Select Page

NIST has recently released the final publication of the “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach”.

This NIST special publication (NIST Special Publication 800-37, Revision 1) can be downloaded from website.

As per this guide, the Certification and Accreditation process of the federal government information systems transformed into a Risk Management Framework that stresses security from an information system.s initial design phase through implementation and daily operations

It places equal emphasis both on defining the correct set of security controls and on implementing them in a robust continuous monitoring process.
This is similar to the various Secure Software Development processes such as MS SDL and OWASP CLASP.
The guide can be downloaded from here