Home ResourcesBlog Final Draft Update for NIST SP 800-37 Rev. 2

Final Draft Update for NIST SP 800-37 Rev. 2

Barb Wert, Regulatory Compliance Specialist

The NIST CSRC has sent notification of the final public draft of Special Publication 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations–A System Life Cycle Approach for Security and Privacy.  This publication follows an initial draft published in May 2018.  Public comment for the final draft is open until October 31, 2018, with publication of the final document expected in November.

The CSRC, in its notification, also seeks feedback on new RMF Task P-13, Information Life Cycle.  From the CSRC, “The life cycle describes the stages through which information passes, typically characterized as creation or collection, processing, dissemination, use, storage, and disposition, to include destruction and deletion. Identifying and understanding all stages of the information life cycle have significant implications for security and privacy. We are seeking comment on how organizations would execute this task and how we might provide the most helpful discussion to assist organizations in the execution.”  

Further information from the CSRC, including details on submitting feedback, can be found at https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/draft.