National Institute of Standards and Technology: Difference between revisions

Jessica (talk | contribs)
No edit summary
Jessica (talk | contribs)
Line 30: Line 30:


==SP 800 Series==
==SP 800 Series==
NIST’s Special Publication (SP) 800 series shares computer security information. Created in 1990, the series reports on the Information Technology Laboratory’s research, guidelines, and collaborations with industry, government, and academic organizations.<ref>[https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information SP 800, NIST]</ref>  
NIST’s Special Publication (SP) 800 series shares computer security information. Created in 1990, the series reports on the Information Technology Laboratory’s research, guidelines, and collaborations with industry, government, and academic organizations.<ref>[https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information SP 800, NIST]</ref>


==SP 800-37==
The “Guide for Applying the Risk Management Framework to Federal Information Systems” promotes near real-time risk management, encourages the use of automation, integrates information security, emphasizes the selection, implementation, assessment, and overall monitoring of information security controls, links risk management at the information systems level to risks at the organizational level, and establishes responsibility and accountability for security controls.<ref>[https://flank.org/faqs/what-is-nist-sp-800-37 About SP 800-37, Flank]</ref>


NIST SP 800-37 Rev. 2 (RMF 2.0) aka "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy" superseded RMF 1.0 (above) on December 20, 2019, providing guidelines for applying the RMF to information systems and organizations.<ref>[https://csrc.nist.gov/publications/detail/sp/800-37/rev-1/archive/2014-06-05 ITL Bulletin, NIST]</ref>


==Cybersecurity Framework==
==Cybersecurity Framework==