Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] NIST details minimum security controls

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] NIST details minimum security controls
Date: Tue, 12 Oct 2004 01:20:04 -0500 (CDT) 
http://www.fcw.com/fcw/articles/2004/1011/web-nist-10-11-04.asp

By Florence Olsen 
Oct. 11, 2004

Guidelines for setting computer security controls to protect federal 
information systems are described in a new publication from the 
National Institute of Standards and Technology. NIST officials said 
the document forms the basis for security controls that will become 
mandatory in December 2005. 

The 88-page publication, known as Special Publication 800-53 [1],
spells out the minimum security controls that federal agency officials
must use to comply with the statutory requirements of the Federal
Information Security Management Act of 2002, which applies to all
federal information systems that are not national security systems.  
The document, which NIST officials released late last month, is the
second version of a draft that NIST officials revised after receiving
public comments.

The latest document, still not considered final, will be available 
until Nov. 30 for the public to review and submit additional 
suggestions for revision. NIST officials said they are especially 
interested in receiving comments about the cost and potential impact 
that the recommended computer security controls could have on federal 
agencies. 

The document describes not only technical controls, such as 
intrusion-detection tools, but also a multitude of recommended 
management and operational controls for safeguarding the 
confidentiality, integrity and availability of federal information and 
the systems that provide that information.

Recommended controls vary, depending on the importance of a particular 
information system to an agency's mission. But the list is extensive 
and includes 17 categories of security controls. Among them are access 
and audit controls, configuration management, user identification and 
authentication, and media protection.

The guidelines suggest that minimum security controls required for 
broad classes of information systems, whether they are classified as 
high, moderate or low-risk, can be centrally managed and the costs 
amortized across multiple systems.

[1] http://csrc.nist.gov/publications/drafts/SP800-53-Draft2nd.pdf



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] NIST details minimum security controls, InfoSec News <=
Previous by Date:  [ISN] Top Korean Hacker Arrested, InfoSec News
Next by Date:  [ISN] Push Microsoft for W2K security, Gartner says, InfoSec News
Previous by Thread:  [ISN] Top Korean Hacker Arrested, InfoSec News
Next by Thread:  [ISN] Push Microsoft for W2K security, Gartner says, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]