Date Published: October 1995
Withdrawn: June 22, 2017
Superseded By: SP 800-12 Rev. 1 (June 2017)
Author(s)
Barbara Guttman (NIST), Edward Roback (NIST)
This handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations. The handbook provides a broad overview of computer security to help readers understand their computer security needs and develop a sound approach to the selection of appropriate security controls. It does not describe detailed steps necessary to implement a computer security program, provide detailed implementation procedures for security controls, or give guidance for auditing the security of specific systems.
This handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or...
See full abstract
This handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations. The handbook provides a broad overview of computer security to help readers understand their computer security needs and develop a sound approach to the selection of appropriate security controls. It does not describe detailed steps necessary to implement a computer security program, provide detailed implementation procedures for security controls, or give guidance for auditing the security of specific systems.
Hide full abstract
Keywords
Computer security; guidance; IT security; security controls
Control Families
Access Control;
Audit and Accountability;
Awareness and Training;
Security Assessment and Authorization;
Configuration Management;
Contingency Planning;
Identification and Authentication;
Incident Response;
Maintenance;
Media Protection;
Personnel Security;
Physical and Environmental Protection;
Planning;
Risk Assessment;
System and Communications Protection;
System and Information Integrity;
System and Services Acquisition;