314 KB | 3 files | PDF, DOC
This research guide specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements.
The E-Government Act of 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act tasked NIST with the responsibility of developing security standards and guidelines for the federal government including the development of standards for categorizing information and information systems collected or maintained by or on behalf of each federal agency based on the objectives of providing appropriate levels of information security according to a range of risk levels; guidelines recommending the types of information and information systems to be included in each category; and minimum information security requirements for information and information systems in each such category.
This research guide specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. This standard will promote the development, implementation, and operation of more secure information systems within the federal government by establishing minimum levels of due diligence for information security and facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems that meet minimum security requirements.
The attached Zip file includes:
This publication presents a methodology for assigning authentication strengths based on the strength of pair wise bindings between the five entities involved in smart card based authentications. ... More >>
The Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. ... More >>
This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating a variety of attributes. ... More >>