« JIPDEC&リクルートActOnBB 個人情報保護法ビデオ ストリーミング | Main | ChoicePoint事件の余波 »

2005.03.02

NIST releases final security guidelines

 こんにちは、丸山満彦です。米国の標準技術局(NIST:National Institute of Standards and Technology)がSP800-53FIPS-201をリリースしたようですね・・・SP800-53はFISMAのSupport Documentのひとつですね。

 
■NIST News Release 2005.02.28

■NIST (National Institute of Standards and Technology )NIST Computer Security Division: Computer Security Resource Center (CSRC)
■800 Series
■800-53 Recommended Security Controls for Federal Information Systems(PDF:1.8MB)
■FIPS(Federal Information Processing Standards)
■FIPS 201 Personal Identity Verification for Federal Employees and Contractors (1.0MB)


備忘録っていうことで・・・

【Information Security Program】

■Security Planning
Documents the security requirements and security controls planned or in place for the protection of information and information systems
>>SP 800-18 Guide for Developing Security Plans for Information Technology Systems (PDF : 306KB)


■Risk Assessment
Analyzes the threats to and Vulnerabilities of information systems and the potential impact of magnitude of harm that the loss of confidentiality, integrity, or availability would have on an agency’s operations and assets
>>SP 800-30 Risk Management Guide for Information Technology Systems (PDF : 479KB)

■Categorization of Information and Information System
Defines categories of information and information systems according to levels of risk for confidentiality, integrity, and availability; maps information types to security categories
>>FIPS 199 Standards for Security Categorization of Federal Information and Information Systems (PDF : 60KB)
>>SP 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories
Vol.1(PDF : 444KB) Vol.2 (PDF : 2,003KB)

■Security Control Selection and Implementation
Management, operational, and technical controls (i.e., safeguards and countermeasures) panned or in place to protect information and information systems
>>SP 500-53 Recommended Security Controls for Federal Information Systems (PDF : 1,815KB)
>>FIPS 200 Minimum Security Controls for Federal Information Systems (expected to publish in the fall of 2005)

■Verification of Security Control Effectiveness (Certification)
Measure the effectiveness of the security controls associated with information systems through security testing and evaluation
>>SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems (PDF : 738KB)
>>SP 800-53A Guide for Assessing the Security Controls in Federal Information Systems (expected to publish in the spring of 2005)

■Security Authorization (Accreditation)
The authorization of information systems to process, store, or transmit information, granted by a senior agency official, based on the effectiveness of security controls and residual risk
>>SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems (PDF : 738KB)

|

« JIPDEC&リクルートActOnBB 個人情報保護法ビデオ ストリーミング | Main | ChoicePoint事件の余波 »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/3141692

Listed below are links to weblogs that reference NIST releases final security guidelines:

« JIPDEC&リクルートActOnBB 個人情報保護法ビデオ ストリーミング | Main | ChoicePoint事件の余波 »