Spam & Email Threats

Network Security

Privacy for Business

Need Security Advice?

IIS Security

Security on the Road

Incident Management

More Anti-Virus Info

On this page you will find links to computer security articles and papers available from the U.S. government and other thrid parties. Many of the federal documents are in the public domain, meaning that they can be freely copied and adapted. Although the advice you find in government security documents usually refers to protecting agencies and their systems, it is widely applicable to companies and their systems as well.

NIST=National Institute of Standards and Technology

A lot of useful security documentation has been published by NIST's Computer Security Division, one of eight divisions within NIST's Information Technology Laboratory. The stated mission of the Computer Security Division is to improve information systems security by:

  • Raising awareness of IT risks, vulnerabilities and protection requirements, particularly for new and emerging technologies;

  • Researching, studying, and advising agencies of IT vulnerabilities and devising techniques for the cost-effective security and privacy of sensitive Federal systems;

  • Developing standards, metrics, tests and validation programs: to promote, measure, and validate security in systems and services; to educate consumers; and to establish minimum security requirements for Federal systems

  • Developing guidance to increase secure IT planning, implementation, management and operation.

You will find a list of current NIST CSD publications available for download here. Most are available in Adobe Acrobat format (click here if you need Acrobat Reader). The documents are often numbered with the prefix SP, for Special Publication. We have put in direct links to some of them below.

Suggested Reading

A great place to start when developing information security handling practices at your organization:

Computer Security Incident Handling Guide, SP 800-61 (3 megabyte pdf)

A good companion document when developing an information system contingency plan for your organization:

Contingency Planning Guide for Information Technology Systems, SP 800-34 (2 megabyte pdf)

A great place to start when developing information security awareness and training at your organization:

Building an Information Technology Security Awareness and Training Program,
SP 800-50 (4 megabyte pdf)

NIST covers emerging technologies as well as established security technology and methodology. Wireless Network Security: 802.11, Bluetooth, and Handheld Devices,
SP 800-48 (1 megabyte pdf)

January 2002,

Guidelines on Firewalls and Firewall Policy, SP 800-14 (1 megabyte pdf)

Generally Accepted Principles and Practices for Securing Information Technology Systems,
September 1996

3 different file formats:
Postscript file (480 KB)
WordPerfect file (182 KB)
Adobe .pdf (188 KB)

SP 800-12 An Introduction to Computer Security: The NIST Handbook,
October 1995

 

The NIST Security Configuration Checklists Program (Draft NIST Special Publication 800-70)

Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist (Draft SP 800-68)


Updated December, 2004 by webloke © Stephen Cobb
Some article content reprinted by permission.
Article content copyright named author(s).