Appendix A. Information Security Program Resources

SP 800-12: An Introduction to Computer Security: The NIST Handbook

SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems

SP 800-16: Information Technology Security Training Requirements: A Role- and Performance-Based Model

SP 800-23: Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products

SP 800-30: Risk Management Guide for Information Technology Systems

SP 800-34: Contingency Planning Guide for Information Technology System, Revision 1

SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View

SP 800-40: Creating a Patch and Vulnerability Management Program

SP 800-41: Guidelines on Firewalls and Firewall Policy

SP 800-42: Guidelines on Network Security Testing

SP 800-45: Guidelines on Electronic Mail Security

SP 800-46: Guide to Enterprise Telework and Remote Access Security

SP 800-50: Building an Information Technology Security Awareness and Training Program

SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations

SP 800-57: Recommendations for Key Management—Part 1: General (Revision 3)

SP 800-57: Recommendations for Key Management—Part 2: Best Practices for Key Management Organization

SP 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories (Two Volumes)

SP 800-61: Computer Security Incident Handling Guide

SP 800-64: Security Considerations in the System Development Life Cycle

SP 800-66: Guide to Integrating Forensic Techniques into Incident Response

SP 800-77: Guide to IPsec VPNs

SP 800-83: Guide to Malware Incident Prevention and Handling for Desktops and Laptops

SP 800-84: Guide to Test, Training, and Exercise Programs for Information Technology Plans and Capabilities

SP 800-88: Guidelines for Media Sanitization

SP 800-92: Guide to Computer Security Log Management

SP 800-94: Guide to Intrusion Detection and Prevention Systems

SP 800-100: Information Security Handbook: A Guide for Managers

SP 800-111: Guide to Storage Encryption Technologies for End User Devices

SP 800-113: Guide to SSL VPNs

SP 880-114: User’s Guide to Securing External Devices for Telework and Remote Access

SP 800-153: Guidelines for Securing Wireless Local Area Networks (WLANs)

Business Continuity Planning

Development and Acquisition

Information Security

(Risk) Management

Outsourcing Technology Services

Supervision of Technology Service Providers (TSP)

1. Security 101 for Covered Entities

2. Security Standards, Administrative Safeguards

3. Security Standards, Physical Safeguards

4. Security Standards, Technical Safeguards

5. Security Standards: Organizational, Policies, and Procedures and Documentation Requirements

6. Basics of Risk Analysis and Risk Management

7. Security Standards: Implementation for the Small Provider

PCI DSS v3.0

PCI DSS Summary of Changes v2.0 to v3.0

PCI DSS Quick Start Guide

Information Systems Audit and Control Association (ISACA): www.isaca.org

Information Systems Security Association, Inc. (ISSA): www.issa.org

SANS Institute: www.sans.org

Disaster Recovery Institute (DRI): www.drii.org

The Institute of Internal Auditors: www.theiia.org