Information Security:
Standards Organizations
- American National Standards Institute (ANSI)
[www.ansi.org] — is a private, non-profit organization
that administers and coordinates the U.S. voluntary standardization and conformity
assessment system. Note that the standards are not free.
- IHS Markit [global.ihs.com] —
sells electronic and paper copies of all ANSI, ISO, as well as numerous government
standards. Thousands of standards on "Security" are available.
For example, the Cyber Security Policy Guidebook, 2012 Edition, dated 1 Apr 2012,
by John Wiley and Sons is 288 pages long and is priced at $88.00.
- British Standards Institute (BSi)
[www.bsi-global.com] — Over a century old, BSi pioneered
the development of the first recognized standards for quality management systems. Today BSi
has a staff of over 4,500 operating in 193 countries.
- Center for Internet Security (CIS)
[www.cisecurity.org] —
The CIS releases free security benchmarks that come with tools to measure compliance.
These benchmarks and tools are widely adopted and have become important products of DHS-sponsored
public/private partnerships.
- Institute of Electrical and Electronic Engineers (IEEE)
[www.ieee.org] — The IEEE Standards Association is a membership
organization that produces standards that are developed and used internationally.
- IEEE standards that relate to Security
[http://odysseus.ieee.org]
— This online site provides over 140 security-related standards to members who
subscribe to this service.
- International Information Systems Security Certification Consortium, Inc. (ISC)2
[www.isc2.org] —
The organization that sponsors and grants Certified Information Systems Security
Professional (CISSP) status to qualified individuals.
- International Organization for Standardization (ISO)
[www.iso.ch] —
is A non-governmental worldwide federation established in 1947 and made up of the
national standards organizations from 145 countries.
- Internet Architecture Board (IAB)
[www.iab.org/] —
The responsibilities of this committee of the Internet Engineering Task Force (IETF)
include oversight of the process used to create Internet standards, editorial management
and publication of the Request for Comments (RFC) document series, and
administration of the Internet Assigned Numbers Authority (IANA).
- Internet Assigned Numbers Authority (IANA) index to numbers
[www.iana.org/numbers.html] —
This IANA site houses the protocol standards necessary for the operation of the
Internet and its future development.
- National Institute of Standards and Technology (NIST)
[csrc.nist.gov/] —
The U.S. government organization responsible for defining standards to protect and assure
the security of sensitive but unclassified data within government agencies. The
Computer Security Division (CSD) is one of eight divisions within NIST's Information
Technology Laboratory.
- Computer Security Resource Center (CSRC)
[
csrc.nist.gov/publications/nistpubs/index.html] —
This NIST CSRC website provides a long list of available NIST security publications.
Most of these are online and in NIST's Special Publications 800 (SP 800-nn) series.
- Guide to NIST Information Security Documents
[
csrc.nist.gov/publications] —
This Guide is to make NIST IS documents more accessible, especially to newcomers.
It lists documents by type, number, family, and legal requirement.
- Guide for Developing Security Plans for Federal Information Systems, Revision 1 (SP 800-18)
[
csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf]
— Considered to be an improvement over the earlier version, this version nevertheless may
lack some specifics federal agencies need to write adequate security plans. February 2006
- Guidelines for Securing Radio Frequency Identification (RFID) Systems (SP 800-98)
[
csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf]
— Provides an overview of RFID technology and focuses on security controls that are
commercially available today. Directed at government and other organizations, such as hospitals,
these guidelines will help them review and improve privacy and while reducing security risks
associated with RFID technology. April 2007
- National Checklist Program (NCP)
[
nvd.nist.gov/ncp/repository?"]
—
is the U.S. government's repository of publicly available security checklists (or benchmarks) that provide
detailed low level guidance on setting the security configuration of operating systems and applications.
NCP provides metadata and links to checklists of various formats including checklists that conform to the
Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically
perform configuration checking using NCP checklists.
- Federal Desktop Core Configuration (FDCC)
[
csrc.nist.gov/fdcc/]
— As directed by OMB and in collaboration with DHS, DISA, NSA, USAF, and Microsoft,
NIST provides resources to help agencies test, implement, and deploy the Microsoft Windows
XP and the FDCC baseline. August 2007
- Other Federal Information Processing Standards
[
csrc.nist.gov/publications/fips/index.html]
— See this index for other FIPS documents.
- National Security Agency | Central Security Service (NSA|CSS)
[www.nsa.gov]
—
is the U.S. government agency responsible for protecting classified data within government agencies —
and is the world leader in cryptology — the art and science of making and breaking codes.
NSA|CSS provides the solutions, products, and services to achieve information assurance for information
infrastructures critical to U.S. national security interests. It leads the U.S. Government
in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products
and services, and enables Computer Network Operations (CNO) gain a decision advantage for the Nation and
our allies under all circumstances.
The CSS was established in 1972 to promote full partnership between NSA and
the Service Cryptologic Components of the U.S. Armed Forces.
This new command created a more unified cryptologic effort by combining NSA and CSS.
The Director of NSA is also the Chief of CSS.
Next Page