Home Services GDPR NIST About Facts and Trivia Contact Us

Into IT Computers, Inc. © 2001 - 2018 Into IT Computers, Inc. All rights reserved

Share on Facebook Share on LinkedIn Share on Twitter Share on Google Bookmarks

Data Protection Consulting

Into IT Computers, Inc.

The steps in the Risk Management Framework Following NIST Publications are below:


Prerequisites:

NIST.SP.800.18r1 - Guide for Developing Security Plans for Federal Information Systems

NIST.SP.800.30 – Guide for Conducting Risk Assessments

NIST.SP.800.39 – Managing Information Security Risk (Organization, Mission, and information System View)


Step 1 Categorize Information Systems

FIPS 199 – Standards for Security Categorization of Federal Information and Information Systems

NIST.SP.800.60

Volume I – Guide for Mapping Types of Information and Information Systems to Security Categories

Volume II - Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices


Step 2 Select Security Controls

FIPS 200 – Minimum Security Requirements for Federal Information and Information System

NIST.SP.800.53 r4 - Security and Privacy Controls for Federal Information Systems and Organizations


Step 3 Implement Security Controls

NIST.SP.800.160 – Systems Security Engineering (Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems)


Step 4 Assess Security Controls

NIST.SP.800.53A r4 – Assessing Security and Privacy Controls in Federal Information Systems and Organizations * Building Effective Assessment Plans


Step 5 Authorize Information Systems

NIST.SP.800.37 – Guide for Applying the Risk Management Framework to Federal Information Systems (A Security Life Cycle Approach)


Step 6 Monitor Security Controls

NIST.SP.800.137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

NIST.SP.800.53A r4 - Assessing Security and Privacy Controls in Federal Information Systems and Organizations * Building Effective Assessment Plans


National Vulnerability Database

NVD - NIST SP.800.53r4



 Framework for Improving

Critical Infrastructure Cybersecurity

Version 1.0

National Institute of Standards and Technology

February 12, 2014

https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

Cloud Computing Security and Privacy

NIST.SP.800.144 - Guidelines on Security and Privacy in Public Cloud Computing

NIST.SP.800.145 - The NIST Definition of Cloud Computing

NIST.SP.800.146 - Cloud Computing Synopsis and Recommendations

Health Insurance Portability and Accountability Act (HIPAA) Security Rule

NIST.SP.800-66r1 - An Introductory Resource Guide For Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule