Which NIST Special Publication provides the Guide to Applying the Risk Management Framework to Federal Information Systems?

SP 800-37 Rev 1 is the NIST publication that provides the Guide for Applying the Risk Management Framework to Federal Information Systems. It lays out the six-step RMF lifecycle—categorize, select, implement, assess, authorize, and monitor—and explains how to tailor and document security controls for federal systems, including the roles and ongoing activities needed to maintain authorization over time. The other publications address related but different topics: SP 800-39 covers organizational risk management at the agency level, SP 800-53 lists the security and privacy controls used within RMF, and SP 800-30 guides how to perform risk assessments. Therefore, SP 800-37 Rev 1 is the correct reference for applying the RMF to federal information systems.