Guide for Developing Security Plans for Federal Information : The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice. The protection of a system must be documented in a system security plan. The completion of system security plans is a requirement of the Office of Management and Budget (OMB) Circular A-130, "Management of Federal Information Resources," Appendix III, "Security of Federal Automated Information Resources," and Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA), The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements.
Guide for Conducting Risk Assessments: To provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance in Special Publication 800-39. Risk assessments, carried out at all three tiers in the risk management hierarchy, are part of an overall risk management process—providing senior leaders/executives with the information needed to determine appropriate courses of action in response to identified risks
Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy: This publication describes the Risk Management Framework (RMF) and provides guidelines for applying the RMF to information systems and organizations.
Security and Privacy Controls for Information Systems and Organizations: This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks
Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans: This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations.
Guide for Mapping Types of Information and Information Systems to Security Categories :Title III of the E-Government Act, titled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST to develop (1) standards to be used by all Federal agencies to categorize information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels; and (2) guidelines recommending the types of information and information systems to be included in each such category.
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule :An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security Rule, was written to help educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule, direct readers to helpful information in other NIST publications on individual topics the HIPAA Security Rule addresses, and aid readers in understanding the security concepts discussed in the HIPAA Security Rule. This publication does not supplement, replace, or supersede the HIPAA Security Rule itself.
Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations - The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness of deployed security controls.
Managing Information Security Risk: Organization, Mission, and Information System View : The purpose of Special Publication 800-39 is to provide guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems
Standards for Security Categorization of Federal Information and Information Systems : The purpose of this document is to provide a standard for categorizing federal information and information systems according to an agency's level of concern for confidentiality, integrity, and availability and the potential impact on agency assets and operations should their information and information systems be compromised through unauthorized access, use, disclosure, disruption, modification, or destruction.
Minimum Security Requirements for Federal Information and Information Systems : FIPS 200 is the second standard that was specified by the Information Technology Management Reform Act of 1996 (FISMA). It is an integral part of the risk management framework that the National Institute of Standards and Technology (NIST) has developed to assist federal agencies in providing levels of information security based on levels of risk. FIPS 200 specifies minimum security requirements for federal information and information systems and a risk-based process for selecting the security controls necessary to satisfy the minimum requirements.
For More information regarding NIST SP you can always visit their website directly at www.nist.gov
Copyright © 2021 Ram Tech - All Rights Reserved.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.