How to bootstrap the NIST risk management framework with verification activities

OWASP Application Security Verification Standard (ASVS) can be used in support of the NIST risk management framework. This article describes one possible way to bootstrap the NIST risk management framework security life cycle with verification activities.

The NIST risk management framework security life cycle activities can be summarized as follows: The NIST risk management framework security life cycle activities can be augmented with verification activities using OWASP ASVS as follows:
 * Categorize the information system
 * Select an initial set of security controls
 * Supplement the initial set of tailored security controls
 * Document the agreed-upon set of security controls
 * Implement the security controls
 * Assess the security controls
 * Authorize information system operation
 * Monitor and assess selected security controls