https://wiki.owasp.org/index.php?action=history&feed=atom&title=Industry%3AProject_Review%2FNIST_SP_800-37r1_FPD_Appendix_A 2026-05-07T13:23:42Z Revision history for this page on the wiki MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_A&diff=74685&oldid=prev 2009-12-04T05:10:28Z

<p>Created page with &#039;{| align=&quot;right&quot; | __TOC__ |} &lt;big&gt;APPENDIX A&lt;/big&gt; &lt;big&gt;&#039;&#039;&#039;REFERENCES&#039;&#039;&#039;&lt;/big&gt; LAWS, POLICIES, DIRECTIVES, INSTRUCTIONS, STANDARDS, AND GUIDELINES {{GIC-NISTSP80037r1FPDRef…&#039;</p> <p><b>New page</b></p><div>{| align=&quot;right&quot;<br /> | __TOC__<br /> |}<br /> <br /> &lt;big&gt;APPENDIX A&lt;/big&gt;<br /> <br /> &lt;big&gt;'''REFERENCES'''&lt;/big&gt;<br /> <br /> LAWS, POLICIES, DIRECTIVES, INSTRUCTIONS, STANDARDS, AND GUIDELINES<br /> <br /> <br /> {{GIC-NISTSP80037r1FPDReferenceHeaders<br /> | Text=LEGISLATION<br /> }}<br /> <br /> 1. [http://fismapedia.org/index.php?title=Doc:E-Government_Act E-Government Act] [includes FISMA] ([http://fismapedia.org/index.php?title=Doc:P.L._107-347 P.L. 107-347]), December 2002.<br /> <br /> 2. [http://fismapedia.org/index.php?title=Doc:Federal_Information_Security_Management_Act Federal Information Security Management Act] ([http://fismapedia.org/index.php?title=Doc:P.L._107-347 P.L. 107-347], Title III), December 2002.<br /> <br /> 3. [http://fismapedia.org/index.php?title=Doc:Paperwork_Reduction_Act Paperwork Reduction Act] ([http://fismapedia.org/index.php?title=Doc:P.L._104-13 P.L. 104-13]), May 1995.<br /> <br /> {{GIC-NISTSP80037r1FPDReferenceHeaders<br /> | Text=POLICIES, DIRECTIVES, INSTRUCTIONS<br /> }}<br /> <br /> 1. Committee on [http://fismapedia.org/index.php?title=Term:National_Security_Systems National Security Systems] ([http://fismapedia.org/index.php?title=AnA:CNSS CNSS]) Instruction 4009, National [http://fismapedia.org/index.php?title=Term:Information_Assurance Information Assurance] Glossary, June 2006.<br /> <br /> 2. Committee on [http://fismapedia.org/index.php?title=Term:National_Security_Systems National Security Systems] ([http://fismapedia.org/index.php?title=AnA:CNSS CNSS]) Instruction 1253, [http://fismapedia.org/index.php?title=Term:Security_Categorization Security Categorization] and Control Selection for [http://fismapedia.org/index.php?title=Term:National_Security_Systems National Security Systems], October 2009.<br /> <br /> 3. [http://fismapedia.org/index.php?title=Office_of_Management_and_Budget Office of Management and Budget], [http://fismapedia.org/index.php?title=Doc:Circular_A-130 Circular A-130], Appendix III, Transmittal Memorandum #4, Management of Federal [http://fismapedia.org/index.php?title=Term:Information_Resources Information Resources], November 2000.<br /> <br /> 4. [http://fismapedia.org/index.php?title=Doc:Office_of_Management_and_Budget_Memorandum_M-02-01 Office of Management and Budget Memorandum M-02-01], Guidance for Preparing and Submitting Security [http://fismapedia.org/index.php?title=Term:Plans_of_Action_and_Milestones Plans of Action and Milestones], October 2001.<br /> <br /> {{GIC-NISTSP80037r1FPDReferenceHeaders<br /> | Text=STANDARDS<br /> }}<br /> <br /> 1. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Federal_Information_Processing_Standards_Publication_199 Federal Information Processing Standards Publication 199], Standards for [http://fismapedia.org/index.php?title=Term:Security_Categorization Security Categorization] of Federal Information and Information Systems, February 2004.<br /> <br /> 2. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Federal_Information_Processing_Standards_Publication_200 Federal Information Processing Standards Publication 200], Minimum [http://fismapedia.org/index.php?title=Term:Security_Requirements Security Requirements] for Federal Information and Information Systems, March 2006.<br /> <br /> {{GIC-NISTSP80037r1FPDReferenceHeaders<br /> | Text=GUIDELINES<br /> }}<br /> <br /> 1. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-18 Special Publication 800-18], Revision 1, Guide for Developing Security Plans for Federal Information Systems, February 2006.<br /> <br /> 2. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-27 Special Publication 800-27], Revision A, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2004.<br /> <br /> 3. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-30 Special Publication 800-30], [http://fismapedia.org/index.php?title=Term:Risk_Management Risk Management] Guide for Information Technology Systems, July 2002.<br /> <br /> 4. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-39 Special Publication 800-39] (Second Public Draft), Managing Risk from Information Systems: An Organizational Perspective, April 2008.<br /> <br /> 5. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-53 Special Publication 800-53], Revision 3, Recommended [http://fismapedia.org/index.php?title=Term:Security_Controls Security Controls] for Federal Information Systems and Organizations, August 2009.<br /> <br /> 6. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-53A Special Publication 800-53A], Guide for Assessing the [http://fismapedia.org/index.php?title=Term:Security_Controls Security Controls] in Federal Information Systems: Building Effective [http://fismapedia.org/index.php?title=Term:Security_Assessment Security Assessment] Plans, July 2008.<br /> <br /> 7. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-59 Special Publication 800-59], Guideline for Identifying an Information System as a [http://fismapedia.org/index.php?title=Term:National_Security_System National Security System], August 2003.<br /> <br /> 8. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-60 Special Publication 800-60], Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, August 2008.<br /> <br /> 9. [http://fismapedia.org/index.php?title=National_Institute_of_Standards_and_Technology National Institute of Standards and Technology] [http://fismapedia.org/index.php?title=Doc:Special_Publication_800-70 Special Publication 800-70], Revision 1, National Checklist Program for IT Products--Guidelines for Checklist Users and Developers, September 2009.<br /> <br /> <br /> == Sources ==<br /> <br /> * [http://csrc.nist.gov/publications/drafts/800-37-Rev1/SP800-37-rev1-FPD.pdf NIST SP 800-37 Rev. 1 DRAFT Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach]<br /> <br /> [[Category:GIC-NISTSP80037r1FPDFPD]]</div>

Dan Philpott