Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Projects

Showing 1 through 10 of 13 matching records.
Apple macOS Security Configuration APPLE-OS
CSD’s macOS security configuration team is working to develop secure system configuration baselines supporting different operational environments for Apple macOS version 10.12, “Sierra.” These configuration guidelines will assist organizations with hardening macOS technologies and provide a basis for unified controls and settings for federal macOS workstation and mobile system security configurations. The configurations are based on a collection of resources, including the existing NIST macOS...
Awareness, Training, & Education ATE
Public Law 100-235, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on functional organizational roles. Guidelines were produced in the form of NIST Special Publication 800-16 titled, "Information Technology Security Training Requirements: A Role- and Performance-Based Model." The learning continuum modeled in this guideline provides the relationship between awareness, training, and education. The publication...
Continuous Monitoring ConMon
To advance the state of the art in continuous monitoring capabilities and to further interoperability within commercially available tools, the Computer Security Division is working within the international standards development community to establish working groups and to author and comment on emerging technical standards in this area. The CAESARS-FE reference architecture will evolve as greater consensus is developed around interoperable, standards-based approaches that enable continuous...
Cyber Supply Chain Risk Management C-SCRM
Information and operational technology (IT/OT) relies on a complex, globally distributed, and interconnected supply chain ecosystem to provide highly refined, cost-effective, and reusable solutions. This ecosystem is composed of various entities with multiple tiers of outsourcing, diverse distribution routes, assorted technologies, laws, policies, procedures, and practices, all of which interact to design, manufacture, distribute, deploy, use, maintain, and manage IT/OT products and services...
Federal Computer Security Program Managers' Forum
Welcome to the Federal Computer Security Program Managers' Forum (Forum) website. The Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security information among U.S. federal, state and higher education organizations.  The Forum maintains an extensive e-mail list, holds quarterly meetings which includes an annual 2-day "offsite" to discuss current issues and items of interest to those...
Federal Information Systems Security Educators' Association FISSEA
FISSEA, founded in 1987, is an organization run by and for information security professionals to Assist Federal Agencies in Strengthening Their Employee Security Training and Awareness Programs. FISSEA conducts an annual fee-based conference and has a “FISSEA Community of Interest” on GovLoop to pose questions and receive feedback from colleagues. 32nd Annual ConferenceInnovations in Cybersecurity Awareness and Training:A 360 Degree Perspective March 27th and 28th...
National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for...
Open Security Controls Assessment Language OSCAL
NIST is developing the Open Security Controls Assessment Language (OSCAL), a set of hierarchical, formatted, XML- and JSON-based formats that provide a standardized representation for different categories of information pertaining to the publication, implementation, and assessment of security controls. OSCAL is being developed through a collaborative approach with the public. The OSCAL website provides an overview of the OSCAL project, including an XML and JSON schema reference and examples...
Program Review for Information Security Assistance PRISMA
The Program Review for Information Security Management Assistance (PRISMA) includes many review options and incorporates guidelines contained in Special Publication 800-53 (Revision 3), Recommended Security Controls for Federal Information Systems. The PRISMA is based upon existing federal directives including Federal Information Security Management Act (FISMA), NIST guidelines and other proven techniques and recognized best practices in the area of information security.PRISMA Has...
Security Content Automation Protocol SCAP
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality. This Web site is provided to support continued community involvement. From this site, you will find information about both existing SCAP specifications and emerging specifications relevant to...

1     2  next >  last >>