Information Security

Below Federal Information Processing Standards Publications (FIPS PUBS) Listed by Number:

NIST FIPS PUBS 140-2 Security Requirements for Cryptographic Modules -- 01 May 25

NIST FIPS PUBS 180-3 Secure Hash Standard (SHS) -- 2008 October

NIST FIPS PUBS 181 Automated Password Generator (APG) -- 93 Oct 05

NIST FIPS PUBS 185 Escrowed Encryption Standard (EES) -- 94 Feb 09

NIST FIPS PUBS 186-3 Digital Signature Standard (DSS) -- 09 June

NIST FIPS PUBS 188 Standard Security Label for Information Transfer -- 94 Sept 6

NIST FIPS PUBS 190 Guideline for the Use of Advanced Authentication Technology Alternatives -- 94 Sept 28

NIST FIPS PUBS 191 Guideline for the Analysis of Local Area Network Security -- 94 Nov 9

NIST FIPS PUBS 196 Entity Authentication Using Public Key Cryptography -- 1997 Feb 18

Nevada Privacy Law requiring a company that transfers customer personal information outside of its secure system through an electronic transmission to use encryption. This law is effective since October 1, 2008 and after several ammendments will be effective in January 1, 2010.

Encryption requirements:
A company that does not accept a payment card (a credit card, charge card, debit card or similar card) in connection with a sale of goods or services must use encryption

1. To transfer any personal information through an electronic, nonvoice transmission (other than a facsimile) outside the company's secure system or

Massachusetts Privacy Law Security Standards:
- Written information security program
- Passwords, encryption for laptops
- Risk assessments
- Security policies around records retention
- Policies and procedures to prevent terminated employees from gaining access
- Physical access control policies and procedures
- Security incident response policies
- Monitoring for unauthorized access
- Encryption of PII on laptops and other portable devices
- Encryption of PII data in transmission

Effective: 1 January 2009

Federal Information Security Management Act of 2002 Report Templates

Section A: System Inventory and IT Security Performance
Section B: Identification of Significant Deficiencies
Section C: OIG Assessment of the POA&M Process
Section D: IT Systems and Infrastructures
Section E: Incident Detection and Handling Procedures

Download Free ISO 27001 Data Security Classification Management Templates

This templates classify the importance of data security management, covers such the level of importance of data to the organization such as:
1. Not Important to operations
2. Important for productivity
3. Business important information
4. Business vital information