Nist 800 37 Pdf

Categorization Information Systems

Select Security Controls

Implement Security Controls

Access Security Controls

Authorize Information Systems

Moniter Security Controls

( XXXXXX ) the information system and the information processed, stored, and transmitted by that system based on an impact analysis.

( XXXXXX ) an initial set of baseline security controls for the information system based on the security categorization; tailoring and supplementing the security control baseline as needed based on an organizational assessment of risk and local conditions.

( XXXXXX ) the security controls and describe how the controls are employed within the information system and its environment of operation.

( XXXXXX ) the security controls using appropriate assessment procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

( XXXXXX ) information system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable.

( XXXXXX ) the security controls in the information system on an ongoing basis including assessing control effectiveness, documenting changes to the system or its environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to designated organizational officials."

Operationally Critical Threat, Asset, and Vulnerability Evaluation

Factor Analysis of Information Risk

Threat Agent Risk Assessment

Catagorization

Select

Implement

Access

Authorize