Some
security practices in the listing below may not reference an organization's
affiliation. These practices are provided in a generic format. The
second column specifies the type of file format (Ex. MS Word, pdf,
Text file, etc.) that the file is available in. The third column
contains the date when the file was posted to this page.
|
|
|
NIST invites
public and private organizations to submit their information security
practices as nominated candidates for inclusion in its Computer
Security Resource Center. With the recognition that protection of
the Nation's critical infrastructure is dependent upon effective
information security solutions and to minimize vulnerabilities associated
with a variety of threats, the broader sharing of such practices
will enhance the overall security of the nation. Today's federal
networks and systems are highly interconnected and interdependent
with non-federal systems. Access to information security practices
in the public and private sector can be applied to enhance the overall
performance of Federal information security programs.
Nominated candidate
policies and procedures may be submitted to NIST in any area of
information security including, but not limited to: accreditation,
audit trails, authorization of processing, budget planning and justification,
certification, contingency planning, data integrity, disaster planning,
documentation, hardware and system maintenance, identification and
authentication, incident handling and response, life cycle, network
security, personnel security, physical and environmental protection,
production input/output controls, security policy, program management,
review of security controls, risk management, security awareness
training, and education (to include specific course and awareness
materials), and security planning.
|
|