9. What is NIST SP 800-37, and do you have policy and procedure documents that align with this specific NIST publication, along with additional information security policies and procedures?

NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems” is an in-depth publication put forth by the National Institute of Standards and Technology (NIST) that discusses the essential elements of risk and the importance of undertaking documented information security risk management practices within an organization. In today’s growing world of continued data security threats and challenges, assessing risk has now become more important than ever. Additionally, it’s a requirement for federal agencies and other entities working with such agencies, as stipulated by FISMA. NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems”, effectively discusses the following:

  • Promoting the concept of near “real time” risk management.
  • Encouraging the use of automation.
  • Integrating information security into the overall organization.
  • Providing necessary emphasis on the selection, implementation, assessment, and overall monitoring of information security controls.
  • Effectively linking risk management at the information systems level to that risks as the organizational level.
  • Establishing responsibility and accountability relating to information systems security controls.

Information Security Policies and Risk Management Templates

Undertaking a comprehensive risk management process requires a thoughtful approach, one that include performing an actual risk assessment regarding the various elements of risk. What’s needed for facilitating such a process is a well-defined, in-depth, and easy-to-use risk assessment template, which is offered for instant download from FLANK with the FLANK21 set of information security documents. Containing literally hundreds of policies, procedures, forms, checklists, templates, provisioning and hardening documents – and more – the packet also includes vital risk management and risk assessment documentation. Today’s growing regulatory compliance mandates, coupled with ever-increasing information security threats – has made risk management one of the most fundamentally important practices for which all organizations must undertake.

NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems” is an excellent reference for managing risk, and it’s why the core framework of this publication is included in the FLANK risk management and risk assessment documentation.