SP 800-35. Guide to Information Technology Security Services | Semantic Scholar (2024)

This guide defines broad security product categories, specifies product types within those categories, and then provides a list of characteristics and pertinent questions an organization should ask when selecting a product from within these categories.

The main objective of this paper is to present an Information Security Management System implementation method in the case of a small company by defining the basic steps in achieving a fully functional Information Security management System.

The Engineering Principles for Information Technology (IT) Security (HP-ITS) is a list of system-level security principles to be considered in the design, development, and operation of an information system.

This change in the terms 'Security Control Integration' and 'System Development Life Cycle' more accurately reflects the effort to integrate the system at the operational site.

The scope of this document includes ICS that are typically used in the electric, water and wastewater, oil and natural gas, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing industries.

This publication was written to help educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out itn the Security Rule.

This paper takes the novel approach of applying the concept of security governance to web-sites and measuring the consistency of software settings and versions used on these websites, and identifies the cause of governance failures and proposes improvement plans.

This chapter describes an efficient monitoring system that collects vital infrastructure metrics and application data from the set of resources and services used for event processing purposes, and processes those metrics to detect violations of the SR contract.

...

...

This guide defines broad security product categories, specifies product types within those categories, and then provides a list of characteristics and pertinent questions an organization should ask when selecting a product from within these categories.

Two Government programs are of particular interest -- the National Information Assurance Partnership (NIAP)'s Common Criteria Evaluation and Validation Program and NIST's Cryptographic Module Validation program (CMVP).

This Special Publication 800-series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

This guideline has been prepared for use by federal agencies and is consistent with the requirements and may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright.

This publication presents a new conceptual framework for providing information technology (IT) security training that includes the IT security training requirements appropriate for today's distributed computing environment and provides flexibility for extension to accommodate future technologies and the related risk management decisions.

This change in the terms 'Security Control Integration' and 'System Development Life Cycle' more accurately reflects the effort to integrate the system at the operational site.

This publication provides a standard to be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be use to provide protection for sensitive or valuable data.

...

...