229 KB | 3 files | PDF, DOC
Your network and client systems are always in a state of flux, so you need a baseline to ensure these systems communicate in a secure manner. This research note will help you establish a security baseline for your network.
An information system is composed of many components that can be interconnected in a multitude of arrangements to meet a variety of business, mission and information security needs. How these information system components are networked, configured and managed is critical in providing adequate information security and supporting an organization's risk management process.
An information system is typically in a constant state of change in response to new or enhanced hardware and software capability, patches for correcting errors to existing components, new security threats and changing business functions. Implementing information system changes almost always results in some adjustment to the system baseline configuration. To ensure that the required adjustments to the system configuration do not adversely affect the information system security, a well-defined security configuration management process is needed.
This security configuration management publication is intended to provide guidelines for organizations responsible for managing and administrating the security of federal information system computing environments. For organizations responsible for the security of information processed, stored and transmitted by external or service-oriented computing environments (e.g., cloud computing environment providers), the security configuration management concepts and principles presented here can aid organizations in establishing assurance requirements for suppliers providing external computing services.
The attached Zip file includes:
The excerpt from chapter three addresses issues that should be considered before you decide to outsource, including security and privacy impacts and secure communication via telephone, email, mobile and smartphones, instant messaging and traditional mail. ... More >>
This publication presents a methodology for assigning authentication strengths based on the strength of pair wise bindings between the five entities involved in smart card based authentications. ... More >>
The Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. ... More >>