Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.

Similar presentations


Presentation on theme: "NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division."— Presentation transcript:

1 NIST Special Publication , “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division Information Technology Laboratory NIST

2 Topics Self-Assessment Framework & Guidance Document Other NIST documents & resources

3 History CIO Council IT Security Assessment Framework Government Information Security Reform Act Federal Information Management Act

4 Description of Guide Framework - groundwork for standardizing and measuring IT security –Five levels of effectiveness –Criteria for implementing each level Assessment Guide - builds on the Framework Questions directed at the system

5 Description - continued Specific control objectives and techniques that a system can be measured against Blending requirements and guidance from GAO’s FISCAM and NIST guidance documents

6 NIST Guidance – IT Security Management Introduction to Computer Security: The NIST Handbook (NIST SP ) Guide for Developing Security Plans for IT Systems (NIST SP ) Risk Management Guide (NIST SP ) Contingency Planning Guide (NIST SP )

7 NIST Guidance – IT Security Management (cont.) Certification and Accreditation Guide (coming soon) Minimum Security Controls (coming soon) Security Metrics (coming soon)

8 ICAT Vulnerability Index Over 5000 vulnerabilities Fine grained search engine Links to vulnerability and patch information

9 Federal Agency Security Practices Three areas on the web site –Agency practices –FAQ –Original BSP pilot submission Hosted by the Federal Computer Security Program Managers’ Forum

10 Agency Practices No special format submission is required Send documents as an attachment We require title of file and name of agency submitting Contact information is optional Files can be generic with no agency identifiers – NIST will do that for the agency if wanted Need agencies to send what they have – the more the better

11 FAQ Questions generated by the Forum over the past three years Categorized by topic area Questions answered primarily through the Forum and additional information provided by NIST FAQ will be added to as questions occur

12 Contact Information Marianne Swanson


Download ppt "NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division."

Similar presentations


Ads by Google