Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.

Published byDennis Nicholes Modified over 10 years ago

Similar presentations

Presentation on theme: "NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division."— Presentation transcript:

1 NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division Information Technology Laboratory NIST

2 Topics Self-Assessment Framework & Guidance Document Other NIST documents & resources

3 History CIO Council IT Security Assessment Framework Government Information Security Reform Act Federal Information Management Act

4 Description of Guide Framework - groundwork for standardizing and measuring IT security –Five levels of effectiveness –Criteria for implementing each level Assessment Guide - builds on the Framework Questions directed at the system

5 Description - continued Specific control objectives and techniques that a system can be measured against Blending requirements and guidance from GAO’s FISCAM and NIST guidance documents

6 NIST Guidance – IT Security Management Introduction to Computer Security: The NIST Handbook (NIST SP 800-12) Guide for Developing Security Plans for IT Systems (NIST SP 800-18) Risk Management Guide (NIST SP 800-30) Contingency Planning Guide (NIST SP 800-34)

7 NIST Guidance – IT Security Management (cont.) Certification and Accreditation Guide (coming soon) Minimum Security Controls (coming soon) Security Metrics (coming soon) http://csrc.nist.gov

8 ICAT Vulnerability Index Over 5000 vulnerabilities Fine grained search engine Links to vulnerability and patch information http://icat.nist.gov

9 Federal Agency Security Practices Three areas on the web site –Agency practices –FAQ –Original BSP pilot submission Hosted by the Federal Computer Security Program Managers’ Forum http://csrc.nist.gov/fasp

10 Agency Practices No special format submission is required Send documents as an e-mail attachment We require title of file and name of agency submitting Contact information is optional Files can be generic with no agency identifiers – NIST will do that for the agency if wanted Need agencies to send what they have – the more the better

11 FAQ Questions generated by the Forum over the past three years Categorized by topic area Questions answered primarily through the Forum e-mail and additional information provided by NIST FAQ will be added to as questions occur

12 Contact Information Marianne Swanson 301-975-3293 marianne.swanson@nist.gov marianne.swanson@nist.gov

Download ppt "NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division."

Similar presentations

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
CDC EHDI RESOURCES for States. CDC EHDI Website CDC EHDI Website Purpose: To provide up-to-date.

CDC EHDI RESOURCES for States. CDC EHDI Website CDC EHDI Website Purpose: To provide up-to-date.
Jump to first page NIST 800-30 Risk Management Guide for Information Technology Systems Reference:

Jump to first page NIST Risk Management Guide for Information Technology Systems Reference:
An Overview of the Federal Segment Architecture Methodology

An Overview of the Federal Segment Architecture Methodology
Security Frameworks Robert M. Slade, MSc, CISSP

Security Frameworks Robert M. Slade, MSc, CISSP
1 Florida Gulf Coast University Small Business Development Center (SBDC) Procurement Technical Assistance Center (PTAC) Reading Solicitations.

1 Florida Gulf Coast University Small Business Development Center (SBDC) Procurement Technical Assistance Center (PTAC) Reading Solicitations.
Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
Page 1 of 12 To the ETS - Correspondence Online Training Course Welcome The Correspondence functionality is an online service that enables clients to receive.

Page 1 of 12 To the ETS - Correspondence Online Training Course Welcome The Correspondence functionality is an online service that enables clients to receive.
Making Grants.gov Work for You: U.S. Department of Education Jacob K. Javits Gifted and Talented Students Education Program CFDA #84.206A Find. Apply.

Making Grants.gov Work for You: U.S. Department of Education Jacob K. Javits Gifted and Talented Students Education Program CFDA #84.206A Find. Apply.
Welcome to the Virtual Historian 2.0. 1. Getting started with the VH 2.0 Go to virtualhistorian.ca Select language of usevirtualhistorian.ca 2 Note: For.

Welcome to the Virtual Historian Getting started with the VH 2.0 Go to virtualhistorian.ca Select language of usevirtualhistorian.ca 2 Note: For.
Fall 2011. Funding is an important part of academic career Developing funding application skills early on will lead to academic success Funding proposals.

Fall Funding is an important part of academic career Developing funding application skills early on will lead to academic success Funding proposals.
SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
1 BRState Software Demonstration. 2 After you click on the LDEQ link to download the BRState Software you will get this message.

1 BRState Software Demonstration. 2 After you click on the LDEQ link to download the BRState Software you will get this message.
Light User Guide BVPortal June 30th, p.m. Charles - Henri Varin KM DTP For the benefit of business and people.

Light User Guide BVPortal June 30th, p.m. Charles - Henri Varin KM DTP For the benefit of business and people.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
CS 1150 – Lab #16A & 16B – HTML TA – Sanjaya Wijeratne – Web Page -

CS 1150 – Lab #16A & 16B – HTML TA – Sanjaya Wijeratne – Web Page -
1 State Records Center Searching and Requesting Inventory  Versatile web address:  Look for any new ‘Special.

1 State Records Center Searching and Requesting Inventory  Versatile web address:  Look for any new ‘Special.
1 2004 OMB Exhibit 53 Changes Briefing Presented by the Office of the Chief Information Officer June 5, 2002.

OMB Exhibit 53 Changes Briefing Presented by the Office of the Chief Information Officer June 5, 2002.
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
Hiring Reform Implementation SFC Wilma Alicea Human Resources Specialist JFHQ-PR, HRO (787) 289-1400 x 1218 Application Process USAJOBS – Application Manager.

Hiring Reform Implementation SFC Wilma Alicea Human Resources Specialist JFHQ-PR, HRO (787) x 1218 Application Process USAJOBS – Application Manager.

Similar presentations

Ads by Google