SECOND PUBLIC DRAFT
Guide for the Security Certification andAccreditation of Federal Information Systems
SP 800-37 P
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Tech-nology (NIST) promotes the U.S. economy and public welfare by providing technical leadershipfor the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, ref-erence data, proof of concept implementations, and technical analyses to advance the develop-ment and productive use of information technology. ITL’s responsibilities include the develop-ment of management, administrative, technical, and physical standards and guidelines for thecost-effective security and privacy of non-national security-related information in federal infor-mation systems. This special publication 800-series reports on ITL’s research, guidelines, andoutreach efforts in information system security, and its collaborative activities with industry, gov-ernment, and academic organizations.
U.S. GOVERNMENT PRINTING OFFICEWASHINGTON: 2003
For sale by the Superintendent of Documents, U.S. Government Printing OfficeInternet: bookstore.gpo.gov — Phone: (202) 512-1800 — Fax: (202) 512-2250Mail: Stop SSOP, Washington, DC 20402-0001