NIST Cybersecurity Framework (CSF)
NIST Cybersecurity Framework (CSF): A voluntary set of standards, guidelines, and best practices designed to assist organizations in managing cybersecurity risk. It is composed of three parts – the Framework Core, the Framework Profile, and the Framework Implementation Tiers, each providing specific guidance for establishing new or improving existing cybersecurity programs. The framework has been […]
NIST SP 800-88
NIST SP 800-88: A special publication by the National Institute of Standards and Technology providing guidelines for media sanitization. It details how to properly clear, purge, and destroy data on different types of media to prevent unauthorized disclosure of sensitive information.
NIST SP 800-124
NIST SP 800-124: NIST Special Publication 800-124, titled “Guidelines for Managing the Security of Mobile Devices in the Enterprise,” is a guidance document from the National Institute of Standards and Technology (NIST). This publication provides recommendations for the secure deployment and management of mobile devices, such as smartphones and tablets, within enterprise environments. It covers […]
NIST SP 800-92
NIST SP 800-92: A publication by the National Institute of Standards and Technology providing guidelines for Computer Security Log Management. It explains the importance of log management in security incident identification and outlines best practices for log generation, analysis, storage, and disposal.
NIST SP 800-133
NIST SP 800-133: NIST Special Publication 800-133 provides guidance on generating cryptographic keys, which are used in many security protocols to provide confidentiality, integrity, and authentication. The guidance includes the provision of secure random number generators and other technical details necessary for secure key generation, aiding organizations in ensuring the adequacy of the cryptographic keys […]
NIST SP 800-154
NIST SP 800-154: A publication by the National Institute of Standards and Technology providing guidance on data-centric security within the System Development Life Cycle (SDLC). It emphasizes protecting data in federal information systems by integrating security considerations throughout the SDLC, from design to disposal.