National Institute of Standards and Technology (NIST) Standards
National Institute of Standards and Technology (NIST) Standards
SP Documents
Important SP Documents
-
SP 800-12 Rev. 1: An Introduction to Computer Security: The NIST Handbook
June 2017 | Page | PDF -
SP 800-14: Generally Accepted Principles and Practices for Security IT Systems
September 1996 | Page | PDF -
SP 800-53 Rev. 4: Security and Privacy Controls for Federal Information Systems and Organizations
April 2013 | Page | PDF -
SP 800-30 Rev. 1: Guide for Conducting Risk Assessments
September 2012 | Page | PDF -
SP 800-37 Rev. 1: Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
February 2010 | Page | PDF -
SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View
March 2011 | Page | PDF -
SP 800-18 Rev. 1: Guide for Developing Security Plans for Federal Information Systems
February 2006 | Page | PDF -
SP 800-27 Rev. A: Engineering Principles for Information Technology Security
June 2004 | Page | PDF -
SP 800-160 Vol. 1: Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
November 2016 | Page | PDF -
SP 800-30 Rev. 1: Guide for Conducting Risk Assessments
September 2012 | Page | PDF | EPUB -
SP 800-61 Rev. 2: Computer Security Incident Handling Guide
August 2012 | Page | PDF -
SP 800-64 Rev. 2: Security Considerations in the Information Systems Development Life CycleOctober 2008 | Page | PDF -
SP 800-100: Information Security Handbook: A Guide for Managers
October 2006 | Page | PDF
Federal Information Processing (FIPS) standards
-
FIPS 140: Security Requirement for Cryptographic Modules
Page | PDF -
FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors
Page | PDF
ISO Standards
- ISO/IEC 15408 – Evaluating Criteria for IT Security (Common Criteria)
- ISO/IEC 15408-1:2005
- ISO/IEC 15408-2:2008
- ISO/IEC 15408-3:2008
- ISO/IEC 21827:2008 – Systems Security Engineering Capability Maturity Model® (SSE-CMM®)
- ISO/IEC 25000:2005 – Software Engineering Product Quality
- ISO/IEC 27000:2009 – Information Security Management System (ISMS) Overview and Vocabulary
- ISO/IEC 27001:2005 – Information Security Management Systems Requirements
- ISO/IEC 27002:2005/Cor1:2007 – Code of Practice for Information Security Management
- ISO/IEC 27005:2008 - Information Security Risk Management
- ISO/IEC 27006:2007 – Requirements for Bodies Providing Audit and Certification of Information Security Management Systems
- ISO 28000:2007 - Specification for security management systems for the supply chain
PCI Standards
- Payment Card Industry Data Security Standard (PCI DSS)
- Payment Application Data Security Standard (PA-DSS)
Organization for the Advancement of Structured Information Standards (OASIS)
- Application Vulnerability Description Language (AVDL)
- Security Assertion Markup Language (SAML)
- eXtensible Access Control Markup Language (XACML)
- Key Management Interoperability Protocol (KMIP) Specification
- Universal Description, Discovery and Integration (UDDI)
- Web Services (WS-*) Security