The National Institute of Standards and Technology (NIST) has created a series of Special Publications (SP) that provide guidance to federal agencies on implementing the provisions of FISMA and related policies. These documents collectively define a comprehensive Risk Management Framework for information systems.

Central to that framework is the Certification and Accreditation (C&A) process defined in NIST Special Publication 800-37. This process is variously referred to as the "NIST C&A Process", "FISMA C&A Process", or "NIST/FISMA C&A Process".

Also key to the Risk Management Framework are NIST Special Publication 800-53, which contains a standardized set of Security Controls (requirements) for information systems, and 800-53a, which contains guidance on how to assess the effectiveness of these security controls.

Other important NIST documents include:

• Federal Information Processing Standard (FIPS) 199 and NIST SP 800-60, which deal with categorizing information systems and their data
• NIST SP 800-30, which provides guidance on risk assessment
• NIST SP 800-34, which provides guidance on developing contingency plans

Orange Parachute Services:

• Project Management
• Security Certification and Accreditation under NIST SP 800-37 or DoD 8500.2 DIACAP
• C&A liaison between Customer and Government
• NIST SP 800-18 System Security Plans
• FIPS 199 Security Categorization
• NIST SP 800-60 Information Typing
• NIST SP 800-26 Self Assessments
• NIST SP 800-30 Risk Assessments, Threat and Vulnerability Matrices
• NIST SP 800-53/DoD 8500.2 Security Control Assessments and Gap Analyses