NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Archive

Document Posted
Audit Trails  
Sample Generic Policy and High Level Procedures for Audit Trails 08/02/00
Authorize Processing (C&A)  
Certification and Accreditation Documentation Performance Work Summary 07/30/02
Statement of Work: Certification and Accreditation Blanket Purchase Agreement - Department of Education 02/12/02
Sample Generic Policy and High Level Procedures for Certification/Accreditation 10/29/01
Certification and Accreditation - DLA * 03/12/01
C&A of Core Financial System - USAID 02/05/01
How to Accredit Information Systems for Operation - DOD/NSWC * 02/01/01
Contingency Planning  
Contingency Planning Template Instructions - DOJ 12/10/01
Sample Generic Policy and High Level Procedures for Contingency Plans 8/21/01
Data Integrity  
How to Protect Against Viruses Using Attachment Blocking - National Endowment for the Humanities 02/05/02
Sample Generic Policy and High Level Procedures for Data Integrity/Validation 08/02/00
Hardware and System Software Maintenance  
Configuration Management Plan 11/10/01
Interim Policy Document on Configuration Management 11/10/01
Sample Generic Policy and High Level Procedures for Hardware and Application Software Security 08/02/00
Identification and Authentication  
Password Cracking Information - National Labor Relations Board 08/20/01
Password Management Standard - National Labor Relations Board 08/13/01
Sample Generic Policy and High Level Procedures for Passwords and Access Forms 08/02/00
Incident Response Capability  
Computer Incident Response Team Desk Reference - Federal Communications Commission 07/30/02
Identification & Authentication on FCC Systems 07/30/02
Computer Virus Incident Report Form 01/10/02
FCC Computer Incident Response Guide 12/30/01
Sample Generic Policy and High Level Procedures for Incident Response 03/02/01
Developing an Agency Incident Response Process - SSA * 02/20/01
Incident Handling - BMDO * 05/22/00
Life Cycle  
Sample Generic Policy and High Level Procedures for Life Cycle Security 01/02/01
Integrating Security into Systems Development Life Cycle - SSA * 12/20/00
Logical Access Controls  
Decision Paper on Use of Screen Warning Banner 12/13/01
Sample Warning Banner - National Labor Relations Board 12/12/01
Network Security  
Network Perimeter Security Policy 10/01/01
Securing POP Mail on Windows Clients - NASA * 06/13/01
How to Deploy Firewalls - Carnegie Mellon * 02/16/01
Configuration of Technical Safeguards - USAID * 01/23/01
Network Security Management Policy 01/08/01
How To Secure a Domain Name Server (DNS) - GSA * 05/11/00
Personnel Security  
Email Policy - FCC 11/14/02
Internet Use Policy - FCC 11/14/02
Limited Personnel Use of Government Equipment 11/14/02
Non-disclosure Form - FCC 09/13/02
Guidelines for Evaluating Information on Public Web Sites 10/19/01
Receipt of Proprietary Information 10/01/01
Sample Generic Policy and High Level Procedures for Personnel Security 12/18/00
Personal Use Policy - OPM * 12/04/00
Limited Personal - VA * 10/03/00
Physical and Environmental Protection  
Sample Generic Policy and High Level Procedures for Facility Protection 08/02/00
Policy and Procedures  
Security Handbook - Glossary 11/15/02
Security Handbook - Management Controls 11/15/02
Security Handbook - Operational Controls 11/14/02
Security Handbook - Technical Controls 11/14/02
Telecommuting and Mobile Computer Security Policy 01/08/02
Sample of XX Agency Large Service Application (LSA) Information Technology (IT) Security Program Policy 08/02/00
Production, Input/Output Controls  
Disk Sanitization Procedures - NIH * 06/01/01
Remove all Data From Workstations & Servers - USAID * 04/25/01
Sample Generic Policy and High Level Procedures for Marking, Handling, Processing, Storage and Disposal of Data 08/02/00
Program Management  
IT Security Cost Estimation Guide - Department of Education 11/28/02
A Summary Guide: Public Law, Executive Orders, and Policy Documents - Department of Treasury 11/13/01
Position Description for Computer System Security Officer, GS-334-13 10/01/01
Position Description for Information Security Officer, GS-334-15 10/01/01
Position Description for Computer Specialist, GS-334-14 10/01/01
Sample of an Information Technology (IT) Security Staffing Plan for a Large Service Application (LSA) 11/15/99
Review of Security Controls  
Statement of Work for IT Security Review 06/12/02
Statement of Work - Information Technology (IT) Security Program Assessment Review 10/21/01
Overseas Computer Security Review - Department of State 02/20/01
Modem Scan Process - USAID * 01/23/01
Review of Information Technology (IT) Systems 08/02/00
Risk Management  
General Support Systems and Major Applications Inventory Guide 07/25/02
Sample Levels of Sensitivity 03/11/02
Statement of Work: Risk Assessments - Department of Education 02/12/02
Mission Site Vulnerability Assessment - USAID * 06/13/01
Sample Generic Policy and High Level Procedures for Risk Assessment 08/02/00
Security Awareness, Training and Education  
Short Security Awareness Briefing NIST 12/10/01
Building an IT Security Awareness Program - NIST 11/01/01
Certification of Information Security Awareness Training Form 11/01/01
Security Training at Missions - USAID * 01/23/01
Sample Generic Policy and High Level Procedures for Security Awareness, and Training 08/02/00
Statement of Work - Computer Security Awareness and Training 04/14/00
System Security Plan  
General Support Systems and Major Applications Inventory Guide 07/25/02
Security Plan - USAID * 01/23/01
Sample Generic Policy and High Level Procedures for Security Plans 04/14/00

* These submissions were first collected by the Federal CIO Council for their Best Security Practices initiative. That material was later passed to NIST's Computer Security Division.