This Guide identifies and describes the key characteristics that make up any effective risk assessment methodology, thus providing a common set of criteria for evaluating any given risk assessment methodology against a clearly defined common set of essent ...

A framework for businesses, non-profits, and governmental agencies. Considerations should include but not be limited to preventative, containment, and reactive practices and business policies. Key components include: 1. Data Classification 2. A ...

This document describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program (NCP) to find and retrieve checklists. The publication also describes the policies, procedures, and general requir ...

The FDIC, with the other FFIEC agencies, has issued the attached guidance, which describes updated supervisory expectations regarding customer authentication, layered security, and other controls in an increasingly hostile online environment. Financial in ...

The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, “Authentication in an Internet Banking Environment.” For banks offering Internet-based financial services, the guidance describes enhanced authentication ...

Asset identification plays an important role in an organization's ability to quickly correlate different sets of information about assets. NISTIR 7693 provides the necessary constructs to uniquely identify assets based on known identifiers and/or known in ...