- DoD Instruction 8510.01 — DoD Instruction that implements the NIST Risk Management Framework (RMF) DoD Information Technology (IT).
Cybersecurity Standards & Frameworks
The purpose of Cyber Standards section is to provide a general overview regarding cyber standards, including cyber frameworks, and to show some pragmatic ways that they can be applied to improve cybersecurity.
The selected Cyber Standards listed below are organized by the international and national organizations that maintain them: The International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), the International Society of Automation (ISA), and the National Institute of Standards and Technology (NIST).
The selected Cyber Standards listed below are organized by the international and national organizations that maintain them: The International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), the International Society of Automation (ISA), and the National Institute of Standards and Technology (NIST).
For further information about related cybersecurity terms, check out the Cybersecurity FAQ.
The good thing about standards is that there are so many to choose from. Andrew S. Tanenbaum
The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) is a United States federal government policy and standards to help secure information system computers and computer networks.
The two main publications that cover the details of RMF are:
- NIST Special Publication 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems - developed by the Joint Task Force Transformation Initiative Working Group, transforms the traditional Certification and Accreditation (C&A) process into the six-step Risk Management Framework (RMF).
- NIST Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations - provides a catalog of security and privacy controls for all U.S. federal information systems, except those related to national security.
CYBERSECURITY FORUM and CyberSecurityForum.com are trademarks of PivotPoint Technology Corporation. All other product and service names mentioned are the trademarks of their respective companies.