slide1 l.

Download Presentation

NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources

Loading in 2 Seconds...

play prev

play next

play fullscreen

1 / 12

NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources - PowerPoint PPT Presentation

stillman

By stillman
Follow User

757 Views
Uploaded on Apr 16, 2012

Description
Report

NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources. Marianne Swanson Computer Security Division Information Technology Laboratory NIST. Topics. Self-Assessment Framework & Guidance Document Other NIST documents & resources. History.

Download Presentation

NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

NIST Special Publication 800-26, “Security Self-Assessment Guide for IT Systems” and Other NIST Resources

Marianne Swanson

Computer Security Division

Information Technology Laboratory

NIST

topics

Self-Assessment Framework & Guidance Document
Other NIST documents & resources

history

CIO Council IT Security Assessment Framework
Government Information Security Reform Act
Federal Information Management Act

description of guide

Description of Guide

Framework - groundwork for standardizing and measuring IT security

Five levels of effectiveness
Criteria for implementing each level

Assessment Guide - builds on the Framework
Questions directed at the system

description continued

Description - continued

Specific control objectives and techniques that a system can be measured against
Blending requirements and guidance from GAO’s FISCAM and NIST guidance documents

nist guidance it security management

NIST Guidance – IT Security Management

Introduction to Computer Security: The NIST Handbook (NIST SP 800-12)
Guide for Developing Security Plans for IT Systems (NIST SP 800-18)
Risk Management Guide (NIST SP 800-30)
Contingency Planning Guide (NIST SP 800-34)

nist guidance it security management cont

NIST Guidance – IT Security Management (cont.)

Certification and Accreditation Guide (coming soon)
Minimum Security Controls (coming soon)
Security Metrics (coming soon)
http://csrc.nist.gov

icat vulnerability index

ICAT Vulnerability Index

Over 5000 vulnerabilities
Fine grained search engine
Links to vulnerability and patch information

http://icat.nist.gov

federal agency security practices

Federal Agency Security Practices

Three areas on the web site

Agency practices
FAQ
Original BSP pilot submission

Hosted by the Federal Computer Security Program Managers’ Forum
http://csrc.nist.gov/fasp

agency practices

Agency Practices

No special format submission is required
Send documents as an e-mail attachment
We require title of file and name of agency submitting
Contact information is optional
Files can be generic with no agency identifiers – NIST will do that for the agency if wanted
Need agencies to send what they have – the more the better

Questions generated by the Forum over the past three years
Categorized by topic area
Questions answered primarily through the Forum e-mail and additional information provided by NIST
FAQ will be added to as questions occur

contact information

Contact Information

Marianne Swanson301-975-3293marianne.swanson@nist.gov

Related Presentations
More by User