NIST SP 800-39FPD Appendix A
APPENDIX A
REFERENCES
LAWS, POLICIES, DIRECTIVES, INSTRUCTIONS, STANDARDS, AND GUIDELINES
LEGISLATION |
1. E-Government Act [includes FISMA] (P.L. 107-347), December 2002.
2. Federal Information Security Management Act (P.L. 107-347, Title III), December 2002.
POLICIES, DIRECTIVES, INSTRUCTIONS |
1. Committee on National Security Systems (CNSS) Instruction 4009, National Information Assurance (IA) Glossary, April 2010.
2. Committee on National Security Systems (CNSS) Instruction 1253, Security Categorization and Control Selection for National Security Systems, October 2009.
3. Office of Management and Budget, Circular A-130, Appendix III, Transmittal Memorandum #4, Management of Federal Information Resources, November 2000.
STANDARDS |
1. National Institute of Standards and Technology Federal Information Processing Standards Publication 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004.
2. National Institute of Standards and Technology Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.
3. ISO/IEC 15408:2005, Common Criteria for Information Technology Security Evaluation, 2005.
GUIDELINES |
1. National Institute of Standards and Technology Special Publication 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems, February 2006.
2. National Institute of Standards and Technology Special Publication 800-30, Revision 1, Guide for Conducting Risk Assessments, (Projected February 2011).
3. National Institute of Standards and Technology Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, February 2010.
4. National Institute of Standards and Technology Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations, August 2009.
5. National Institute of Standards and Technology Special Publication 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans, June 2010.
6. National Institute of Standards and Technology Special Publication 800-59, Guideline for Identifying an Information System as a National Security System, August 2003.
7. National Institute of Standards and Technology Special Publication 800-60, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, August 2008.
8. National Institute of Standards and Technology Special Publication 800-70, Revision 1, National Checklist Program for IT Products--Guidelines for Checklist Users and Developers, September 2009.
9. National Institute of Standards and Technology Special Publication 800-137, Initial Public Draft, Continuous Monitoring Strategies and Programs for Federal Information Systems and Organizations, Projected December 2010.
