Publications
Withdrawn on August 01, 2018.
Guide to Selecting Information Technology Security Products
Documentation
Topics
Date Published: October 2003
Planning Note (08/01/2018):
Withdrawn: Does not reflect current security product types, and references are outdated.
Author(s)
Tim Grance (NIST), Marc Stevens (BAH), Marissa Myers (BAH)
The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and availability of mission critical information. The guide seeks to assist in choosing IT security products that meet an organization's requirements. It should be used with other NIST publications to develop a comprehensive approach to meeting an organization's computer security and information assurance requirements. This guide defines broad security product categories, specifies product types within those categories, and then provides a list of characteristics and pertinent questions an organization should ask when selecting a product from within these categories.
The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and availability of mission critical information. The guide seeks to assist in choosing IT security products that meet an...
See full abstract
The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and availability of mission critical information. The guide seeks to assist in choosing IT security products that meet an organization's requirements. It should be used with other NIST publications to develop a comprehensive approach to meeting an organization's computer security and information assurance requirements. This guide defines broad security product categories, specifies product types within those categories, and then provides a list of characteristics and pertinent questions an organization should ask when selecting a product from within these categories.
Hide full abstract
Keywords
computer security; enterprise architecture; life cycle; products; security controls
Control Families
Access Control; Assessment, Authorization and Monitoring; Identification and Authentication; Incident Response; Media Protection; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity