NIST SP 800-37

---

The NIST Risk Management Framework (RMF) is a methodology for handling all organizational risk in a holistic, comprehensive, and continual manner.

• relies heavily on
  • automated solutions
  • risk analysis and assessment
  • implementing risk-based controls
  • continuous monitoring and improvement

NIST SP 800-37 Guide for Implementing the Risk Management Framework (RMF) is a guide for implementing the RMF.

Steps

1. Categorize: Categorize the system based on the information it handles and the impact of exposing or losing such data.
2. Select: Select controls based on the system’s categorization and any extenuating circumstances.
3. Implement: Implement the controls and document the implementation.
4. Assess: Assess the controls to ensure that they’re properly implemented and performing as expected.
5. Authorize: Authorize or ban the use of the system based on the risk it faces and the controls implemented to mitigate that risk.
6. Monitor Monitor the controls to ensure that they continue to appropriately mitigate risk.