NIST SP 800-18 R 1 February 2006 The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice. The protection of a system must be documented in a system security plan. The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all...
NIST SP 800-18 R 1 February 2006 The objective of system security planning is to improve protection of information system resources. All federal s...
NIST SP 800-39 March 2011 Organizational risk can include many types of risk (e.g., program management risk, investment risk, budgetary risk, legal liability risk, safety risk, inventory risk, supply chain risk, and security risk). Security risk related to the operation and use of information systems is just one of many components of organizational risk that senior leaders/executives address as part of their ongoing risk management responsibilities. Effective risk management requires that organizations operate in highly complex, interconnected environments using state-of-the-art and...
NIST SP 800-39 March 2011 Organizational risk can include many types of risk (e.g., program management risk, investment risk, budgetary risk, lega...
NIST SP 800-61 R 2 Aug 2012 Computer security incident response has become an important component of information technology (IT) programs. Because performing incident response effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources. This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. This publication provides guidelines for incident handling, particularly for analyzing incident-related data and determining...
NIST SP 800-61 R 2 Aug 2012 Computer security incident response has become an important component of information technology (IT) programs. Because...
NIST SP 800-60 August 2008 This guideline has been developed to assist Federal government agencies to categorize information and information systems. The guideline's objective is to facilitate application of appropriate levels of information security according to a range of levels of impact or consequences that might result from the unauthorized disclosure, modification, or use of the information or information system. This document includes two volumes, a basic guideline and a volume of appendices. Users should review the guidelines provided in Volume I, then refer to only that...
NIST SP 800-60 August 2008 This guideline has been developed to assist Federal government agencies to categorize information and information syste...
NIST SP 800-128 August 2011 An information system is typically in a constant state of change in response to new, enhanced, corrected, or updated hardware and software capabilities, patches for correcting software flaws and other errors to existing components, new security threats, changing business functions, etc. Implementing information system changes almost always results in some adjustment to the system configuration. To ensure that the required adjustments to the system configuration do not adversely affect the security of the information system or the organization from operation of...
NIST SP 800-128 August 2011 An information system is typically in a constant state of change in response to new, enhanced, corrected, or updated h...
NIST SP 1800-2c To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including buildings, equipment, information technology, and industrial control systems. They must authenticate authorized individuals to the devices and facilities to which they are giving access rights with a high degree of certainty. In addition, they need to enforce access control policies (e.g., allow, deny, inquire further) consistently, uniformly, and quickly across all of their resources. This project resulted from direct...
NIST SP 1800-2c To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their...