Guide: FISMA Requirements

From FISMApedia
Revision as of 15:39, 6 October 2009 by DanPhilpott (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Federal Information Security Management Act of 2002 (FISMA)



Categorization of all information and information systems and minimum information security requirements for each category

NIST FIPS 200 Security Controls for Federal Information Systems
NIST FIPS 199 Standards for Security Categorization of Federal Information and Information Systems
NIST SP 800-18 Rev. 1 Guide for Developing Security Plans for Federal Information Systems
NIST SP 800-30 Risk Management Guide for Information Technology Systems
NIST SP 800-34 Contingency Planning Guide for Information Technology Systems
NIST SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems
NIST SP 800-37 Rev. 1 DRAFT Guide for Security Authorization of Federal Information Systems: A Security Lifecycle Approach
NIST SP 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST SP 800-53A Guide for Assessing the Security Controls in Federal Information Systems
NIST SP 800-53 Rev. 1 Recommended Security Controls for Federal Information Systems
NIST SP 800-53 Rev. 2 Recommended Security Controls for Federal Information Systems
NIST SP 800-53 Rev. 3 Recommended Security Controls for Federal Information Systems and Organizations
NIST SP 800-60 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes) - Volume 1: Guide Volume 2: Appendices
NIST SP 800-70 Rev. 1 National Checklist Program for IT Products--Guidelines for Checklist Users and Developers
NIST SP 800-76-1 Biometric Data Specification for Personal Identity Verification
NIST SP 800-78-1 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
NIST SP 800-117 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP)
NIST SP 800-126 DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP)
NIST IR 7328 DRAFT Security Assessment Provider Requirements and Customer Responsibilities: Building a Security Assessment Credentialing Program for Federal Information Systems
NIST IR 7516 Forensic Filtering of Cell Phone Protocols
ITL 1999-04 Guide for Developing Security Plans for Information Technology Systems
ITL 2006-03 Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce
ITL 2006-06 Domain Name System (DNS) Services: NIST Recommendations For Secure Deployment


Identification of an information system as a national security system

NIST SP 800-53 Rev. 1 Recommended Security Controls for Federal Information Systems
NIST SP 800-53 Rev. 2 Recommended Security Controls for Federal Information Systems
NIST SP 800-53 Rev. 3 Recommended Security Controls for Federal Information Systems and Organizations
NIST SP 800-59 Guideline for Identifying an Information System as a National Security System
NIST ITL 2006-04 Protecting Sensitive Information Transmitted in Public Networks
NIST ITL 2006-05 An Update On Cryptographic Standards, Guidelines, And Testing Requirements
NIST ITL 2006-06 Domain Name System (DNS) Services: NIST Recommendations For Secure Deployment


