Appendix B: Documents reviewed
| Stage | Title | Document number |
|---|---|---|
| Overview | Risk Management Framework for Information Systems and Organizations | SP 800-37 |
| Prepare | NIST PRIVACY FRAMEWORK CORE | NIST Privacy Framework |
| An Introduction to Privacy Engineering & Risk Management in Federal Systems | NISTIR 8062 | |
| Engineering Trustworthy Secure Systems | SP 800-160v1 | |
| Developing Cyber-Resilient Systems | SP 800-160v2 | |
| Guide for Conducting Risk Assessments | SP 800-30 | |
| Managing Information Security Risk | SP 800-39 | |
| Guide for Developing Security Plans for Federal Information Systems | SP 800-18 | |
| Categorize | Standards for Security Categorization of Federal Information & Information Systems | FIPS 199 |
| Guide for Mapping Types of Information & Information Systems to Security Categories | SP 800-60v1 | |
| Appendices to Guide for Mapping Types of Information & Information Systems to Security Categories | SP800-60v2 | |
| Select | Guide for Mapping Types of Information & Information Systems to Security Categories | FIPS 200 |
| Security & Privacy Controls for Information Systems and Organizations | SP 800-53 | |
| Control Baselines for Information Systems & Organizations | SP 800-53B | |
| Implement | Contingency Planning Guide for Federal Information Systems | SP 800-34 |
| Computer Security Incident Handling Guide | SP 800-61 | |
| Guide for Security-Focused Configuration Management of Information Systems | SP 800-128 | |
| Assess | Assessing Security & Privacy Controls in Information Systems & Organizations | SP 800-53A |
| Automation Support for Security Control Assessments | NISTIR 8011 | |
| Authorize | Developed by agencies | varied |
| Monitor | Information Security Continuous Monitoring (ISCM) for Federal Information Systems & Organizations | SP 800-137 |
| Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment | SP 800-137A | |
| ISCMA: An Information Security Continuous Monitoring Program Assessment | NISTIR 8212 | |
| Overlays | Security Control Overlay of NIST Special Publication 800-53 Revision 5 Security Controls for Federal PKI Systems | FPKIPA |
| Other | Managing Information as a Strategic Resource | A-130 |
| Framework for Improving Critical Infrastructure Cybersecurity | Cybersecurity Framework |