|
CoBIT (http://www.isaca.org/cobit.htm) - CoBIT has been developed as a generally applicable and accepted standard for good Information Technology (IUT) security and control practices that provides a reference framework for management, users, and IS audit, control and security practitioners.
Common Criteria for Information Technology Security Evaluation (CCITSE) (http://www.radium.ncsc.mil/tpep/library/ccitse/cc%5Fover.html) (www.commoncriteria.org)
In January 1996, the United States, United Kingdom, Germany, France, Canada, and the Netherlands released a jointly developed evaluation standard for a multi-national marketplace.
Chief Information Officers Council - Federal Best Security Practices (BSP’s) (http://www.cio.gov/index.cfm?function=documents§ion=best%20practices)
Department of Defense Trusted Computer System Evaluation Criteria (http://www.radium.ncsc.mil/tpep/library/rainbow/
5200.28%2DSTD.html)
The purpose is to provide technical hardware/firmware/software security criteria and associated technical evaluation methodologies in support of the overall ASP system security policy, evaluation and approval/accreditation responsibilities promulgated by DoD Directive 5200.28.
This publication is effective immediately and is mandatory for use by all DoD Components in carrying out ADP system technical security evaluation activities applicable to the processing and storage of classified and other sensitive DoD information and applications as set forth herein.
FAA Automated Information Systems and Telecommunications Security Functional Requirements (http://www.faa.gov/ait/funcreq/contents.htm)
This document addresses the minimum-security requirements for both tactical, operational systems, and administrative, agency infrastructure, support systems and the data processed within those systems. It examines how to implement these security requirements based on the various types of data that are processed, stored, or transmitted in those numerous environments, and provides guidance on selecting an appropriate suite of security features necessary to meet the minimum requirements.
Generally Accepted Information Security Principles sponsored by the Information Systems Security Association (GASSP)
(http://www.issa.org/gaisp/gaisp.html)
Handbook for Computer Security Incident Response Teams (CSIRTs) (http://www.sei.cmu.edu/publications/documents/98.reports/
98hb001/98hb001abstract.html)
This document provides guidance on the generic issues to consider when forming and operating a computer security incident response team (CSIRT). The document discusses the functions that make up the service; how those functions interrelate; and the tools, procedures, and the roles necessary to implement the service.
Internet Engineering Task Force (IETF) (http://www.ietf.org/rfc/rfc2196.txt?number=2196)
Site Security Handbook
ISO 17799 Community Portal (http://www.17799.com)
This portal publishes news, articles and other information related to the ISO17799 and BS7799 information security standard.
National Industrial Security Program Operating Manual (NISPOM) (http://www.dss.mil/isec/nispom.htm)
This replaces the Department of Defense Industrial Security Manual for Safeguarding Classified Information (dated 1991). Industrial security processes, which is based on threat analysis and risk management practices throughout the government.
- Dept. of Defense
- Dept. of Energy
- Nuclear Regulatory Commission
- Central Intelligence Agency
Privacy of Consumer Financial Information (regulation S-P) (http://www.sec.gov/rules/final/34-42974.htm)
The Securities and Exchange Commission is adopting Regulation S-P, privacy rules promulgated under section 504 of the Gramm-Leach-Bliley Act. Section 504 requires the Commission and other federal agencies to adopt rules implementing notice requirements and restrictions on financial institution’s ability to disclose non-public personal information about consumers. Under the GLBA, a financial institution must provide its customers with a notice of its privacy policies and practices, and must not disclose nonpublic personal information about a consumer to nonaffiliated third parties unless the institution provides certain information to the consumer and the consumer has not elected to opt out of the disclosure.
SysTrust (http://www.aicpa.org/assurance/systrust/princip.htm)
Principles and Criteria for Systems Reliability (AICPA), Version 2.0
Trusted Product Evaluation Program (http://www.radium.ncsc.mil/tpep/tpep.html)
|
