NIST updates its Risk Management Framework

US National Institute of Standards and Technology (NIST) has published draft update to its Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. The update to NIST Special Publication 800-37 (Revision 2) responds to the call by the Defense Science Board, Executive Order 13800, and OMB Memorandum M-17-25 to develop the next-generation Risk Management Framework (RMF) for information systems, organizations, and individuals. A public comment period for this draft document is open until June 22, 2018.

Source: SP 800-37 Rev. 2 (DRAFT), RMF: A System Life Cycle Approach for Security and Privacy | CSRC

>