Information SecurityUnited States
NIST SP 800-37
Risk Management Framework for Information Systems and Organizations: A System Security Engineering Approach for the Federal Government.
Domains
Cross-Cutting Roles and Functions
RMF Step 6 - Monitor
RMF Step 5 - Authorize
RMF Step 4 - Assess
RMF Step 3 - Implement
Compare NIST SP 800-37
NIST SP 800-37 by Industry
NIST SP 800-37 by Role
Frequently Asked Questions
What is NIST SP 800-37?
Risk Management Framework for Information Systems and Organizations: A System Security Engineering Approach for the Federal Government.
How many controls does NIST SP 800-37 have?
NIST SP 800-37 contains 8 controls organized across 8 domains.
Where does NIST SP 800-37 apply?
NIST SP 800-37 is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does NIST SP 800-37 map to?
NIST SP 800-37 has control-to-control mappings with 93 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with NIST SP 800-37 compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for NIST SP 800-37?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.