314 KB | 3 files | PDF, DOC
This research guide specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements.
The E-Government Act of 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act tasked NIST with the responsibility of developing security standards and guidelines for the federal government including the development of standards for categorizing information and information systems collected or maintained by or on behalf of each federal agency based on the objectives of providing appropriate levels of information security according to a range of risk levels; guidelines recommending the types of information and information systems to be included in each category; and minimum information security requirements for information and information systems in each such category.
This research guide specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. This standard will promote the development, implementation, and operation of more secure information systems within the federal government by establishing minimum levels of due diligence for information security and facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems that meet minimum security requirements.
The attached Zip file includes:
This excerpt focuses on the conceptual aspects of defect management, including the basic concepts of a defect, how to manage defects, and an analysis of the root causes of defects. ... More >>
This document makes recommendations for how users and developers should select checklists from the NIST National Checklist Repository, evaluate and test checklists, and apply them to IT products. ... More >>
This publication is intended to assist organizations in understanding the basics of application whitelisting. It also explains planning and implementation for whitelisting technologies throughout the security deployment lifecycle. ... More >>