Guidance and standards for application development lifecycles, secure coding, and other technical efforts.
A set of procedures and activities, which should be considered and/or performed during all aspects of analyzing, selecting, and implementing electronic document management systems. Also includes a categorization of relevant national and international stan ...
Applies to systems development efforts by the DoD its contractors. Sets forth baseline functional requirements for Records Management Application (RMA) software; defines required system interfaces and search criteria; and describes minimum of requirements
This document describes the formal schema of the Evaluation and Report Language (EARL) 1.0. The Evaluation and Report Language is a vocabulary to express test results. The primary motivation for developing this language is to facilitate the exchange of te ...
Helps financial services companies address control weaknesses in outsourced IT services. Coverage includes information security controls and audits, disaster recovery, vendor management, and cross-border considerations.
Guidance on the assessment and audit of application controls, relation of application controls to general controls, scoping of a risk-based control review, and execution of application control reviews. Developed for internal audit executives and auditors.
To encourage a more widespread adoption of interoperable health information technology, The American Recovery and Reinvestment Act of 2009 calls for the Office of the National Coordinator (ONC) for Health IT, in consultation with NIST, to recognize a prog ...
An framework for risk-sensitive secure software development. SAMM includes guidance on: 1) Evaluating an organization's existing software security practices; 2) Building a balanced software security program in well-defined iterations; 3) Demonstrating con ...