NIST SP 800-37 Appendix A
REFERENCE LAWS, DIRECTIVES, POLICIES, STANDARDS, AND GUIDELINES
- 1. Privacy Act of 1974 (Public Law 93-579), September 1975.
- 2. Paperwork Reduction Act of 1995 (Public Law 104-13), May 1995.
- 3. Information Technology Management Reform Act of 1996 (Public Law 104-106), August 1996.
- 4. Federal Information Security Management Act of 2002 (Public Law 107-347), December 2002.
- 5. OMB Circular A-130, Appendix III, Transmittal Memorandum #4, Management of Federal Information Resources, November 2000.
- 6. Federal Information Processing Standards (FIPS) 199, Standards for Security Categorization of Federal Information and information systems, December 2003.
- 7. Federal Information Processing Standards (FIPS) 200, Security Controls for Federal information systems (projected for publication December 2005).
- 8. Committee for National Security Systems Instruction 4009, National Information Assurance Glossary, revised May 2003.
- 9. NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems, December 1998.
- 10. NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001.
- 11. NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems, January 2002.
- 12. NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, June 2002.
- 13. NIST Special Publication 800-47, Security Guide for Interconnecting Information Technology Systems, September 2002.
- 14. NIST Special Publication 800-59, Guideline for Identifying an Information System as a National Security System, August 2003.
- 15. NIST Special Publication 800-50, Building an Information Technology Security Awareness and Training Program, October 2003.
- 16. NIST Special Publication 800-64, Security Considerations in the Information System Development Life Cycle, October 2003.
- 17. NIST Special Publication 800-53, Recommended Security Controls for Federal information systems (Initial public draft), October 2003.
- 18. NIST Special Publication 800-60, Guide for Mapping Information and Information Types to Security Objectives and Risk Levels (Second public draft), March 2004.
- 19. NIST Special Publication 800-61, Computer Security Incident Handling Guide, January 2004.
- 20. NIST Special Publication 800-53A, Guide for Assessing the Security Controls in Federal information systems (Initial public draft), Summer 2004.