NIST SP 800-37 Revision 2 updates guidelines for applying the Risk Management Framework to federal information systems. It aims to improve communication between risk processes at executive and operational levels, institutionalize enterprise-wide risk preparation, demonstrate how to use the Cybersecurity Framework through RMF, and integrate privacy concepts. A key objective is putting organizational preparation activities like role assignment and risk strategy development at the center.