We assess and document compliance to:

  1. H.I.P.A.A.

  2. Sarbanes-Oxley (SoX)

  3. Gramm-Leach-Bliley Act (GLBA)

  4. Payment Card Industry (PCI) Data Security Standard

  5. N.I.S.T SP 800-30

  6. I.S.O. 27001/I.S.O. 17799

  7. SAS 70

  8. FERPA

  9. FISMA

  10. NERC

  11. Safe Harbor Act

N.I.S.T. - SP 800 - 30

The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

Risk is the net negative impact of the exercise of a vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.

Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.

To determine the likelihood of a future adverse event, threats to an IT system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the IT system. Impact refers to the magnitude of harm that could be caused by a threat’s exercise of a vulnerability. The level of impact is governed by the potential mission impacts and in turn produces a relative value for the IT assets and resources affected (e.g., the criticality and sensitivity of the IT system components and data). The risk assessment methodology encompasses nine primary steps:

  • System Characterization (NIST SP 800-30 Section 3.1)
  • Threat Identification (NIST SP 800-30 Section 3.2)
  • Vulnerability Identification (NIST SP 800-30 Section 3.3)
  • Control Analysis (NIST SP 800-30 Section 3.4)
  • Likelihood Determination (NIST SP 800-30 Section 3.5)
  • Impact Analysis (NIST SP 800-30 Section 3.6)
  • Risk Determination (NIST SP 800-30 Section 3.7)
  • Control Recommendations (NIST SP 800-30 Section 3.8)
  • Results Documentation (NIST SP 800-30 Section 3.9)

NIST Computer Security Special Publications

1) SP 800-67 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher http://csrc.nist.gov/publications/nistpubs...67/SP800-67.pdf

2) SP 800-64 Security Considerations in the Information System Development Life Cycle http://csrc.nist.gov/publications/nistpubs...ST-SP800-64.pdf

3) SP 800-63 Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology http://csrc.nist.gov/publications/nistpubs...00-63v6_3_3.pdf

4) SP 800-61 Computer Security Incident Handling Guide http://csrc.nist.gov/publications/nistpubs...61/sp800-61.pdf

5) SP 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories http://csrc.nist.gov/publications/nistpubs...-60V1-final.pdf

6) SP 800-59 Guideline for Identifying an Information System as a National Security System http://csrc.nist.gov/publications/nistpubs...59/SP800-59.pdf

7) SP 800-55 Security Metrics Guide for Information Technology Systems http://csrc.nist.gov/publications/nistpubs...55/sp800-55.pdf

8) SP 800-51 Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme http://csrc.nist.gov/publications/nistpubs...51/sp800-51.pdf

9) SP 800-50 Building an Information Technology Security Awareness and Training Program http://csrc.nist.gov/publications/nistpubs...ST-SP800-50.pdf

10) SP 800-49 Federal S/MIME V3 Client Profile http://csrc.nist.gov/publications/nistpubs...49/sp800-49.pdf

11) SP 800-48 Wireless Network Security: 802.11, Bluetooth, and Handheld Devices http://csrc.nist.gov/publications/nistpubs...T_SP_800-48.pdf

12) SP 800-47 Security Guide for Interconnecting Information Technology Systems http://csrc.nist.gov/publications/nistpubs...47/sp800-47.pdf

13) SP 800-46 Security for Telecommuting and Broadband Communications http://csrc.nist.gov/publications/nistpubs...46/sp800-46.pdf

14) SP 800-45 Guidelines on Electronic Mail Security http://csrc.nist.gov/publications/nistpubs...45/sp800-45.pdf

15) SP 800-44 Guidelines on Securing Public Web Servers http://csrc.nist.gov/publications/nistpubs...44/sp800-44.pdf

16) SP 800-43 Systems Administration Guidance for Windows 2000 Professional http://csrc.nist.gov/itsec/guidance_W2Kpro.html

