Date Published: October 2003
Author(s)
Tim Grance (NIST), Marc Stevens (BAH), Marissa Myers (BAH)
The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and availability of mission critical information. The guide seeks to assist in choosing IT security products that meet an organization's requirements. It should be used with other NIST publications to develop a comprehensive approach to meeting an organization's computer security and information assurance requirements. This guide defines broad security product categories, specifies product types within those categories, and then provides a list of characteristics and pertinent questions an organization should ask when selecting a product from within these categories.
The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and availability of mission critical information. The guide seeks to assist in choosing IT security products that meet an...
See full abstract
The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and availability of mission critical information. The guide seeks to assist in choosing IT security products that meet an organization's requirements. It should be used with other NIST publications to develop a comprehensive approach to meeting an organization's computer security and information assurance requirements. This guide defines broad security product categories, specifies product types within those categories, and then provides a list of characteristics and pertinent questions an organization should ask when selecting a product from within these categories.
Hide full abstract
Keywords
Computer security; enterprise architecture; life cycle; products; security controls
Control Families
Access Control;
Security Assessment and Authorization;
Identification and Authentication;
Incident Response;
Media Protection;
Risk Assessment;
System and Communications Protection;
System and Information Integrity;
System and Services Acquisition;