For your convenience, BAI has assembled the following collection of RMF-related government publications. Please note these are UNCLASSIFIED documents with no restrictions on usage or distribution.

Laws and Executive Branch Polices

Federal Information Security Management Act (FISMA) 

 OMB Circular A-130 (Managing Information as a Strategic Resource)

Federal Information Processing Standards (FIPS) Publications

FIPS 199 (Security Categorization) 

FIPS 200 (Minimum Security Controls)

NIST Special Publications (SP)

SP 800-12 (An Introduction to Information Security

SP 800-18 (Security Plans) 

SP 800-30 (Risk Assessment) 

SP 800-34 (Contingency Planning) 

SP 800-37 (Risk Management Framework) 

SP 800-39 (Organizational Risk Management) 

SP 800-53 (Security Controls) 

SP 800-53A (Security Controls Assessment) 

SP 800-55 (Performance Measurement Guide for Information Security) 

SP 800-59 (National Security Systems) 

SP 800-60 (Security Categorization), Volume 1 

SP 800-60 (Security Categorization), Volume 2 

SP 800-61 (Incident Response Planning) 

SP 800-137 (Continuous Monitoring) 

IR 7298 (Glossary of Key Information Security Terms) 

Committee on National Security Systems (CNSS) Publications

CNSSP 22 (Risk Management Policy for NSS) 

CNSSI 1253 (Security Categorization and Control Selection for NSS) 

CNSSI 1254 (Risk Management Framework Documentationm Data Element Standards and Reciprocity Process for NSS)

CNSSI 4009 (Committee on National Security Systems (CNSS) Glossary) 

Classified Information Overlay

Privacy Overlays

Department of Defense Instructions (DoDI)

DoDI 8500.01 (Cybersecurity) 

DoDI 8510.01 (RMF for DoD IT) 

Intelligence Community (IC) Publications

ICD 503 (Risk Management, Certification and Accreditation)