*** Welcome to piglix ***

NIST Special Publication 800-37


NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems" was developed by the Joint Task Force Transformation Initiative Working Group. It aims to transform the traditional Certification and Accreditation (C&A) process into the six-step Risk management framework (RMF).

The second step of the RMF is to select the appropriate subset of security controls from the control catalog in NIST Special Publication 800-53.


...
Wikipedia

...