Standards
NIST –
National Institute of Standards and Technology
800-14 NIST
SP – GAPP (Generally accepted principles and practices) for securing information
technology systems.
800-18
NIST – How to develop security plans
800-27
NIST SP – Baseline for achieving security, five lifecycle planning phases
(defined in 800-14) and 33 IT security principles including:
- · Initiation
- · Development/Acquisition
- · Implementation
- · Operation/Maintenance
- · Disposal
800-88
NIST – Guidelines for sanitation and disposition, prevents data remanence
800-122
NIST – Special publication – defines PII as any information that can be used to
trace a person’s identity such as SSN, name, DOB, place of birth, mother’s maiden
name
800-137
NIST – Build / Implement information security continuous monitoring program:
define, establish, implement, analyze, and report
800-145
NIST – Cloud computing
FIPS –
Federal Information Processing Standards: Official series of publications
relating to the standards and guidelines adopted under the FISMA: Federal
Information Security Management Act of 2002
FIPS 199
– Standards for categorizing information and information systems
FIPS 200
– Minimum security requirements for federal information and information systems.
DOD
8510.01 – Establishes DIACAP (DOD information assurance certification and accreditation
process.
ISO
15288 – International systems engineering standard covering processes and the
life cycle states:
- · Agreement
- · Organization Project-enabling
- · Technical Management
- · Technical
No comments:
Post a Comment