SP 800-12: An Introduction to Computer Security: The NIST Handbook
SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-16: Information Technology Security Training Requirements: A Role- and Performance-Based Model
SP 800-23: Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-30: Risk Management Guide for Information Technology Systems
SP 800-34: Contingency Planning Guide for Information Technology System, Revision 1
SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-40: Creating a Patch and Vulnerability Management Program
SP 800-41: Guidelines on Firewalls and Firewall Policy
SP 800-42: Guidelines on Network Security Testing
SP 800-45: Guidelines on Electronic Mail Security
SP 800-46: Guide to Enterprise Telework and Remote Access Security
SP 800-50: Building an Information Technology Security Awareness and Training Program
SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations
SP 800-57: Recommendations for Key Management—Part 1: General (Revision 3)
SP 800-57: Recommendations for Key Management—Part 2: Best Practices for Key Management Organization
SP 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories (Two Volumes)
SP 800-61: Computer Security Incident Handling Guide
SP 800-64: Security Considerations in the System Development Life Cycle
SP 800-66: Guide to Integrating Forensic Techniques into Incident Response
SP 800-77: Guide to IPsec VPNs
SP 800-83: Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-84: Guide to Test, Training, and Exercise Programs for Information Technology Plans and Capabilities
SP 800-88: Guidelines for Media Sanitization
SP 800-92: Guide to Computer Security Log Management
SP 800-94: Guide to Intrusion Detection and Prevention Systems
SP 800-100: Information Security Handbook: A Guide for Managers
SP 800-111: Guide to Storage Encryption Technologies for End User Devices
SP 800-113: Guide to SSL VPNs
SP 880-114: User’s Guide to Securing External Devices for Telework and Remote Access
SP 800-153: Guidelines for Securing Wireless Local Area Networks (WLANs)
Business Continuity Planning
Development and Acquisition
Information Security
(Risk) Management
Outsourcing Technology Services
Supervision of Technology Service Providers (TSP)
www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
1. Security 101 for Covered Entities
2. Security Standards, Administrative Safeguards
3. Security Standards, Physical Safeguards
4. Security Standards, Technical Safeguards
5. Security Standards: Organizational, Policies, and Procedures and Documentation Requirements
6. Basics of Risk Analysis and Risk Management
7. Security Standards: Implementation for the Small Provider
https://www.pcisecuritystandards.org/security_standards/documents.php
PCI DSS v3.0
PCI DSS Summary of Changes v2.0 to v3.0
PCI DSS Quick Start Guide
International Information Systems Security Certification Consortium (ISC2): www.isc2.org
Information Systems Audit and Control Association (ISACA): www.isaca.org
Information Systems Security Association, Inc. (ISSA): www.issa.org
SANS Institute: www.sans.org
Disaster Recovery Institute (DRI): www.drii.org
The Institute of Internal Auditors: www.theiia.org
18.221.232.187