Guidelines for incident handling, particularly for analyzing incident-related data and determining the appropriate response to each incident.

US federal guidance on managing a continuous supply of log data; managing log generation and storage; protecting the confidentiality, integrity, and availability of logs; and performing effective analysis of log data.

US federal standard for installing, configuring, and maintaining secure servers

US federal guidelines for the development, selection, and implementation to be used at information system and program levels to assess the effectiveness of security controls.

US federal guideline describing three types of solutions: full disk encryption, volume and virtual disk encryption, and file/folder encryption. Recommendations for implementing and using each type.

Describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them.

This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recomm ...

The draft Federal Information Processing Standard (FIPS)180-4 is a proposed revision of FIPS 180-3. Draft FIPS 180-4 adds a general procedure for creating an initialization hash value and two additional secure hash algorithms: SHA-512/224 and SHA-512/256, ...

As part of the ongoing initiative to develop a unified information security framework for the federal government and its contractors, NIST has included security controls in its catalog for both national security and non national security systems. The upda ...

This document includes most of the current terms & definitions used in NIST information security publications and those in the CNSS Instruction # 4009 (Glossary of Information Assurance terms). The document is meant to be a reference for Federal gover ...

NIST Special Publication 800-125 discusses security concerns associated with full virtualization technologies for server and desktop systems, and gives recommendations for addressing these concerns.

US federal standard describing technologies and features of SSL VPNs, how SSL fits within the context of layered network security, and a phased approach to SSL VPN planning and implementation.

Asset identification plays an important role in an organization's ability to quickly correlate different sets of information about assets. NISTIR 7693 provides the necessary constructs to uniquely identify assets based on known identifiers and/or known in ...