Professional Documents
Culture Documents
Nist Risk Management Framework 1687441695
Nist Risk Management Framework 1687441695
Identify
Select
Review
Finalize
Assign System
Information
Provisional
Provisional
Information
Security Category
Types Impact Levels Impact Levels Impact Levels
NIST SP 800-60
TASK C-1
TASK C-2
TASK C-3 Security
System Description Security Categorization Categorization Review & Approval
AUTHORITY DOCUMENTS
Preventive
Document
Manual
System
Review System
System
Detective NIST SP 800-53 CIS CSC 20
Categorization Categorization
Characteristics
Automatic NIST SP 800-53b PCI DSS
Systems Categorized
Deterrent
CONTROL
Update
Report
System
System Disposal
MONITOR
SELECT
Allocate Controls to Document Control Review Security &
Select Controls
Tailor Controls
CONTROLS
CONTROLS
Systems and Assets Implementations Privacy Plans
System Disposal
Security &
Approved
TASK S-1
TASK S-2
TASK S-3
TASK S-4 Documentation of Privacy Plans TASK S-6 Plan
Security &
AUTHORIZE
IMPLEMENT
SYSTEMS
CONTROLS
TASK R-1
TASK R-2 Risk Analysis TASK R-3
TASK R-4
System
Implementation Implementation Information
Authorization
Risk Assessment Risk Treatment
Authorization
Package
Implement
Document
Security &
Plan of
Controls Changes
Privacy
Action &
Report
Security &
Security &
Authorization Reporting
PRE-ASSESSMENT ASSESSMENT POST-ASSESSMENT
and Privacy
and Privacy
and Privacy Assessment
Prepare Systems
Organization
TASK A-1
TASK A-2
TASK A-3
TASK A-5
Security &
Plans Reports Plans Security &
TASK P-4 Controls TASK P-11 Controls TASK P-18 Controls
Privacy Plans Privacy Plans Baselines and Profiles Baselines and Profiles Baselines and Profiles
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf