slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources PowerPoint Presentation
Download Presentation
NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources

Loading in 2 Seconds...

play fullscreen
1 / 12

NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources - PowerPoint PPT Presentation


  • 750 Views
  • Uploaded on

NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources. Marianne Swanson Computer Security Division Information Technology Laboratory NIST. Topics. Self-Assessment Framework & Guidance Document Other NIST documents & resources. History.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources' - stillman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources

Marianne Swanson

Computer Security Division

Information Technology Laboratory

NIST

topics
Topics
  • Self-Assessment Framework & Guidance Document
  • Other NIST documents & resources
history
History
  • CIO Council IT Security Assessment Framework
  • Government Information Security Reform Act
  • Federal Information Management Act
description of guide
Description of Guide
  • Framework - groundwork for standardizing and measuring IT security
    • Five levels of effectiveness
    • Criteria for implementing each level
  • Assessment Guide - builds on the Framework
  • Questions directed at the system
description continued
Description - continued
  • Specific control objectives and techniques that a system can be measured against
  • Blending requirements and guidance from GAO’s FISCAM and NIST guidance documents
nist guidance it security management
NIST Guidance – IT Security Management
  • Introduction to Computer Security: The NIST Handbook (NIST SP 800-12)
  • Guide for Developing Security Plans for IT Systems (NIST SP 800-18)
  • Risk Management Guide (NIST SP 800-30)
  • Contingency Planning Guide (NIST SP 800-34)
nist guidance it security management cont
NIST Guidance – IT Security Management (cont.)
  • Certification and Accreditation Guide (coming soon)
  • Minimum Security Controls (coming soon)
  • Security Metrics (coming soon)
  • http://csrc.nist.gov
icat vulnerability index
ICAT Vulnerability Index
  • Over 5000 vulnerabilities
  • Fine grained search engine
  • Links to vulnerability and patch information

http://icat.nist.gov

federal agency security practices
Federal Agency Security Practices
  • Three areas on the web site
    • Agency practices
    • FAQ
    • Original BSP pilot submission
  • Hosted by the Federal Computer Security Program Managers’ Forum
  • http://csrc.nist.gov/fasp
agency practices
Agency Practices
  • No special format submission is required
  • Send documents as an e-mail attachment
  • We require title of file and name of agency submitting
  • Contact information is optional
  • Files can be generic with no agency identifiers – NIST will do that for the agency if wanted
  • Need agencies to send what they have – the more the better
slide11
FAQ
  • Questions generated by the Forum over the past three years
  • Categorized by topic area
  • Questions answered primarily through the Forum e-mail and additional information provided by NIST
  • FAQ will be added to as questions occur
contact information
Contact Information

Marianne Swanson301-975-3293marianne.swanson@nist.gov