NIST.SP.800-37r2

0.0(0)
studied byStudied by 0 people
linked notesView linked note
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/9

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

10 Terms

1
New cards

NIST SP 800-37 Revision 2

A publication outlining the Risk Management Framework for Information Systems and Organizations, focusing on security and privacy.

2
New cards

Risk Management Framework (RMF)

A structured process for managing security and privacy risks within information systems and organizations.

3
New cards

Security Categorization

The process of categorizing information and information systems based on their requirement for confidentiality, integrity, and availability.

4
New cards

Common Control Provider

An individual or entity responsible for the implementation and oversight of controls that can be inherited by multiple information systems.

5
New cards

Authorization Boundary

The scope of protection for an information system, including all components that are subject to management control.

6
New cards

Continuous Monitoring

The ongoing awareness and management of the security and privacy posture of information systems.

7
New cards

Plan of Action and Milestones (POAM)

A document outlining tasks and timelines for addressing deficiencies in controls identified through assessments.

8
New cards

Privacy Impact Assessment (PIA)

An analysis that determines how an information system collects, uses, and protects personally identifiable information (PII).

9
New cards

Supply Chain Risk Management (SCRM)

Efforts to address risks arising from the procurement and use of systems and services from external suppliers.

10
New cards

Resilient Military Systems

Systems designed to withstand and recover from threats and vulnerabilities, particularly in the context of national security.