Page History
...
Can you provide an overview of the SA&A process?
NCI and NIH follow the National Institute of Standards and Technology (NIST ) Special Publication 800-37 (link is external)rev. 2, Guide for Applying the Risk Management Framework to Federal for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. You should adhere to the 800-37 RMF rev. 2 RMF and use templates published by the NIST under the 800 series of NIST special publications.
...