-social-rss-link"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a> </li> <li class="field-item service-govdelivery list-horiz last"> <a href="https://web.archive.org/web/20211129090535/https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" class="social-btn social-btn--large extlink ext" title="Subscribe to CSRC and publication updates, and other NIST cybersecurity news" id="footer-social-govdelivery-link"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> </ul> <p class="text-right"> Want updates about CSRC and our publications? <a href="https://web.archive.org/web/20211129090535/https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" class="btn btn-lg btn-info" style="background-color: #12659c!important; border-color: #12659c!important;" id="footer-subscribe-link">Subscribe</a> </p> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo" id="footer-bottom-nist-logo-link"> <img src="/web/20211129090535im_/https://csrc.nist.gov/CSRC/Media/images/logo_rev.png" alt="National Institute of Standards and Technology logo" id="footer-bottom-nist-logo"/> </a> </div> </div> <div class="row"> <div class="col-sm-6"> <p> <a href="https://web.archive.org/web/20211129090535/mailto:webmaster-csrc@nist.gov?subject=CSRC Inquiry" id="footer-webmaster-link">Webmaster</a> | <a href="/web/20211129090535/https://csrc.nist.gov/about/contact" id="footer-contact-us-link">Contact Us</a> | <a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/about-nist/our-organization" style="display: inline-block;" id="footer-org-link">Our Other Offices</a> </p> </div> <div class="col-sm-6"> <span class="pull-right text-right"> Contact CSRC Webmaster: <a href="https://web.archive.org/web/20211129090535/mailto:webmaster-csrc@nist.gov?subject=CSRC Inquiry" style="display: inline-block;" id="footer-info-webmaster-link">webmaster-csrc@nist.gov</a> </span> </div> </div> <div class="row"> <div class="footer-bottom-links-container" id="footer-bottom-links-container"> <ul> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/privacy-policy">Site Privacy</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/oism/accessibility">Accessibility</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/privacy">Privacy Program</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/oism/copyrights">Copyrights</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/foia">FOIA</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/environmental-policy-statement">Environmental Policy</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.commerce.gov/">Commerce.gov</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.science.gov/">Science.gov</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://www.usa.gov/">USA.gov</a></li> <li><a href="https://web.archive.org/web/20211129090535/https://vote.gov/">Vote.gov</a></li> </ul> </div> </div> </div> </footer> <script type="text/javascript" src="/web/20211129090535js_/https://csrc.nist.gov/dist/js/quick-collapse.js"></script> <script type="text/javascript" src="/web/20211129090535js_/https://csrc.nist.gov/dist/app.bundle.js"></script> <!-- <script defer type="text/javascript" src="/dist/katex/katex.min.js"></script> <script defer type="text/javascript" src="/dist/katex/auto-render.min.js" onload="renderMathInElement(document.body);"></script> --> <!-- reCAPTCHA v3 --> <script defer src="https://web.archive.org/web/20211129090535js_/https://www.google.com/recaptcha/api.js?render=6LcQo40UAAAAAJpAj4X-i-WfOzdbu6d7j7kKryDS"></script> </body> </html> <!-- FILE ARCHIVED ON 09:05:35 Nov 29, 2021 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 02:34:12 Dec 01, 2024. JAVASCRIPT APPENDED BY WAYBACK MACHINE, COPYRIGHT INTERNET ARCHIVE. ALL OTHER CONTENT MAY ALSO BE PROTECTED BY COPYRIGHT (17 U.S.C. SECTION 108(a)(3)). --> <!-- playback timings (ms): captures_list: 0.524 exclusion.robots: 0.024 exclusion.robots.policy: 0.013 esindex: 0.01 cdx.remote: 17.448 LoadShardBlock: 166.891 (3) PetaboxLoader3.datanode: 176.432 (4) PetaboxLoader3.resolve: 175.914 (3) load_resource: 192.614 -->