Category:NIST SP 800-39FPD

From FISMApedia
Jump to: navigation, search

NIST Special Publication 800-39 is the flagship document in the series of information security standards and guidelines developed by NIST in response to FISMA. The purpose of Special Publication 800-39 is to provide guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems. Special Publication 800-39 provides a structured, yet flexible approach for managing risk that is intentionally broad-based, with the specific details of assessing, responding to, and monitoring risk on an ongoing basis provided by other supporting NIST security standards and guidelines.

This publication satisfies the requirements of FISMA and meets or exceeds the information security requirements established for executive agencies by the Office of Management and Budget (OMB) in Circular A-130, Appendix III, Security of Federal Automated Information Resources. The guidelines in this publication are applicable to all federal information systems other than those systems designated as national security systems as defined in 44 U.S.C., Section 3542. The guidelines have been broadly developed from a technical perspective to complement similar guidelines for national security systems and may be used for such systems with the approval of appropriate federal officials exercising policy authority over such systems. State, local, and tribal governments, as well as private sector organizations are encouraged to consider using these guidelines, as appropriate.

Table of Contents

FRONT MATTER
CHAPTER ONE INTRODUCTION
1.1 PURPOSE AND APPLICABILITY
1.2 TARGET AUDIENCE
1.3 RELATED PUBLICATIONS
1.4 ORGANIZATION OF THIS SPECIAL PUBLICATION
CHAPTER TWO THE FUNDAMENTALS
2.1 COMPONENTS OF RISK MANAGEMENT
2.2 MULTITIERED RISK MANAGEMENT
2.3 TIER ONE--ORGANIZATION VIEW
2.4 TIER TWO--MISSION/BUSINESS PROCESS VIEW
2.5 TIER THREE--INFORMATION SYSTEMS VIEW
2.6 TRUST AND TRUSTWORTHINESS
2.7 ORGANIZATIONAL CULTURE
2.8 RELATIONSHIP AMONG KEY RISK CONCEPTS
CHAPTER THREE THE PROCESS
3.1 FRAMING RISK
3.2 ASSESSING RISK
3.3 RESPONDING TO RISK
3.4 MONITORING RISK
APPENDIX A REFERENCES
APPENDIX B GLOSSARY
APPENDIX C ACRONYMS
APPENDIX D ROLES AND RESPONSIBILITIES
APPENDIX E RISK MANAGEMENT PROCESS TASKS
APPENDIX F GOVERNANCE MODELS
APPENDIX G TRUST MODELS
APPENDIX H RISK RESPONSE STRATEGIES


Prologue

"...Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations..."
"...For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations..."
"...Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other domain..."


-- THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS

OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF DEFENSE


Sources

Subcategories

This category has only the following subcategory.

N

Retrieved from "http://fismapedia.org/index.php?title=Category:NIST_SP_800-39FPD&oldid=52748"