NIST is pleased to release additional supplemental materials supporting the initial public draft of Special Publication (SP) 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Please note that the public comment period for SP 800-37, Rev. 2 closes on June 22, 2018. Submit comments using the Microsoft Excel comment template (available in the Supplemental Material section) to email@example.com.
- Recorded presentations at the 2018 Federal Computer Security Managers’ (FCSM) Forum Offsite Meeting (https://csrc.nist.gov/Events/2018/Federal-Computer-Security-Managers-Forum-2-day) by:
- Dr. Ron Ross (NIST) covering the next generation cybersecurity and risk management guidance, and the strategy behind the “RMF 2.0” update; and
- Ms. Kelley Dempsey and Ms. Naomi Lefkovitz covering a deep dive of the technical changes and updates in Draft SP 800-37 Rev. 2.
- A detailed “red line” markup showing significant changes between SP 800-37, Rev. 1 and the initial public draft of SP 800-37, Rev. 2 is available at https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/draft (refer to the Supplemental Material Section).
- Quick Start Guides for the RMF 2.0 Prepare Step that provide an introduction to and summary of the newly added step. The Quick Start Guides include the Roles and Responsibilities and Frequently Asked Questions (FAQ). These are available at: https://csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-Quick-Start-Guides/Step-0-Prepare.
Please submit any questions or comments to firstname.lastname@example.org.