Data Protection Consulting
The steps in the Risk Management Framework Following NIST Publications are below:
Prerequisites:
NIST.SP.800.18r1 - Guide for Developing Security Plans for Federal Information Systems
NIST.SP.800.30 – Guide for Conducting Risk Assessments
NIST.SP.800.39 – Managing Information Security Risk (Organization, Mission, and information System View)
Step 1 Categorize Information Systems
FIPS 199 – Standards for Security Categorization of Federal Information and Information Systems
NIST.SP.800.60
Volume I – Guide for Mapping Types of Information and Information Systems to Security Categories
Volume II - Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
Step 2 Select Security Controls
FIPS 200 – Minimum Security Requirements for Federal Information and Information System
NIST.SP.800.53 r4 - Security and Privacy Controls for Federal Information Systems and Organizations
Step 3 Implement Security Controls
NIST.SP.800.160 – Systems Security Engineering (Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems)
Step 4 Assess Security Controls
NIST.SP.800.53A r4 – Assessing Security and Privacy Controls in Federal Information Systems and Organizations * Building Effective Assessment Plans
Step 5 Authorize Information Systems
NIST.SP.800.37 – Guide for Applying the Risk Management Framework to Federal Information Systems (A Security Life Cycle Approach)
Step 6 Monitor Security Controls
NIST.SP.800.137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
NIST.SP.800.53A r4 - Assessing Security and Privacy Controls in Federal Information Systems and Organizations * Building Effective Assessment Plans
National Vulnerability Database
NVD - NIST SP.800.53r4
Cloud Computing Security and Privacy
NIST.SP.800.144 - Guidelines on Security and Privacy in Public Cloud Computing
NIST.SP.800.145 - The NIST Definition of Cloud Computing
NIST.SP.800.146 - Cloud Computing Synopsis and Recommendations
Health Insurance Portability and Accountability Act (HIPAA) Security Rule
NIST.SP.800-66r1 - An Introductory Resource Guide For Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule