具体执行规则可参照FIPS出版物199、NIST SP800-30、NIST SP 800-39、NIST SP800-59、NIST SP 800-60,或者CNSSI1253。 第二步:选择安全控制。根据步骤一中系统的分类和其他相关因素选择系统的安全控制。这一步需要确定核心组件类型,以及每个控件相关的初始控制集。具体执行规则可参照FIPS出版物199、FIPS出版物200、...
NIST SP-800-63 was originally released in 2017, but has gone through various iterations and is constantly being revised. As of 2024, NIST has requested comments on their newest revision of 800-63 (Digital Identity Guidelines). As recently as 2020, NIST revised their password guidelines to emph...
NIST SP 800-53 Rev. 5 は、米国商務省の一機関である米国国立標準技術研究所 (NIST) が開発した、サイバーセキュリティおよびコンプライアンスのフレームワークです。このコンプライアンスフレームワークは、情報システムと重要なリソースの可用性、機密性、完全性の保護に役立ちます。米国...
NIST has released SP 800-52 Revision 1, which provides guidance to federal agencies on the use of Transport Layer Security. The standard recommends that all agencies support TLS 1.2 by Jan. 1, 2015. U.S. federal government agencies are being told they should move to TLS 1.2 by the beginni...
SP 800-126A SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 SCAP 1.3组件规范版本更新:NIST特殊出版物800-126修订版3的附件 Final 2/14/2018 White Paper [Project Description] Data Integrity: Identifying and Protecting Assets Against Ransomware an...
In October 2021, NIST SP 800-161 was revised. The second public draft, known as NIST 800-161 Revision 1, includes two new appendices: Appendix E - Provides additional guidance to specific federal agencies related to FASCSA Appendix F - Provides a response to the directives outlined in section...
The Microsoft Sentinel: NIST SP 800-53 Solution enables compliance teams, architects, SecOps analysts, and consultants to understand their cloud security...
One of them is a combination technique using ISO 27005 and NIST SP 800-30 revision 1. Previous research proved that the combination technique could be implemented in a non-profit organization (government). However, the detailed risk assessment steps are not e...
Thanks very much for the input we have received for the initial public draft of SP 800-53 Revision 5. We really appreciate all of the valuable information from those “in the field” applying the guidelines and implementing the security and privacy controls. Our publications benefit greatly from...
NIST Special Publication 800-18 Revision 1, Guide for Developing Security Plans for Federal Information Systems, provides suggested content for these system security plans. Key management-related additions to these plans are suggested in the “Information Technology System Security Plans” section of ...