NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems" was developed by the Joint Task Force Transformation Initiative Working Group.
The first revision aimed to transform the traditional Certification and Accreditation (C&A) process into the Risk Management Framework (RMF), and the second version addressed privacy controls in a more central manner, and added a preparatory step .
1 was published in February 2010 under the title "Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach".
1 was withdrawn on December 20, 2019 and superseded by SP 800-37 Rev.
2 was published in December 2019 under the title "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy".