Wednesday 9 October 2019

NIST standards

800-30 - Guide for Conducing Risk Assessments
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

800-37: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final


800-39 - Managing Information Security Risk: Organization, Mission, and Information System View
https://csrc.nist.gov/publications/detail/sp/800-39/final

800-53 - Security and Privacy Controls for Information Systems and Organizations
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft


800-154 - Guide to Data-Centric System Threat Modeling

https://csrc.nist.gov/publications/detail/sp/800-154/draft

800-115 - Penetration Testing

800-60: Volume 1: Guide for Mapping Types of Information and Information Systems to Security Categories

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf

NIST SP 800-53A,Guide for Assessing the Security
Controls in Federal Information Systems