Detection and handling of information security incidents

NIST FIPS 140-1 FIPS 140-1: Security Requirements for Cryptographic Modules
NIST FIPS 140-2 Security Requirements for Cryptographic Modules
NIST FIPS 140-3 DRAFT Security Requirements for Cryptographic Modules
NIST FIPS 180-3 Secure Hash Standard (SHS)
NIST FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC)
NIST SP 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST SP 800-48 Rev. 1 Guide to Securing Legacy IEEE 802.11 Wireless Networks
NIST SP 800-51 Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
NIST SP 800-53 Rev. 1 Recommended Security Controls for Federal Information Systems
NIST SP 800-53 Rev. 2 Recommended Security Controls for Federal Information Systems
NIST SP 800-53 Rev. 3 Recommended Security Controls for Federal Information Systems and Organizations
NIST SP 800-54 Border Gateway Protocol Security
NIST SP 800-61 Computer Security Incident Handling Guide
NIST SP 800-61 Rev. 1 Computer Security Incident Handling Guide
NIST SP 800-63 Version 1.0.2 Electronic Authentication Guideline
NIST SP 800-76-1 Biometric Data Specification for Personal Identity Verification
NIST SP 800-78-1 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
NIST SP 800-83 Guide to Malware Incident Prevention and Handling
NIST SP 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response
NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
NIST SP 800-98 Guidelines for Securing Radio Frequency Identification (RFID) Systems
NIST SP 800-101 Guidelines on Cell Phone Forensics
NIST SP 800-103 DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
NIST SP 800-104 A Scheme for PIV Visual Card Topography
NIST SP 800-106 Randomized Hashing for Digital Signatures
NIST SP 800-107 Recommendation for Applications Using Approved Hash Algorithms
NIST SP 800-111 Guide to Storage Encryption Technologies for End User Devices
NIST SP 800-113 Guide to SSL VPNs
NIST SP 800-114 User's Guide to Securing External Devices for Telework and Remote Access
NIST SP 800-117 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP)
NIST SP 800-126 DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP)
NIST SB 2005-12 Preventing and Handling Malware Incidents: How To Protect Information Technology Systems From Malicious Code and Software
NIST ITL 2005-12 Preventing And Handling Malware Incidents: How To Protect Information Technology Systems From Malicious Code And Software
NIST ITL 2006-04 Protecting Sensitive Information Transmitted in Public Networks
NIST ITL 2006-05 An Update On Cryptographic Standards, Guidelines, And Testing Requirements
NIST ITL 2006-08 Protecting Sensitive Information Processed And Stored In Information Technology (IT) Systems
NIST ITL 2006-09 Forensic Techniques: Helping Organizations Improve Their Responses To Information Security Incidents
NIST ITL 2006-10 Log Management: Using Computer And Network Records To Improve Information Security
NIST ITL 2006-12 Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs
NIST ITL 2007-01 Security Controls For Information Systems: Revised Guidelines Issued By NIST
NIST ITL 2007-02 Intrusion Detection And Prevention Systems
NIST ITL 2007-04 Securing Wireless Networks
NIST ITL 2007-05 Securing Radio Frequency Identification (RFID) Systems
NIST ITL 2007-06 Forensic Techniques for Cell Phones


Manage security incidents

NIST SP 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST SP 800-51 Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
NIST SP 800-53 Rev. 1 Recommended Security Controls for Federal Information Systems
NIST SP 800-53 Rev. 2 Recommended Security Controls for Federal Information Systems
NIST SP 800-53 Rev. 3 Recommended Security Controls for Federal Information Systems and Organizations
NIST SP 800-54 Border Gateway Protocol Security
NIST SP 800-61 Computer Security Incident Handling Guide
NIST SP 800-61 Rev. 1 Computer Security Incident Handling Guide
NIST SP 800-83 Guide to Malware Incident Prevention and Handling
NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response
NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
NIST SP 800-101 Guidelines on Cell Phone Forensics
NIST SP 800-122 DRAFT Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
NIST ITL 2006-04 Protecting Sensitive Information Transmitted in Public Networks
NIST ITL 2006-05 An Update On Cryptographic Standards, Guidelines, And Testing Requirements
NIST ITL 2006-09 Forensic Techniques: Helping Organizations Improve Their Responses To Information Security Incidents
NIST ITL 2006-10 Log Management: Using Computer And Network Records To Improve Information Security
NIST ITL 2006-12 Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs
NIST ITL 2007-01 Security Controls For Information Systems: Revised Guidelines Issued By NIST
NIST ITL 2007-02 Intrusion Detection And Prevention Systems
NIST ITL 2007-06 Forensic Techniques for Cell Phones


Annual public report on activities undertaken in the previous year

NIST IR 7111 Computer Security Division 2003 Annual Report
NIST IR 7219 Computer Security Division 2004 Annual Report
NIST IR 7285 Computer Security Division 2005 Annual Report
NIST IR 7399 Computer Security Division 2006 Annual Report
NIST IR 7442 Computer Security Division 2007 Annual Report
NIST IR 7536 2008 Computer Security Division Annual Report


Original source for tables: Guide to NIST Security Documents.