NIST Publishes SP 800-39 in Final

NIST has released, in final form, Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View

NIST describes SP 800-39 as “the capstone publication in the Joint Task Force publications, provides guidance to federal agencies and their contractors on how to manage information security risk associated with the operation and use of information systems. For decades, organizations have managed risk at the information system level. This information system focus provided a very narrow, stovepiped, perspective that constrained risk-based decisions by senior leaders/executives to the tactical level—devoid, in many cases, of any direct linkage or traceability to the important organizational missions/business functions being carried out by enterprises. The concentration on information systems security resulted in a focus on vulnerability management at the expense of strategic risk management applied across enterprises.”

Attached below is the final  version of NIST SP 800-39.  Also attached is NIST’s news release on the document.




One response to “NIST Publishes SP 800-39 in Final”

  1. kimsin says:

    Just want this Standard file to learning purpose.

Leave a Reply

Your email address will not be published.

Please Answer: *