U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-100

Information Security Handbook: A Guide for Managers

Date Published: October 2006 (Updated 3/7/2007)

Supersedes: SP 800-100 (10/31/2006)


Pauline Bowen (NIST), Joan Hash (NIST), Mark Wilson (NIST)



Awareness; capital planning; certification; configuration management; contingency plan; incident response; interconnecting systems; performance measures; risk management; security governance; security plans; security services; system development life cycle; training
Control Families

Access Control; Audit and Accountability; Awareness and Training; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Risk Assessment; System and Communications Protection; System and Information Integrity; System and Services Acquisition


SP 800-100 (DOI)
Local Download

Supplemental Material:
None available

Document History:
03/07/07: SP 800-100 (Final)


Security and Privacy
general security & privacy

Laws and Regulations
OMB Circular A-130