Security White Papers

From the National Institute of Standards and Technology U.S. Department of Commerce

Security Assessment & Testing

Guide to Intrusion Detection and Prevention Systems

Guide for Conducting Risk Assessments (Draft)

Understanding Insecure IT: Practical Risk Assessment

Model-based Approach to Security Test Automation

Technical Guide to Information Security Testing and Assessment

Intro to Information Security Testing and Assessment:

Security Assessment Provider Requirements and Customer Responsibilities

Risk Management

Risk Management Guide for Information Technology Systems

Risk Management Framework FAQs

Guide for Applying the Risk Revision 1 Management Framework to Federal Information Systems

Insider Threats

Mitigating the Insider Threat - Building a Secure Workforce - by Deloitte

FBI: The Insider Threat

FBI: How to Spot a Possible Insider Threat

Network Security

Guidelines on Firewalls and Firewall Policy

Guide to IPsec VPNs

System and Network Security Acronyms and Abbreviations

Guide to Securing Legacy IEEE 802.11 Wireless Networks

Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense

Security Incident Handling

Computer Security Incident Handling Guide

Guide to Malware Incident Prevention and Handling for Desktops and Laptops

Establishing a Secure Framework


Guide to Storage Encryption Technologies for End User Devices

A Cautionary Note Regarding Evaluation of AES Candidates

Cryptography Key Management

Enterprise Key Management Challenges and Framework

Cryptographic Module Validation Program FIPS

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program

Requirements and Desirable Features of U.S. Federal Cryptographic Key Management Systems

Securing Web Servers

Guidelines on Securing Public Web Servers

Mobile Computing Security

Guidelines for Managing and Securing Mobile Devices in the Enterprise

Security of Bluetooth Systems and Devices

Cloud Computing Security

Cloud Computing Synopsis and Recommendations

Cloud Computing Synopsis and Recommendations

Guidelines on Security and Privacy in Public Cloud Computing

Hardware Security & Biometrics

BIOS Integrity Measurement Guidelines

Biometric Specifications for Personal Identity Verification

General Security

History of Computer Security

Guide to Protecting the Confidentiality of Personally Identifiable Information

Guide to Using Vulnerability Naming Schemes

Guide to Secure Web Services

Surviving Insecure IT: Effective Patch Management

Common Remediation Enumeration

The National Cybersecurity Workforce Framework (Overview)

Applying the Continuous Monitoring Technical Reference Model

Guide to Information Technology Security Services

The Technical Specification for the Security Content Automation Protocol

Guide to General Server Security

Guide to Enterprise Password Management