800-37 is short for NIST SP 800-37, or NIST 800-37. 800-37 can be applied on all industry like military, airflight, etc. For IT industry it is a framework to risk management by invoking multiple NIST standards including: FIPS 199, NIST 800-53B, NIST 800-53A, etc. ABSTRACT Risk M...
National Institute of Standards and Technology, December 2018, NIST Special Publication 800-37 Revision 2 Risk Management Framework for Information Systems and Organizations A System Life Cycle Approach for Security and Privacy, https://doi.org/10.6028/NIST.SP.800-37r2 PNNL, November 2018, Risk Man...
RMF是NIST于2010年出版的特别出版物800-37rev1。NIST开发的此框架,提供一种灵活、动态的方法有效管理高度多样化的环境中贯穿系统全生命周期与信息系统相关的安全风险。 前言 《风险管理框架》(Risk Management Framework,RMF)是NIST[1]于2010年出版的特别出版物800-37rev1[2]。NIST开发的此框架,提供一种灵活、动态...
《风险管理框架》(Risk Management Framework,RMF)是NIST于2010年出版的特别出版物800-37rev1。NIST开发的此框架,提供一种灵活、动态的方法有效管理高度多样化的环境中贯穿系统全生命周期与信息系统相关的安全风险。当下,美国政府的各个机构都必须遵守RMF并将其融入信息系统管控流程。2019年RMF被写入国防部指示中,许多机构...
浅析美国NIST《风险管理框架》前言《风险管理框架》(Risk Management Framework,RMF)是NIST于2010年出版的特别出版物800-37rev1。NIST开发的此框架,提供一种灵活、动态的方法有效管理高度多样化的环境中贯穿系统全生命周期与信息系统相关的安全风险。当下,美国政府的各个机构都必须遵守RMF并将其融入信息系统管控流程。2019...
1. The NIST Cybersecurity Framework 2.0, Initial Public Draft, August 8, 2023 2. Amy Mahn,Cherilyn Pascoe, It’s a Journey…Where is NIST Headed with the Cybersecurity Framework,RSAC2023 3. NIST, Artificial Intelligence Risk Management Framework (AI RMF 1.0),January 2023 ...
8月4日,美国国家标准与技术研究院NIST在官网上发布《零信任架构规划:一份面向管理员的入门指南(草案)》白皮书,该草案版本公开评论期为一个月。本白皮书草案提供了 NIST 风险管理框架 (NIST Risk Management Framework,RMF) 的顶层概述及其如何帮助开发和实施零信任架构。
NIST SP 800-37.This is theRisk Management Frameworkfor information systems. The standard's goal is to prepare organizations for risk management activities, while outlining the needed structure and processes for managing security, privacy and risks. ...
800-30, Guide to Conducting Risk Assessments • Addresses the Assessing Risk component of Risk Management (from SP 800-39) • Provides guidance on applying risk assessment concepts to: – All three tiers in the risk management hierarchy – Each step in the Risk Management Framework • ...
Cloud Security Alliance – Security Trust, Assurance and Risk (STAR)CivilianUSGCB/SCAP FIPS 199 Federal Information System Controls Audit Manual (FISCAM) MARS-E NIST 800-37 (Risk Management Framework) NIST 800-53/53A (Security Controls for Federal IS) NIST 800-60 (Guide...