Document | Description | Type | Last Updated |
---|---|---|---|
NIST Cloud Computing Reference Architecture (SP 500-292) | The adoption of cloud computing into the Federal Government and its implementation depend upon a variety of technical and non-technical factors. A fundamental reference point, based on the NIST definition of Cloud Computing, is needed to describe an overall framework that can be used government-wide. This document presents the NIST Cloud Computing Reference Architecture (RA) and Taxonomy (Tax) that will accurately communicate the components and offerings of cloud computing. |
|
9/8/2011 |
Contingency Planning Guide for Federal Information Systems (SP 800-34 Revision 1) | This publication assists organizations in understanding the purpose, process, and format of information system contingency planning development through practical, real-world guidelines. This guidance document provides background information on interrelationships between information system contingency planning and other types of security and emergency management-related contingency plans, organizational resiliency, and the system development life cycle. This document provides guidance to help personnel evaluate information systems and operations to determine contingency planning requirements and priorities. |
WEB |
11/10/2010 |
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (SP 800-37 Revision 1) | Provides guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system authorization, and security control monitoring. |
WEB |
6/5/2014 |
Managing Information Security Risk: Organization, Mission, and Information System View (SP 800-39) | Provides guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems. |
WEB |
3/2011 |
Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53 Revision 4) | A comprehensive update of the security controls catalog. State-of-the-practice security controls and control enhancements have been developed and integrated into the catalog addressing such areas as: mobile and cloud computing; applications security; trustworthiness, assurance, and resiliency of information systems; insider threat; supply chain security; and the advanced persistent threat. |
|
4/30/2013 |
Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (SP 800-53a Revision 4) | Provides guidelines for building effective security assessment plans and procedures for assessing the effectiveness of security controls employed in federal information systems and organizations. |
|
12/4/2014 |
Guide for Mapping Types of Information and Information Systems to Security Categories (SP 800-60 Revision 1, Volume 1) | This document contains the basic guidelines for mapping types of information and information systems to security categories. |
WEB |
8/2008 |
Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories (SP 800-60 Revision 1, Volume 2) | SP 800-60 Rev. 1, Vol. 2 explains the appendices contained in Volume I, including security categorization recommendations and rationale for mission-based and management and support information types. |
WEB |
8/2008 |
Computer Security Incident Handling Guide (SP 800-61 Revision 2) | Assists organizations in mitigating the risks from computer security incidents by providing practical guidelines on responding to incidents effectively and efficiently. The publication details guidelines on establishing an effective incident response program, as well as detecting, analyzing, prioritizing, and handling incidents, including coordination and information sharing. |
|
8/8/2012 |
Guide to Integrating Forensic Techniques into Incident Response (SP 800-86) | Helps organizations in handling computer security incidents. It also provides some practical guidance on performing computer and network forensics. |
WEB |
8/2006 |
Guide to Computer Security Log Management (SP 800-92) | Helps organizations develop, implement, and maintain effective processes for managing logs with security-related information. The guide explains how sound log management practices can support the overall security of an organization’s systems and information. |
WEB |
9/2006 |
Guide to Intrusion Detection and Prevention Systems (IDPS) (SP 800-94) | Provides a basis for designing, implementing, configuring, securing, monitoring, and maintaining intrusion detection and prevention systems including a wireless intrusion detection system. |
WEB |
2/2007 |
Technical Guide to Information Security Testing and Assessment (SP 800-115) | Assists organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing, implementing, and maintaining technical information security test and examination processes and procedures. |
WEB |
9/2008 |
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (SP 800-122) | The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. |
WEB |
4/2010 |
Guide for Security-Focused Configuration Management of Information Systems (SP 800-128) | The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and associated environments of operation. Configuration management concepts and principles described in NIST SP 800-128, provide supporting information for NIST SP 800-53, Recommended Security Controls for Federal Information Systems and Organizations. |
|
8/12/2011 |
Federal Information Processing Standard (FIPS) 140-2 (Security Requirements for Cryptographic Modules) | This publication series coordinates the requirements and standards for cryptography modules that include both hardware and software components. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. |
|
5/25/2001 |
Federal Information Processing Standard (FIPS) 199 (Standards for Security Categorization of Federal Information and Information Systems) | FIPS 199 establishes security categories of information systems used by the Federal Government, one component of risk assessment. FIPS 199, along with FIPS 200, are mandatory security standards as required by FISMA. |
|
2/2004 |
Federal Information Processing Standard (FIPS) 200 (Minimum Security Requirements for Federal Information and Information Systems) | FIPS 200 are the minimum security requirements for federal information and information systems. |
|
3/9/2006 |
Federal Information Processing Standard (FIPS) 201 (Personal Identity Verification (PIV) of Federal Employees and Contractors) | FIPS 201 is a standard that specifies Personal Identity Verification (PIV) requirements for federal employees and contractors. |
|
8/5/2013 |
National Institute of Standards and Technology (NIST) Special Publications | Special Publications in the 800 series (established in 1990) are of general interest to the computer security community. This series reports on ITL’s research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. |
WEB |
N/A |