314 KB | 3 files | PDF, DOC
This research guide specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements.
The E-Government Act of 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act tasked NIST with the responsibility of developing security standards and guidelines for the federal government including the development of standards for categorizing information and information systems collected or maintained by or on behalf of each federal agency based on the objectives of providing appropriate levels of information security according to a range of risk levels; guidelines recommending the types of information and information systems to be included in each category; and minimum information security requirements for information and information systems in each such category.
This research guide specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. This standard will promote the development, implementation, and operation of more secure information systems within the federal government by establishing minimum levels of due diligence for information security and facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems that meet minimum security requirements.
The attached Zip file includes:
This publication is intended to assist organizations in understanding the basics of application whitelisting. It also explains planning and implementation for whitelisting technologies throughout the security deployment lifecycle. ... More >>
This publication assists organizations in understanding the basics of SSH interactive and automated access management in an enterprise, focusing on the management of SSH user keys. ... More >>
In this excerpt, Pooley focuses on managing your information assets, specifically looking at how to keep them safe, stay out of trouble, and maximize their utility in your business. ... More >>