Guide: Risk Assessment Topic Cluster

From FISMApedia
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Risk Assessment



A collection of documents that assists in identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact.

NIST FIPS 199 Standards for Security Categorization of Federal Information and Information Systems
NIST FIPS 191 Guideline for The Analysis of Local Area Network Security
NIST SP 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
NIST SP 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories
NIST SP 800-51 Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
NIST SP 800-48 Wireless Network Security: 802.11, Bluetooth, and Handheld Devices
NIST SP 800-47 Security Guide for Interconnecting Information Technology Systems
NIST SP 800-42 Guideline on Network Security Testing
SP 800-40, Ver 2 Creating a Patch and Vulnerability Management Program
NIST SP 800-37 Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems
NIST SP 800-30 Risk Management Guide for Information Technology Systems
NIST SP 800-28 Guidelines on Active Content and Mobile Code
NIST SP 800-26 Security Self-Assessment Guide for Information Technology Systems
NIST SP 800-23 Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
NIST SP 800-21 Rev 1 Guideline for Implementing Cryptography in the Federal Government
NIST SP 800-19 Mobile Agent Security
NIST IR 7316 Assessment of Access Control Systems
NIST IR 6981 Policy Expression and Enforcement for Handheld Devices
NIST SB 2006-02 Creating A Program To Manage Security Patches and Vulnerabilities: NIST Recommendations For Improving System Security
NIST SB 2005-10 National Vulnerability Database: Helping Information Technology System Users and Developers Find Current Information About Cyber Security Vulnerabilities
NIST SB 2005-05 Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process
NIST SB 2004-07 Guide For Mapping Types Of Information and Information Systems To Security Categories
NIST SB 2004-05 Guide For The Security Certification and Accreditation Of Federal Information Systems
NIST SB 2004-03 Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information and Information Systems
NIST SB 2004-01 Computer Security Incidents: Assessing, Managing, and Controlling The Risks
NIST SB 2003-11 Network Security Testing
NIST SB 2003-02 Secure Interconnections for Information Technology Systems
NIST SB 2002-10 Security Patches and The CVE Vulnerability Naming Scheme: Tools To Address Computer System Vulnerabilities
NIST SB 2002-02 Risk Management Guidance For Information Technology Systems
NIST SB 2001-09 Security Self-Assessment Guide for Information Technology Systems


Original source for tables: Guide to NIST Security Documents.