SP 800-37 - Risk Management Framework

NIST Special Publication 800-37 outlines the Risk Management Framework that federal agencies must follow to protect information systems under the Federal Information Security Modernization Act of 2014. It details a continuous process of categorizing, selecting, implementing, assessing, authorizing, and monitoring security controls to ensure ongoing compliance and risk mitigation. The guidance serves as a core component of federal cybersecurity policy.