NIST Special Publication 800-37
Guide for the Security Certification and Accreditation of Federal Information Systems
The purpose of NIST Special Publication 800-37 is to provide guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government. These guidelines have been developed to:
The guidelines provided in Special Publication 800-37 are applicable to all federal information systems other than those systems designated as national security systems as defined in 44 U.S.C., Section 3542. The guidelines have been broadly developed from a technical perspective so as to be complementary to similar guidelines issued by agencies and offices operating or exercising control over national security systems. This publication replaces Federal Information Processing Standards (FIPS) Publication 102, Guidelines for Computer Security Certification and Accreditation, September 1983, which has been rescinded. State, local, and tribal governments as well as private sector organizations comprising the critical infrastructure of the United States are also encouraged to consider the use of these guidelines, as appropriate.