The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL’s responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal systems. The Special Publication 800-series reports on ITL’s research, guidelines, and outreach efforts in systems security as well as its collaborative activities with industry, government, and academic organizations.
Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. This publication introduces the information security principles that organizations may leverage to understand the information security needs of their respective systems.
This publication serves as a starting-point for those new to information security as well as those unfamiliar with NIST information security publications and guidelines. The intent of this special publication is to provide a high-level overview of information security principles by introducing related concepts and the security control families (as defined in NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations) that organizations an
leverage to effectively secure their systems1 and information. To better understand the meaning and intent of the security control families described later, this publication begins by familiarizing the reader with various information security principles.
After the introduction of these security principles, the publication provides detailed descriptions of multiple security control families as well as the benefits of each control family. The point is not to impose requirements on organizations, but to explore available techniques for applying a specific control family to an organization’s system and to explain the benefit(s) of employing the selected controls.
Since this publication provides an introduction to information security, detailed steps as to how security controls are implemented or how to check for security control effectiveness are not included. Rather, separate publications that may provide more detailed information about a specific topic will be noted as a reference.
https://documents.theblackvault.com/documents/commercedept/nist.sp.800-12r1.pdf
Follow The Black Vault on Social Media:
This post was published on March 7, 2018 7:50 am
Background Many U.S. government agencies and military branches have public YouTube pages. That is no…
In a new batch of documents obtained by The Black Vault, the Department of Defense…
Background Movements for civil rights were a worldwide series of political movements for equality before…
Background Welcome to the FBI Files on Historical Figures & Groups archive at The Black…
The Department of Defense has released a collection of internal emails in response to a…
Background You can get quite a bit of material under the Freedom of Information Act…