Security Standards & Best Practices
- Building an Information Technology Security Awareness and Training Program (NIST SP 800-50)
- Common Attack Pattern Enumeration and Classification (CAPEC)
- Common Sense Guide to Prevention and Detection of Insider Threats (CERT)
- Common Vulnerability Scoring System (CVSS) (FIRST)
- Control Objectives for Information and related Technology (COBIT®)
- DoD Information Assurance Certification and Accreditation Process (DIACAP)
- Federal Enterprise Architecture Security and Privacy Profile, Version 2.0
- FIRST Best Practice Guide Library (BPGL)
- Guidance for Managing Third-Party Risk (FDIC)
- Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities (NIST SP 800-84)
- Information Assurance Technology Analysis Center (IATAC)
- Information Assurance Workforce Improvement Program (DoD 8570.1-M)
- Information Technology Infrastructure Library (ITIL)
- IT Security Essential Body of Knowledge (EBK)
- International Organization for Standardization (ISO)
- Microsoft Security Guidance
- National Institutes of Standards and Technology (NIST) Special Publications
- Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE®)
- Payment Card Industry Data Security Standard (PCI-DSS)
- Process Reference Model For Assurance Mapping To CMMI-DEV (DHS)
- Security Content Automation Protocol (SCAP) (NIST)
- Sensitive Database Extracts Technical Frequently Asked Questions (NIST / OMB)
- Software Assurance: Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software (DHS)
Phone: (603) 488-6600 