Guide for Applying the Risk Management Framework to Federal Information Systems
A Security Life Cycle Approach
JOINT TASK FORCE TRANSFORMATION INITIATIVE
INFORMATION
SECURITY
Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930
February 2010
U.S. Department of Commerce
Gary Locke, Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Director
Special Publication 800-37
Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approach
________________________________________________________________________________________________ …show more content…
interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations… “ “…For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations…” “…Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other …show more content…
As part of the overall governance structure established by the organization, the risk management strategy is propagated to organizational officials and contractors with programmatic, planning, developmental, acquisition, operational, and oversight responsibilities, including for example: (i) authorizing officials; (ii) chief information officers; (iii) senior information security officers; (iv) enterprise/information security architects; (v) information system owners/program managers; (vi) information owners/stewards; (vii) information system security officers; (viii)