NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Public / Private / Academia Security Practices

NIST invites public and private organizations to submit their information security practices as nominated candidates for inclusion in its Computer Security Resource Center. With the recognition that protection of the Nation's critical infrastructure is dependent upon effective information security solutions and to minimize vulnerabilities associated with a variety of threats, the broader sharing of such practices will enhance the overall security of the nation. Today's federal networks and systems are highly interconnected and interdependent with non-federal systems. Access to information security practices in the public and private sector can be applied to enhance the overall performance of Federal information security programs.

Nominated candidate policies and procedures may be submitted to NIST in any area of information security including, but not limited to: accreditation, audit trails, authorization of processing, budget planning and justification, certification, contingency planning, data integrity, disaster planning, documentation, hardware and system maintenance, identification and authentication, incident handling and response, life cycle, network security, personnel security, physical and environmental protection, production input/output controls, security policy, program management, review of security controls, risk management, security awareness training, and education (to include specific course and awareness materials), and security planning.


Back to Top

public security practices

Document Posted
Common Risks Impeding the Adequate Protection of Government Information (July 2007) 03/09/10
CIO Council 05/28/03
Felix Uribe's List of the Best 100 Websites in Computer and Information Security 11/18/04
General Accounting Office 06/23/03
Information Assurance Technical Framework Forum (IATFF) 09/04/03
Lessons Learned by Consumers, Financial Sector Firms, and Government Agencies during the Recent Rise of Phishing Attacks - May 2004 06/14/04
The Internet Engineering Task Force (IETF) 09/04/03
U.S. Department of Defense: Information Assurance Technology Analysis Center 07/15/03
U.S. Department of Energy Computer Incident Advisory Capability (CIAC) 03/15/04

Back to Top

private security practices

Document Posted
2004 Resource Guide for Today's U.S. Government Information Security Professional 04/07/04
American Bankers Association - ABA Fraud Solutions and Resources 09/09/04
American Bankers Association - Sample Bank Privacy Policies 09/09/04
Ars Technica - Wireless Practicum: Essential Home Wireless Security Practices, Part 1 09/10/04
Ars Technica - Wireless Practicum: Essential Home Wireless Security Practices, Part 2 09/10/04
Internet Security Task Force 08/18/03
Microsoft 09/10/04
SANS Institute 09/10/04
Workgroup for Electronic Data Interchange - Strategic National Implementation Process 04/07/04

Back to Top

academia security practices

Document Posted
Carnegie Mellon University CERTŪ Coordination Center 09/09/03
EDUCAUSE 09/10/04