Date Published: September 2017
Comments Due: October 3, 2017
Email Comments to: email@example.com
Planning Note (9/28/2017): After this discussion draft, NIST anticipates publishing an initial public draft in November 2017, a final draft in January 2018, and the final publication in March 2018.
NIST announces the release of a discussion draft of Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. This update responds to the call by the Defense Science Board, the President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, and the Office of Management and Budget Memorandum M-17-25 (implementation guidance for the Cybersecurity Executive Order) to develop the next-generation Risk Management Framework (RMF) for systems and organizations.