Category:GIC-NISTSP80037r1FPD

Table of Contents

 * FRONT MATTER
 * CHAPTER ONE INTRODUCTION
 * 1.1 BACKGROUND
 * 1.2 PURPOSE AND APPLICABILITY
 * 1.3 TARGET AUDIENCE
 * 1.4 ORGANIZATION OF THIS SPECIAL PUBLICATION
 * CHAPTER TWO THE FUNDAMENTALS
 * 2.1 INTEGRATED ENTERPRISE-WIDE RISK MANAGEMENT
 * 2.2 SYSTEM DEVELOPMENT LIFE CYCLE
 * 2.3 INFORMATION SYSTEM BOUNDARIES
 * 2.4 SECURITY CONTROL ALLOCATION
 * CHAPTER THREE THE PROCESS
 * 3.1 RMF STEP 1 – CATEGORIZE INFORMATION SYSTEM
 * 3.2 RMF STEP 2 – SELECT SECURITY CONTROLS
 * 3.3 RMF STEP 3 – IMPLEMENT SECURITY CONTROLS
 * 3.4 RMF STEP 4 – ASSESS SECURITY CONTROLS
 * 3.5 RMF STEP 5 – AUTHORIZE INFORMATION SYSTEM
 * 3.6 RMF STEP 6 – MONITOR SECURITY CONTROLS
 * APPENDIX A REFERENCES
 * APPENDIX B GLOSSARY
 * APPENDIX C ACRONYMS
 * APPENDIX D ROLES AND RESPONSIBILITIES
 * APPENDIX E SUMMARY OF RMF TASKS
 * APPENDIX F SECURITY AUTHORIZATION
 * APPENDIX G CONTINUOUS MONITORING
 * APPENDIX H OPERATIONAL SCENARIOS

Prologue
"...Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations..."

"...For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations..."

"...Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other domain..."

-- THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS
 * OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF DEFENSE