Guidelines for incident handling, particularly for analyzing incident-related data and determining the appropriate response to each incident.

US federal guidance on managing a continuous supply of log data; managing log generation and storage; protecting the confidentiality, integrity, and availability of logs; and performing effective analysis of log data.

US federal standard for installing, configuring, and maintaining secure servers

US federal guidelines for the development, selection, and implementation to be used at information system and program levels to assess the effectiveness of security controls.

US federal guideline describing three types of solutions: full disk encryption, volume and virtual disk encryption, and file/folder encryption. Recommendations for implementing and using each type.

Describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them.

A broad overview of information security program elements to assist US federal agency managers in understanding how to establish and implement an information security program.

This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recomm ...

This project supports the US Department of Homeland Security (DHS) Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of sof ...

Guidance on challenges related to integration of information security practices into Web service-based SOA design and development. Practical guidance on standards applicable to Web services and common security threats to SOAs based on Web services.

US federal guidelines for selecting and specifying security controls for information systems.

The draft Federal Information Processing Standard (FIPS)180-4 is a proposed revision of FIPS 180-3. Draft FIPS 180-4 adds a general procedure for creating an initialization hash value and two additional secure hash algorithms: SHA-512/224 and SHA-512/256, ...

NIST SP 800-144 provides an overview of the security and privacy challenges for public cloud computing and gives recommendations that organizations should consider when outsourcing data, applications, and infrastructure to a public cloud environment. ...

NIST Special Publication 800-125 discusses security concerns associated with full virtualization technologies for server and desktop systems, and gives recommendations for addressing these concerns.

This document includes most of the current terms & definitions used in NIST information security publications and those in the CNSS Instruction # 4009 (Glossary of Information Assurance terms). The document is meant to be a reference for Federal gover ...

US federal standard describing technologies and features of SSL VPNs, how SSL fits within the context of layered network security, and a phased approach to SSL VPN planning and implementation.

Asset identification plays an important role in an organization's ability to quickly correlate different sets of information about assets. NISTIR 7693 provides the necessary constructs to uniquely identify assets based on known identifiers and/or known in ...