Guide: OMB Circular A-130 Requirements
OMB Circular A-130: Management Of Federal Information Resources, Appendix III: Security Of Federal Automated Information Resources
Contents
Assess risks
| NIST FIPS 199 | Standards for Security Categorization of Federal Information and Information Systems |
|---|---|
| NIST SP 800-44 Version 2 | Guidelines on Securing Public Web Servers |
| NIST SP 800-48 Rev. 1 | Guide to Securing Legacy IEEE 802.11 Wireless Networks |
| NIST SP 800-53 Rev. 1 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 2 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 3 | Recommended Security Controls for Federal Information Systems and Organizations |
| NIST SP 800-54 | Border Gateway Protocol Security |
| NIST SP 800-63 Version 1.0.2 | Electronic Authentication Guideline |
| NIST SP 800-78-1 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| NIST SP 800-88 | Guidelines for Media Sanitization |
| NIST SP 800-94 | Guide to Intrusion Detection and Prevention Systems (IDPS) |
| NIST SP 800-98 | Guidelines for Securing Radio Frequency Identification (RFID) Systems |
| NIST SP 800-101 | Guidelines on Cell Phone Forensics |
| NIST SP 800-103 | DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation |
| NIST SP 800-106 | Randomized Hashing for Digital Signatures |
| NIST SP 800-107 | Recommendation for Applications Using Approved Hash Algorithms |
| NIST SP 800-111 | Guide to Storage Encryption Technologies for End User Devices |
| NIST SP 800-113 | Guide to SSL VPNs |
| NIST SP 800-118 | DRAFT Guide to Enterprise Password Management |
| NIST SP 800-122 | DRAFT Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) |
| NIST SP 800-126 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP) |
Certify and accredit systems
| NIST FIPS 200 | Minimum Security Requirements for Federal Information and Information Systems |
|---|---|
| NIST SP 800-37 | Guide for the Security Certification and Accreditation of Federal Information Systems |
| NIST SP 800-37 Rev. 1 | DRAFT Guide for Security Authorization of Federal Information Systems: A Security Lifecycle Approach |
| NIST SP 800-53 Rev. 1 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 2 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 3 | Recommended Security Controls for Federal Information Systems and Organizations |
| NIST SP 800-63 Version 1.0.2 | Electronic Authentication Guideline |
| NIST SP 800-78-1 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| NIST SP 800-88 | Guidelines for Media Sanitization |
| NIST SP 800-117 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) |
| NIST SP 800-126 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP) |
| NIST ITL 2006-03 | Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce |
Develop contingency plans and procedures
| NIST SP 800-34 | Contingency Planning Guide for Information Technology Systems |
|---|---|
| NIST SP 800-44 Version 2 | Guidelines on Securing Public Web Servers |
| NIST SP 800-46 | Security for Telecommuting and Broadband Communications |
| NIST SP 800-46 Rev. 1 | Guide to Enterprise Telework and Remote Access Security |
| NIST SP 800-53 Rev. 1 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 2 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 3 | Recommended Security Controls for Federal Information Systems and Organizations |
| NIST SP 800-88 | Guidelines for Media Sanitization |
| NIST SP 800-98 | Guidelines for Securing Radio Frequency Identification (RFID) Systems |
| NIST SP 800-101 | Guidelines on Cell Phone Forensics |
Manage system configurations and security throughout the system development life cycle
| NIST SP 800-34 | Contingency Planning Guide for Information Technology Systems |
|---|---|
| NIST SP 800-44 Version 2 | Guidelines on Securing Public Web Servers |
| NIST SP 800-46 Rev. 1 | Guide to Enterprise Telework and Remote Access Security |
| NIST SP 800-53 Rev. 1 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 2 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 3 | Recommended Security Controls for Federal Information Systems and Organizations |
| NIST SP 800-54 | Border Gateway Protocol Security |
| NIST SP 800-63 Version 1.0.2 | Electronic Authentication Guideline |
| NIST SP 800-64 Rev. 1 | Security Considerations in the Information System Development Life Cycle |
| NIST SP 800-64 Rev. 2 | Security Considerations in the System Development Life Cycle |
| NIST SP 800-68 Rev. 1 | Guide to Securing Microsoft Windows XP Systems for IT Professionals |
| NIST SP 800-70 | Security Configuration Checklists Program for IT Products: Guidance for Checklists Users and Developer |
| NIST SP 800-70 Rev. 1 | National Checklist Program for IT Products--Guidelines for Checklist Users and Developers |
| NIST SP 800-94 | Guide to Intrusion Detection and Prevention Systems (IDPS) |
| NIST SP 800-98 | Guidelines for Securing Radio Frequency Identification (RFID) Systems |
| NIST SP 800-106 | Randomized Hashing for Digital Signatures |
| NIST SP 800-107 | Recommendation for Applications Using Approved Hash Algorithms |
| NIST SP 800-111 | Guide to Storage Encryption Technologies for End User Devices |
| NIST SP 800-113 | Guide to SSL VPNs |
| NIST SP 800-118 | DRAFT Guide to Enterprise Password Management |
| NIST SP 800-123 | Guide to General Server Security |
| NIST SP 800-124 | Guidelines on Cell Phone and PDA Security |
| NIST SP 800-127 | DRAFT Guide to Security for Worldwide Interoperability for Microwave Access (WiMAX) Technologies |
| NIST IR 7316 | Assessment of Access Control Systems |
| NIST IR 7511 Rev. 1 | DRAFT Security Content Automation Protocol (SCAP) Version 1.0 Validation Program Test Requirements |
| NIST ITL 2008-10 | Keeping Information Technology (It) System Servers Secure: A General Guide To Good Practices |
Mandates agency-wide information security program development and implementation
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
|---|---|
| NIST SP 800-18 Rev.1 | Guide for Developing Security Plans for Federal Information Systems |
| NIST SP 800-44 Version 2 | Guidelines on Securing Public Web Servers |
| NIST SP 800-53 Rev. 1 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 2 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 3 | Recommended Security Controls for Federal Information Systems and Organizations |
| NIST SP 800-100 | Information Security Handbook: A Guide for Managers |
Conduct security awareness training
| NIST SP 800-16 | Information Technology Security Training Requirements: A Role- and Performance-Based Model |
|---|---|
| NIST SP 800-16 Rev. 1 | DRAFT Information Security Training Requirements: A Role- and Performance-Based Model |
| NIST SP 800-46 | Security for Telecommuting and Broadband Communications |
| NIST SP 800-50 | Building an Information Technology Security Awareness and Training Program |
| NIST SP 800-53 Rev. 1 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 2 | Recommended Security Controls for Federal Information Systems |
| NIST SP 800-53 Rev. 3 | Recommended Security Controls for Federal Information Systems and Organizations |
| NIST SP 800-78-1 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| NIST SP 800-104 | A Scheme for PIV Visual Card Topography |
Original source for tables: Guide to NIST Security Documents.
