Ruslan Rakhmetov, Security Vision
In the previous publication we started listing the most interesting from our point of view NIST 800-series and 1800-series documents, and in this article we will continue our work.
Document SP 800-37 Rev. 2, ‘Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy,’ describes the NIST Risk Management Framework ( RMF) and provides recommendations for applying the framework to information systems and organisations to manage cyber risks, logically linking the list of proposed safeguards to those listed in NIST SP 800-53.
Document SP 1800-5, ‘IT Asset Management,’ provides the characteristics of an effective IT asset management (ITAM, IT Asset Management) software solution and lists the cyber risks of a missing or incomplete asset inventory process.
SP 800-125 ‘Guide to Security for Full Virtualisation Technologies’ provides general recommendations for virtual infrastructures: securing all components of the virtualisation platform, managing administrative access, securing the hypervisor, and planning to secure all virtual components before deployment.
Document SP 800-125A Rev. 1 ‘Security Recommendations for Server-based Hypervisor Platforms’) describes basic hypervisor security features without being architecture- or platform-specific.
SP 800-125B ‘Secure Virtual Network Configuration for Virtual Machine (VM) Protection’ describes techniques for network segmentation, network redundancy, traffic control using firewalls, and virtual network monitoring for virtual infrastructure cybersecurity.
SP 800-187 ‘Guide to LTE Security’ describes the principles of 4th generation cellular networks (LTE) and their security architecture, with an analysis of threats to LTE networks and how to neutralise them.
SP 800-190 ‘Application Container Security Guide’ describes information security threats when using application containerisation technology and provides recommendations on how to mitigate them.
SP 800-121 Rev. 2 ‘Guide to Bluetooth Security’ provides information on the security capabilities of Bluetooth wireless technology and provides guidance on how to effectively implement these capabilities.
SP 800-184, Guide for Cybersecurity Event Recovery, provides guidance on business continuity and recovery from cyber incidents, including the development of response and recovery plans, guidelines, playbooks, and recovery playbooks, and includes metrics for evaluating the effectiveness of the cyber-attack recovery process.
SP 800-150 Guide to Cyber Threat Information Sharing provides guidance on sharing data on indicators of compromise, attacker tactics, techniques, and procedures, and the results of analyses of processed cyber incidents to help identify reliable sources of such data, agree on information sharing rules, and effectively use cyber intelligence to improve cybersecurity.
Document SP 800-46 Rev. 2, ‘Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security,’ provides guidance on developing policies to ensure secure remote work by considering various technology options.
SP 800-167 ‘Guide to Application Whitelisting’ provides suggestions for creating an allow-list of executables, libraries, configuration files by using technologies built into the OS, using a variety of evaluation criteria (digital signature, hash, location), and using audit mode to evaluate rules.
The document SP 800-88 Rev. 1 ‘Guidelines for Media Sanitisation’ provides guidelines for removing sensitive information from various types of media, depending on the criticality of the data, with roles and responsibilities for the sanitisation process.
Document SP 800-101 Rev. 1 ‘Guidelines on Mobile Device Forensics’ provides a summary of current mobile devices, networks, and technologies as of 2014 (the year of the latest revision) and provides guidance on conducting cyber forensic investigations of mobile devices.
Document SP 800-83 Rev. 1 ‘Guide to Malware Incident Prevention and Handling for Desktops and Laptops’ provides guidance on responding to malware-related cyber incidents (MIR), including a description of basic MIR defence tactics and response phases (preparation, detection, analysis, containment, remediation, recovery, and root cause analysis).
Document SP 800-30 Rev. 1 Guide for Conducting Risk Assessments addresses the procedure for conducting a risk assessment, which is a fundamental component of an organisation's risk management process in accordance with NIST SP 800-39, along with risk identification, treatment, and monitoring.
Document SP 800-61 Rev. 2 Computer Security Incident Handling Guide, despite the year of the latest current revision (2012), will be useful for building cyber incident response processes.
SP 800-94 Rev. 1 (Draft) ‘Guide to Intrusion Detection and Prevention Systems’ contains a draft description of intrusion detection and prevention technologies and provides recommendations for their implementation, configuration, and operation.
SP 800-153 ‘Guidelines for Securing Wireless Local Area Networks’ provides guidelines for configuring and monitoring wireless networks for security.
SP 800-144 ‘Guidelines on Security and Privacy in Public Cloud Computing’ may be outdated as it was released 10 years ago, in December 2011, but the issues raised in the publication about how companies can securely use cloud infrastructures are still relevant.
SP 800-137 ‘Information Security Continuous Monitoring for Federal Information Systems and Organisations’ describes the principles of a continuous information security monitoring strategy, which is based on assessing the effectiveness of defensive measures and the security status of systems to help provide situational awareness of the state of cybersecurity based on information gathered from various resources.
SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View, is fundamental to the NIST cyber risk management framework and provides a vendor-independent, structured, and flexible approach to IS risk management that includes the steps of identifying, assessing, processing, and monitoring cyber risks.
Document SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems, provides guidance for an organisation's contingency planning, including developing a business continuity policy and strategy, conducting a systems criticality analysis, conducting drills and tests, and updating the plan.
Document SP 800-41 Rev. 1 ‘Guidelines on Firewalls and Firewall Policy’ describes some firewall technologies (current as of 2009) and provides recommendations for implementing firewalls and developing firewall policies.
SP 800-115 ‘Technical Guide to Information Security Testing and Assessment’ provides guidance on developing and conducting information security assessment processes and procedures to find vulnerabilities in a network/system or to verify compliance with IS policies.
SP 800-92 ‘Guide to Computer Security Log Management’, released in 2006, provides a high-level description of building an IS event management process.
SP 800-86 ‘Guide to Integrating Forensic Techniques into Incident Response’ describes the process of effective cyber forensic operations and provides guidance on how to utilise valuable sources of technical forensic data.
