NIST SP 800-37
E532552
NIST SP 800-37 is a key NIST cybersecurity guideline that defines the Risk Management Framework (RMF) for managing information security and privacy risk in federal information systems.
All labels observed (2)
| Label | Occurrences |
|---|---|
| NIST SP 800-37 canonical | 2 |
| DoD Risk Management Framework | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T5562060 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: NIST SP 800-37 Context triple: [Special Publications, hasPart, NIST SP 800-37]
-
A.
NIST SP 800-67
NIST SP 800-67 is a NIST Special Publication that provides technical guidance and recommendations for the use and implementation of the Triple Data Encryption Algorithm (TDEA/3DES) in federal information systems.
-
B.
NIST SP 800 series
The NIST SP 800 series is a collection of special publications from the U.S. National Institute of Standards and Technology that provide guidelines, recommendations, and technical specifications for information security and risk management.
-
C.
Federal Risk and Authorization Management Program
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide framework that standardizes security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies.
-
D.
ISO/IEC 27005
ISO/IEC 27005 is an international standard that provides guidelines for information security risk management within an organization’s overall information security management system.
-
E.
NIST SP 800-63C
NIST SP 800-63C is a U.S. National Institute of Standards and Technology special publication that provides technical and policy guidance on digital identity federation and the use of federated identity assertions.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: NIST SP 800-37 Target entity description: NIST SP 800-37 is a key NIST cybersecurity guideline that defines the Risk Management Framework (RMF) for managing information security and privacy risk in federal information systems.
-
A.
NIST SP 800-67
NIST SP 800-67 is a NIST Special Publication that provides technical guidance and recommendations for the use and implementation of the Triple Data Encryption Algorithm (TDEA/3DES) in federal information systems.
-
B.
NIST SP 800 series
The NIST SP 800 series is a collection of special publications from the U.S. National Institute of Standards and Technology that provide guidelines, recommendations, and technical specifications for information security and risk management.
-
C.
Federal Risk and Authorization Management Program
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide framework that standardizes security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies.
-
D.
ISO/IEC 27005
ISO/IEC 27005 is an international standard that provides guidelines for information security risk management within an organization’s overall information security management system.
-
E.
NIST SP 800-63C
NIST SP 800-63C is a U.S. National Institute of Standards and Technology special publication that provides technical and policy guidance on digital identity federation and the use of federated identity assertions.
- F. None of above. chosen
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
NIST Special Publication
ⓘ
cybersecurity guideline ⓘ risk management framework document ⓘ |
| alignsWith |
FISMA requirements
ⓘ
NIST Cybersecurity Framework NERFINISHED ⓘ NIST SP 800-53 NERFINISHED ⓘ |
| alsoKnownAs | RMF 2.0 NERFINISHED ⓘ |
| appliesTo |
federal agencies
ⓘ
federal information systems ⓘ |
| author | National Institute of Standards and Technology NERFINISHED ⓘ |
| countryOfOrigin |
United States of America
ⓘ
surface form:
United States
|
| defines | Risk Management Framework NERFINISHED ⓘ |
| expandsScopeTo | organizations ⓘ |
| focusesOn |
managing information security risk
ⓘ
managing privacy risk ⓘ |
| frameworkName | Risk Management Framework NERFINISHED ⓘ |
| integrates |
cybersecurity risk management
ⓘ
privacy risk management ⓘ |
| language | English ⓘ |
| objective |
improve information security posture of federal systems
ⓘ
integrate risk management into system life cycle ⓘ |
| provides |
guidance for continuous monitoring
ⓘ
guidance for system authorization ⓘ |
| publicationYear |
2010
ⓘ
2018 ⓘ |
| publisher | National Institute of Standards and Technology NERFINISHED ⓘ |
| relatedTo |
NIST SP 800-30
NERFINISHED
ⓘ
NIST SP 800-39 NERFINISHED ⓘ NIST SP 800-53A NERFINISHED ⓘ |
| replacedBy | NIST SP 800-37 Revision 2 NERFINISHED ⓘ |
| series | NIST Special Publication 800-series NERFINISHED ⓘ |
| step |
Assess
ⓘ
Authorize ⓘ Categorize ⓘ Implement ⓘ Monitor ⓘ Prepare ⓘ Select ⓘ |
| subject |
information security risk management
ⓘ
privacy risk management ⓘ |
| title |
Guide for Applying the Risk Management Framework to Federal Information Systems
NERFINISHED
ⓘ
Guide for Applying the Risk Management Framework to Federal Information Systems and Organizations NERFINISHED ⓘ |
| usedBy | U.S. federal agencies NERFINISHED ⓘ |
| usedFor | authorization to operate decisions ⓘ |
| version |
Revision 1
ⓘ
Revision 2 ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: NIST SP 800-37 Description of subject: NIST SP 800-37 is a key NIST cybersecurity guideline that defines the Risk Management Framework (RMF) for managing information security and privacy risk in federal information systems.
Referenced by (3)
Full triples — surface form annotated when it differs from this entity's canonical label.