This website best viewed at 1024 x 768 minimum screen resolution

 

Home  Preparedness   The Mayflower  Go Navy  Education  Photography  Videos  Our World   Computers

~ Federal Information Systems ~

Certification and Accreditation and Information Assurance Resources

FISMA   NIST   FIPS   OMB   Other

The purpose of this page is to provide a quick reference, or "cheat sheet" for the various publications and regulations that govern the information assurance aspects of federal information systems.  There are numerous publications dealing with information assurance and certification and accreditation of federal systems.  Below is a listing of the most commonly used documents as well as the links to where they can be found.

This document will be dynamic, as NIST publications, OMB memos and other documents are released and can change frequently.  Be sure to check back often for updates.

 

FISMA and FISCAM Documents:

FISCAM Federal Information Systems Controls Audit Manual (Financial Systems)
 
FISMA Federal Information Security Management Act of 2002
 

Back to Top

 

National Institute of Standards and Technology (NIST):

SP 800-100 Information Security Handbook:  A Guide for Managers
 
SP 800-12 An Introduction to Computer Security:  The NIST Handbook
 
SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems
 
SP 800-18 Guide for Developing Security Plans for Federal Information Systems
 
SP 800-23 Guidline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
 
SP 800-26 Security Self Assessment Guide for Information Technology Systems
 
SP 800-27 Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
 
SP 800-30 Risk Management Guide for Information Technology Systems
 
SP 800-31 Intrusion Detection Systems (IDS)
 
SP 800-34 Contingency Planning Guide for Information Technology Systems
 
SP 800-36 Guide to Selecting Information Technology Security Products
 
SP 800-37 Guide for Security Certification and Accreditation
 
SP 800-42 Guideline on Network Security Testing
 
SP 800-47 Security Guide for Interconnecting Information Technology Systems
 
SP 800-51 Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
 
SP 800-53 Recommended Security Controls for Federal Information Systems
Replaces SP 800-26 Assessment Questions. 
Some agencies use 800-53, some use 800-53 Rev 1
 
SP 800-53 Rev 1 Recommended Security Controls for Federal Information Systems, Rev 1
Replaces SP 800-26 Assessment Questions. 
Some agencies use 800-53, some use 800-53 Rev 1
 
SP 800-53A (DRAFT) Guide for Assessing the Security Controls in Federal Information Systems
 
SP 800-55 Security Metrics Guide for Information Technology
 
SP 800-56 Recommendation on Key Establishment Schemes
 
SP 800-57 Recommendation on Key management
 
SP 800-60 Guide or Mapping Types of Information Systems to Security Categories
 
SP 800-61 Computer Security Incident Handling
 
SP 800-64 Security Considerations in the Information System Development Lifecycle
 
SP 800-70 Security Configuration Program Checklists Program For IT Products - Guidance For Checklists Users and Developers
 

Back to Top

 

Federal Information Processing Standards (FIPS):

FIPS 140-2 Security Requirements for Cryptographic Modules
 
FIPS 199 Standards for Security Categorization of Federal Information and Information Systems
 
FIPS 200 Minimum Security Requirements for Federal Information Systems
 

Back to Top

 

 

Office of Management and Budget (OMB):

OMB Circular A-123 Management's Responsibility for Internal Controls
 
OMB Circular A-130 Management of Federal Information Resources
 
OMB Circular A-130
Appendix III
 		 Security of Federal Automated Information Resources
 
OMB Memo M-06-16 Protection of Sensitive Agency Information (Mobile computers and remote access)
 
OMB Memo M-07-11

Implementation of Commonly Accepted Security Configurations for
Windows Operating Systems

 

Back to Top

 

Other Publications and Useful Information Assurance References:

CNSS Committee on National Security Systems
 
Common Criteria Common Criteria for Information Technology Security Evaluation (Replaces Rainbow Series)
 
Common Criteria - An Introduction
 		 Brochure:  An Introduction to the Common Criteria Project
 
DIACAP DoD Information Assurance Certification and Accreditation (will replace DITSCAP)
 
DITSCAP DoD Information Technology Security Certification and Accreditation Process
 
GAO-05-231 Emerging Cybersecurity Issues Threaten Federal Information Systems
 
Mitre Common Vulnerabilities and Exposures
 
NIACAP National Information Assurance Certification and Accreditation Process
 
NIAP National Information Assurance Partnership
 
NIATS National Information Assurance Training Standard for System Administrators
 
NIST and SDLC Brochure:  NIST and the Systems Development Lifecycle (SDLC)
 
US-CERT United States Computer Emergency Readiness Team
 

Back to Top

 

 

 


"A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms shall not be infringed."

                                     - Second Amendment, U.S. Constitution

 


"The difference between Ronald Reagan and Barack Obama: Rugged individualism versus social elitism.  You decide which one was which."  - wpf
 

 

 

 


This is a McAfee "SafeSite" Rated Web Page
Get McAfee SiteAdvisor

Gonzo's Garage  ©2010

 

 

W3Counter Web Stats

(View Counter Statistics Here) 

Anti Spam