NIST Special Publication 800-37

NIST Special Publication 800-37

NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems" was developed by the Joint Task Force Transformation Initiative Working Group. It aims to transform the traditional Certification and Accreditation (C&A) process into the six-step Risk management framework (RMF).

The second step of the RMF is to select the appropriate subset of security controls from the control catalog in NIST Special Publication 800-53.

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • NIST Special Publication 800-53 — NIST Special Publication 800 53, Recommended Security Controls for Federal Information Systems and Organizations, and catalogs security controls for all U.S. federal information systems except those related to national security. It is published… …   Wikipedia

  • Cyber security standards — are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. These guides provide general outlines as well as specific techniques for implementing cyber… …   Wikipedia

  • Triple DES — Triple Data Encryption Algorithm General First published 1998 (ANS X9.52) Derived from DES Cipher detail Key sizes 168, 112 or 56 bits (Keying option 1, 2, 3 respectively) Block sizes …   Wikipedia

  • Galois/Counter Mode — GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and privacy. GCM mode is defined for block ciphers with a… …   Wikipedia

  • Блочный шифр — Общая схема работы блочного шифра Блочный шифр  разновидность симметричного шифра …   Википедия

  • Federal Information Security Management Act of 2002 — The Federal Information Security Management Act of 2002 ( FISMA , usc|44|3541, et seq. ) is a United States federal law enacted in 2002 as Title III of the E Government Act of 2002 (USPL|107|347, USStat|116|2899). The act was meant to bolster… …   Wikipedia

  • Data remanence — is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that… …   Wikipedia

  • Dual_EC_DRBG — or Dual Elliptic Curve Deterministic Random Bit Generator[1] is a controversial pseudorandom number generator (PRNG) designed and published by the National Security Agency. It is based on the elliptic curve discrete logarithm problem (ECDLP) and… …   Wikipedia

  • Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… …   Wikipedia

  • Domain Name System Security Extensions — Internet protocol suite Application layer BGP DHCP DNS FTP HTTP …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”