LAWS, POLICIES, DIRECTIVES, INSTRUCTIONS, STANDARDS, AND GUIDELINES
legislation |
1.E-Government Act [includes FISMA] (P.L. 107-347), December 2002. http://www.gpo.gov/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf (accessed 12/4/14). |
1.Federal Information Security Management Act (P.L. 107-347, Title III), December 2002. http://www.gpo.gov/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf (accessed 12/4/14). |
1.Privacy Act of 1974 (P.L. 93-579), December 1974. http://www.justice.gov/opcl/privacy-act-1974 (accessed 12/4/14). |
policies, directives, instructions |
1.Committee on National Security Systems (CNSS) Instruction 4009, National Information Assurance Glossary, April 2010. https://www.cnss.gov/CNSS/issuances/Instructions.cfm (accessed 12/4/14). |
1.Committee on National Security Systems (CNSS) Instruction 1253, Security Categorization and Control Selection for National Security Systems, March 2014. https://www.cnss.gov/CNSS/issuances/Instructions.cfm (accessed 12/4/14). |
1.Office of Management and Budget, Circular A-130, Appendix I, Transmittal Memorandum #4, Federal Agency Responsibilities for Maintaining Records About Individual, November 2000. http://www.whitehouse.gov/omb/circulars_a130_a130appendix_i (accessed 12/4/14). |
1.Office of Management and Budget, Circular A-130, Appendix III, Transmittal Memorandum #4, Management of Federal Information Resources, November 2000. http://www.whitehouse.gov/omb/circulars_a130_a130appendix_iii (accessed 12/4/14). |
1.Office of Management and Budget Memorandum M-02-01, Guidance for Preparing and Submitting Security Plans of Action and Milestones, October 2001. http://www.whitehouse.gov/omb/memoranda_m02-01 (accessed 12/4/14). |
standards |
1.National Institute of Standards and Technology Federal Information Processing Standards Publication 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf (accessed 12/4/14). |
1.National Institute of Standards and Technology Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006. http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf (accessed 12/4/14). |
1.ISO/IEC 15408, Common Criteria for Information Technology Security Evaluation, (as amended). |
guidelines |
1.National Institute of Standards and Technology Special Publication 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems, February 2006. http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf (accessed 12/4/14). |
1.National Institute of Standards and Technology Special Publication 800-30, Revision 1, Guide for Conducting Risk Assessments, September 2012. http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf (accessed 12/4/14). |
1.National Institute of Standards and Technology Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, February 2010. |
1.National Institute of Standards and Technology Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View, March 2011. http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf (accessed 12/4/14). |
1.National Institute of Standards and Technology Special Publication 800-40, Revision 3, Guide to Enterprise Patch Management Technologies, July 2013. |
1.National Institute of Standards and Technology Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, April 2013. |
1.National Institute of Standards and Technology Special Publication 800-59, Guideline for Identifying an Information System as a National Security System, August 2003. http://csrc.nist.gov/publications/nistpubs/800-59/SP800-59.pdf (accessed 12/4/14). |
1.National Institute of Standards and Technology Special Publication 800-60, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, August 2008. http://csrc.nist.gov/publications/PubsSPs.html#800-60 (accessed 12/4/14). |
1.National Institute of Standards and Technology Special Publication 800-64, Revision 2, Security Considerations in the System Development Life Cycle, October 2008. http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf (accessed 12/4/14). |
1.National Institute of Standards and Technology Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, September 2008. http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf (accessed 12/4/14). |
1.National Institute of Standards and Technology Special Publication 800-126, Revision 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2, September 2011. http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf |
1.National Institute of Standards and Technology Special Publication 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations, September 2011. http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf (accessed 12/4/14). |