[CISA SCRM]
Cybersecurity And Infrastructure Security Agency Supply Chain Risk Management (SCRM) Example |
[CNSSI 1253]
Categorization And Control Selection For National Security Systems, July 29, 2022. |
[CSIAC Chart / DoD Cybersecurity Policy Chart]
DoD Cybersecurity Policy Chart |
[CSF v1.1]
National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), Version 1.1, April 2018. |
[CSF v2.0]
National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), Version 2.0, February 26, 2024. |
[CUI Registry]
The CUI Registry lists all authorized CUI Categories. |
[DAAPM v2.2]
Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual v2.2 August 31, 2020 |
[DCSA RAR]
DCSA Risk Assessment Report (RAR) Template |
[FedRAMP SAR]
FedRAMP Security Assessment Report (SAR) Template |
[FIPS 199]
National Institute of Standards and Technology Federal Information Processing Standards Publication 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004. |
[FIPS 200]
National Institute of Standards and Technology Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006. |
[IR 8011 v1]
National Institute of Standards and Technology Interagency Report 8011, Volume 1, Automation Support for Security Control Assessments: Overview, June 2017. |
[IR 8062]
National Institute of Standards and Technology Internal Report 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems, January 2017. |
[IR 8179]
National Institute of Standards and Technology Internal Report 8179, Criticality Analysis Process Model: Prioritizing Systems and Components, April 2018. |
[JSIG PM Handbook 2015]
This handbook to the JSIG and RMF serves as a guide to achieve a SAP IS ATO. |
[JSIG Rev 4]
DoD Joint Special Access Program (SAP) Implementation Guide (JSIG) Revision 4 |
[NARA CUI]
National Archives and Records Administration, Controlled Unclassified Information (CUI) Registry. |
[NARA RECM]
National Archives and Records Administration, NARA Records Management Guidance and Regulations. |
[NIST AI 600-1]
NIST Trustworthy and Responsible AI (NIST AI 600-1) – Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile |
[NIST CUI POA&M Template]
National Institute of Standards and Technology example CUI Plan of Actions and Milestones (POA&M) Template. |
[NIST SSP Template]
National Institute of Standards and Technology example CUI System Security Plan Template. |
[OMB A-130]
Office of Management and Budget Circular A-130, Managing Information as a Strategic Resource, July 2016. |
[OMB FEA]
Office of Management and Budget, Federal Enterprise Architecture (FEA). |
[OMB M-13-13]
Office of Management and Budget Memorandum M-13-13, Open Data Policy-Managing Information as an Asset, May 2013. |
[SP 800-18]
National Institute of Standards and Technology Special Publication 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems, February 2006. |
[SP 800-30]
National Institute of Standards and Technology Special Publication 800-30, Revision 1, Guide for Conducting Risk Assessments, September 2012. |
[SP 800-37 Rev 2]
National Institute of Standards and Technology Special Publication 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations, December 2018. |
[SP 800-39]
National Institute of Standards and Technology Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View, March 2011. |
[SP 800-47 Rev 1]
National Institute of Standards and Technology Special Publication 800-47, Revision 1, Managing the Security of Information Exchanges, July 2021. |
[SP 800-53 Rev 5]
National Institute of Standards and Technology Special Publication 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, September 2020. |
[SP 800-53A Rev 5]
National Institute of Standards and Technology Special Publication 800-53A, Revision 5, Assessing Security and Privacy Controls in Information Systems and Organizations, January 2022. |
[SP 800-53B]
“National Institute of Standards and Technology Special Publication 800-53B, Control Baselines for Information
Systems and Organizations, October 2020.” |
[SP 800-55 v1]
National Institute of Standards and Technology Special Publication 800-55, Version 1, Measurement Guide for Information Security, December 2024. |
[SP 800-59]
National Institute of Standards and Technology Special Publication 800-59, Guideline for Identifying an Information System as a National Security System, August 2003. |
[SP 800-60 v1]
National Institute of Standards and Technology Special Publication 800-60, Volume 1, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, August 2008. |
[SP 800-60 v2]
National Institute of Standards and Technology Special Publication 800-60, Volume 2, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices, August 2008. |
[SP 800-61 Rev 3]
National Institute of Standards and Technology Special Publication 800-61, Revision 3, Computer Security Incident Handling Guide, April 2025. |
[SP 800-64 – Withdrawn]
National Institute of Standards and Technology Special Publication 800-64, Revision 2, Security Considerations in the System Development Life Cycle, October 2008. Note: This withdrawn publication includes content that is out of date. It is provided here for historical reference. |
[SP 800-82 Rev 3]
National Institute of Standards and Technology Special Publication 800-82, Revision 2, Guide to Operational Technology (OT) Security, September 2023. |
[SP 800-88]
National Institute of Standards and Technology Special Publication 800-88, Guidelines for Media Sanitization, December 2014. |
[SP 800-128]
National Institute of Standards and Technology Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, August 2011. |
[SP 800-137]
National Institute of Standards and Technology Special Publication 800-137, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, December 2018. |
[SP 800-160 v1 Rev 1]
National Institute of Standards and Technology Special Publication 800-160, Volume 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, November 2016. |
[SP 800-161 Rev 1 Update 1]
National Institute of Standards and Technology Special Publication 800-161, Revision 1, Update 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, May 2022. |
[SP 800-181 Rev 1]
National Institute of Standards and Technology Special Publication 800-181, Revision 1, Workforce Framework for Cybersecurity (NICE Framework), November 2020. |
[USAF RMF IT Categorization and Selection Checklist]
Air Force (AF) Risk Management Framework (RMF) Information Technology (IT) Categorization and Selection Checklist (ITCSC). |