image Home       image Fowles,       image Fitzgerald,       image r04 06 (9)       image R 22MP (3)       image 45 (3)       

Linki

[ Pobierz całość w formacie PDF ]
//-->NIST Special Publication 800-100Information SecurityHandbook: A Guide forManagersRecommendations of the NationalInstitute of Standards and TechnologyPauline BowenJoan HashMark WilsonINFORMATIONSECURITYComputer Security DivisionInformation Technology LaboratoryNational Institute of Standards and TechnologyGaithersburg, MD 20899-8930October 2006U.S. Department of CommerceCarlos M. Gutierrez, SecretaryTechnology AdministrationRobert Cresanti, Under Secretary of Commerce for TechnologyNational Institute of Standards and TechnologyWilliam Jeffrey, DirectorReports on Information Systems TechnologyThe Information Technology Laboratory (ITL) at the National Institute of Standards andTechnology promotes the U.S. economy and public welfare by providing technical leadership forthe Nation's measurement and standards infrastructure. ITL develops tests, test methods,reference data, proof-of-concept implementations, and technical analyses to advance thedevelopment and productive use of information technology. ITL's responsibilities include thedevelopment of management, administrative, technical, and physical standards and guidelinesfor the cost-effective security and privacy of nonnational-security-related information in federalinformation systems. This Special Publication 800 series reports on ITL's research, guidelines,and outreach efforts in information system security and its collaborative activities with industry,government, and academic organizations.iiiAuthorityThis document has been developed by the National Institute of Standards and Technology(NIST) in furtherance of its statutory responsibilities under the Federal Information SecurityManagement Act (FISMA) of 2002, Public Law 107-347.NIST is responsible for developing standards and guidelines, including minimum requirements,and for providing adequate information security for all agency operations and assets, but suchstandards and guidelines shall not apply to national security systems. This guideline is consistentwith the requirements of the Office of Management and Budget (OMB) Circular A-130, Section8b(3),Securing Agency Information Systems,as analyzed in A-130, Appendix IV:Analysis ofKey Sections.Supplemental information is provided A-130, Appendix III.This guideline has been prepared for use by federal agencies. It may also be used bynongovernmental organizations on a voluntary basis and is not subject to copyright regulations.(Attribution would be appreciated by NIST.)Nothing in this document should be taken to contradict standards and guidelines mademandatory and binding on federal agencies by the Secretary of Commerce under statutoryauthority. Nor should these guidelines be interpreted as altering or superseding the existingauthorities of the Secretary of Commerce, Director of the OMB, or any other federal official.Certain commercial entities, equipment, or materials may be identified in this document in orderto describe an experimental procedure or concept adequately. Such identification is not intendedto imply recommendation or endorsement by NIST, nor is it intended to imply that the entities,materials, or equipment are necessarily the best available for the purpose.AcknowledgementsNIST would like to thank the many people who assisted with the development of this handbook.NIST management officials who supported this effort include: Joan Hash, William C. Barker,Elizabeth Chew, and Matthew Scholl.The authors would like to thank Elizabeth Lennon, Alicia Clay, Elizabeth Chew, Richard Kissel,Carol Schmidt, Matthew Scholl, and Patricia Toth who assisted with reviewing this Handbookand provided comments and suggestions for improvement.Additional drafters of Handbook chapters include:Ron Ross, Tim Grance, and Marianne Swanson, NIST.Nadya Bartol, Joe Nusbaum, Laura Prause, Will Robinson, Karen Kent, and RandyEwell, BAH,In addition, special thanks are due those contractors who helped craft the Handbook, preparedrafts, and review materials:Nadya Bartol of Booz, Allen, Hamiliton (BAH), served as Project Manager for BAH onthis project. In addition, many BAH employees contributed to the Handbook, including:Anthony Brown, Linda Duncan, Gina Jamaldinian, Sedar Labarre, Ines Murphy, StevenPeck, Mike Kapetanovic, Michael Rohde, Jacob Tsizis, Aderonke Adeniji, and MargeSpanninger.The authors also gratefully acknowledge and appreciate the many contributions from individualsin the public and private sectors whose thoughtful and constructive comments improved thequality and usefulness of this publication.vErrataThe following changes have been incorporated into Special Publication 800-100.1. Chapter 10 Risk Management, Figure 10-1. Risk Management in the SystemSecurity Life Cycle diagram has been modified to remove numbers from diagramand to show the steps clearly in the risk management process in the system securitylife cycle.2. Chapter 10 Risk Management, Table 10-1. Risk Level Matrix has been modified tocorrect the math in the diagram.vi [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • zolka.keep.pl