For your convenience, ITdojo has assembled the following collection of RMF-related government publications. Please note these are UNCLASSIFIED documents with no restrictions on usage or distribution.
Laws and Executive Branch Policies
Federal Information Security Management Act (FISMA)
OMB Circular A-130 Appendix III (Security of Federal Information Systems)
Federal Information Processing Standard (FIPS) Publications
FIPS 199 (Security Categorization)
FIPS 200 (Minimum Security Controls)
NIST Special Publications (SP)
SP 800-34 (Contingency Planning)
SP 800-37 (Risk Management Framework)
SP 800-39 (Organizational Risk Management)
SP 800-53A (Security Controls Assessment)
SP 800-59 (National Security Systems)
SP 800-60 (Security Categorization), Volume 1
SP 800-60 (Security Categorization), Volume 2
SP 800-61 (Incident Response Planning)
SP 800-137 (Continuous Monitoring)
Committee on National Security Systems (CNSS) Publications
CNSSP 22 (Risk Management Policy for NSS)
CNSSI 1253 (Security Categorization and Control Selection for NSS)
CNSSI 4009 (Information Assurance Glossary)
