Date Published: October 2008
Author(s)
Shirley Radack (NIST)
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-123, Guide to General Server Security: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Wayne Jansen of NIST and by Miles Tracy of Federal Reserve Information Technology. The guide helps organizations select, implement and maintain security controls for their servers, such as those that provide web and email services. The bulletin summarizes the information in the guide, and covers the needed activities for implementing and maintaining the security of servers that provide services over network communications as their main function. Issues covered in the bulletin include common server vulnerabilities and threats, the requirements to protect servers, and how to install, configure and maintain secure servers through organizational efforts for careful planning and the implementation of appropriate management practices and controls.
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-123, Guide to General Server Security: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Wayne Jansen of NIST and by Miles Tracy of Federal Reserve...
See full abstract
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-123, Guide to General Server Security: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Wayne Jansen of NIST and by Miles Tracy of Federal Reserve Information Technology. The guide helps organizations select, implement and maintain security controls for their servers, such as those that provide web and email services. The bulletin summarizes the information in the guide, and covers the needed activities for implementing and maintaining the security of servers that provide services over network communications as their main function. Issues covered in the bulletin include common server vulnerabilities and threats, the requirements to protect servers, and how to install, configure and maintain secure servers through organizational efforts for careful planning and the implementation of appropriate management practices and controls.
Hide full abstract
Keywords
information systems security; information technology; network servers; public Web servers; server security; risk management; security controls; security management; Web applications.
Control Families
Access Control; Audit and Accountability; Configuration Management; Identification and Authentication; Incident Response; Maintenance; Physical and Environmental Protection; Planning; System and Communications Protection; System and Information Integrity