17) SP 800-42 Guideline on Network Security Testing http://csrc.nist.gov/publications/nistpubs...ST-SP800-42.pdf

18) SP 800-41 Guidelines on Firewalls and Firewall Policy http://csrc.nist.gov/publications/nistpubs...41/sp800-41.pdf

19) SP 800-40 Procedures for Handling Security Patches http://csrc.nist.gov/publications/nistpubs...40/sp800-40.pdf

20) SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality http://csrc.nist.gov/publications/nistpubs...C/SP800-38C.pdf

21) SP 800-38A Recommendation for Block Cipher Modes of Operation - Methods and Techniques http://csrc.nist.gov/publications/nistpubs...a/sp800-38a.pdf

22) SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems http://csrc.nist.gov/publications/nistpubs...00-37-final.pdf

23) SP 800-36 Guide to Selecting Information Security Products http://csrc.nist.gov/publications/nistpubs...ST-SP800-36.pdf

24) SP 800-35 Guide to Information Technology Security Services http://csrc.nist.gov/publications/nistpubs...ST-SP800-35.pdf

25) SP 800-34 Contingency Planning Guide for Information Technology Systems http://csrc.nist.gov/publications/nistpubs...34/sp800-34.pdf

26) SP 800-33 Underlying Technical Models for Information Technology Security http://csrc.nist.gov/publications/nistpubs...33/sp800-33.pdf

27) SP 800-32 Introduction to Public Key Technology and the Federal PKI Infrastructure http://csrc.nist.gov/publications/nistpubs...32/sp800-32.pdf

28) SP 800-31 Intrusion Detection Systems (IDS) http://csrc.nist.gov/publications/nistpubs...31/sp800-31.pdf

29) SP 800-30 Risk Management Guide for Information Technology Systems http://csrc.nist.gov/publications/nistpubs...30/sp800-30.pdf

30) SP 800-29 A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 http://csrc.nist.gov/publications/nistpubs...29/sp800-29.pdf

31) SP 800-28 Guidelines on Active Content and Mobile Code http://csrc.nist.gov/publications/nistpubs...28/sp800-28.pdf

32) SP 800-27 Rev. A Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A http://csrc.nist.gov/publications/nistpubs...800-27-RevA.pdf

33) SP 800-26 Security Self-Assessment Guide for Information Technology Systems http://csrc.nist.gov/publications/nistpubs...26/sp800-26.pdf

34) SP 800-25 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication http://csrc.nist.gov/publications/nistpubs...25/sp800-25.pdf

35) SP 800-24 PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does http://csrc.nist.gov/publications/nistpubs...sp800-24pbx.pdf

36) SP 800-23 Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products http://csrc.nist.gov/publications/nistpubs...23/sp800-23.pdf

37) SP 800-22 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications http://csrc.nist.gov/publications/nistpubs...0-22-051501.pdf

38) SP 800-21 Guideline for Implementing Cryptography in the Federal Government http://csrc.nist.gov/publications/nistpubs/800-21/800-21.pdf

39) SP 800-19 Mobile Agent Security http://csrc.nist.gov/publications/nistpubs...19/sp800-19.pdf

40) SP 800-17 Modes of Operation Validation System (MOVS): Requirements and Procedures http://csrc.nist.gov/publications/nistpubs/800-17/800-17.pdf

41) SP 800-16 Information Technology Security Training Requirements: A Role- and Performance-Based Model (supersedes NIST Spec. Pub. 500-172) http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf

42) SP 800-12 An Introduction to Computer Security: The NIST Handbook http://csrc.nist.gov/publications/nistpubs...12/handbook.pdf

Please submit your payment of $999.00 for a complete Regulatory Compliance Assessment for one applicable regulation.

Business Name:
Contact Information:
Email Address:
URL or IP address:

Other members of our business group:
Cloud-Security.us | US-scada.com

COPYRIGHT (C) 2000 - 2013 InfoSecPro.com ALL RIGHTS RESERVED