NIST Special Publication 800-100
I N F O R M A T I O N S E C U R I T Y
Information Security
Handbook: A Guide for
Managers
Recommendations of the National
Institute of Standards and Technology
Pauline Bowen
Joan Hash
Mark Wilson
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
October 2006
U.S. Department of Commerce
Carlos M. Gutierrez, Secretary
Technology Administration
Robert Cresanti, Under Secret ary of Commerce for Technology
National Institute of Standards and Technology
William Jeffrey, Director
Reports on Information Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and
Technology promotes the U.S. economy and public welfare by providing tec hnical leadership for
the Nation's measurement and standards infrastr ucture. ITL develops tests, test methods,
reference data, proof-of-concept implementations , and technical analyses to advance the
development and productive use of information technology. ITL's responsibilities include the
development of management, administrative, t echnical, and physical standards and guidelines
for the cost-effective security and privacy of nonnational-security-related information in federal
information systems. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in information system security and its collaborative activities with industry, government, and academic organizations.
iii
Authority
This document has been developed by the Na tional Institute of Standards and Technology
(NIST) in furtherance of its statutory responsibilities under th e Federal Information Security
Management Act (FISMA) of 2002, Public Law 107-347.
NIST is responsible for developing standards and guidelines, including minimum requirements,
and for providing adequate information security for all agency operations and assets, but such
standards and guidelines sh all not apply to national security systems. This guideline is consistent
with the requirements of the Office of Manage ment and Budget (OMB) Circular A-130, Section
8b(3), Securing Agency Information Systems , as analyzed in A-130, Appendix IV: Analysis of
Key Sections . Supplemental information is provided A-130, Appendix III.
This guideline has been prepared for use by federal agencies. It may also be used by
nongovernmental organizations on a voluntary basis and is not subj ect to copyright regulations.
(Attribution would be appreciated by NIST.)
Nothing in this document should be taken to contradict standards and guidelines made
mandatory and binding on federal agencies by the Secretary of Co mmerce under statutory
authority. Nor should these guidelin es be interpreted as alteri ng or superseding the existing
authorities of the Secretary of Commerce, Direct or of the OMB, or any other federal official.
Certain commercial entities, equipment, or materi als may be identified in this document in order
to describe an experimental procedure or concep t adequately. Such identification is not intended
to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities,
materials, or equipment are necessarily the best available for the purpose.
Acknowledgements
NIST would like to thank the many people who assist ed with the development of this handbook.
NIST management officials who supported this effort include: Joan Hash, William C. Barker,
Elizabeth Chew, and Matthew Scholl.
The authors would like to thank Elizabeth Lennon, Alicia Clay, Elizabeth Chew, Richard Kissel,
Carol Schmidt, Matthew Scholl, and Patricia Toth who assisted with reviewing this Handbook
and provided comments and suggestions for improvement.
Additional drafters of Handbook chapters include:
Ron Ross, Tim Gra
NIST.SP.800-100 Information Security Handbook A Guide for Managers
安全标准 >
NIST >
文档预览
中文文档
178 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共178页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:09:34上传分享