Information Technology Security

1. Federal Agency Security Practices (FASP)

   The FASP site contains Federal agency policies, procedures and practices; the CIO pilot Best Security Practices (BSPs); and, a Frequently-Asked-Questions (FAQ) section.

2. Public / Private Security Practices

   This site contains academia, public, and private organization's security practices.

3. Checklists / Implementation Guides

   This page is no longer being updated by NIST - for current STIGs and Checklists, please update your bookmarks and go to this web page:

   http://iase.disa.mil/stigs/index.html

4. Security Configuration Checklists Program for IT Products

This is the main site for NIST's Checklist Program; it contains introductory material and overviews of the program and FAQ information about checklists and security configurations. Readers can download participation materials, Draft NIST Special Publication 800-70: Security Configuration Checklists Program for IT Products, and NIST's checklists for Microsoft Windows XP and 2000 Professional.

We solicit your participation and welcome your comments and suggestions.

DISCLAIMER

NIST has designed this web site primarily as an educational resource for Federal security professionals. NIST makes no claim that use of the security practices, checklists, and implementation guides will assure a successful outcome. Each Federal security professional should apply his or her own professional judgment when using a security practice, checklist or implementation guide.

Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by NIST nor does it imply that the products mentioned are necessarily the best available for the purpose.