INFORMATION SECURITY
LIBRARY RESOURCES

• The National Strategy to Secure Cyberspace (February 2003)
• The President's Critical Infrastructure Protection Board
• National Infrastructure Advisory Council (DHS)


• NSA Security Configuration Guides
  Includes guides for applications, database servers, operating systems, routers, switches, web servers and browsers, wireless, and more...


• The Committee on National Security Systems (CNSS)


• National Institute of Standards and Technology (NIST)
• Computer Security Resource Center (CSRC)
• Computer Security Division (CSD) Publications
• NIST Special Publications
• An Introduction to Computer Security: The NIST Handbook (SP 800-12, Oct. 1995)
• Generally Accepted Principles and Practices for Securing Information Technology Systems (SP 800-14, Sep. 1996)
• Guide for Developing Security Plans for Federal Information Systems (SP 800-18 Rev. 1, Feb. 2006)
• Security Self-Assessment Guide for Information Technology Systems (SP 800-26, Nov. 2001)
• Engineering Principles for Information Technology Security (A Baseline for Achieving Security) (SP 800-27 Rev. A, June 2004)
• Risk Management Guide for Information Technology Systems (SP 800-30, July 2002)
• Contingency Planning Guide for Information Technology Systems (SP 800-34, June 2002)
• Recommended Security Controls for Federal Information Systems (SP 800-53, Feb. 2005)
• Computer Security Incident Handling Guide (SP 800-61, Jan. 2004)
• Security Considerations in the Information System Development Life Cycle (SP 800-64 Rev. 1, June 2004)
This site also contains guidelines for Malware Incident Prevention and Handling, IPsec VPNs, Securing Microsoft Windows XP Systems, Health Insurance Portability and Accountability Act (HIPAA), Computer Security Incident Handling Guide, Security Considerations for Voice Over IP Systems, Transport Layer Security (TLS), Wireless Network Security (802.11, Bluetooth, and Handheld Devices), Security for Telecommuting and Broadband Communications, Electronic Mail Security, Securing Public Web Servers, Guidance for Windows 2000 Professional, Network Security Testing, Guidelines on Firewalls and Firewall Policy, Intrusion Detection Systems (IDS), and more.



• U.S. Department of Defense Directive (DoDD) 8500.1 — Information Assurance
• DoDD 8500.1
• Auburn University tutorial


• National Information Assurance Partnership (NIAP)


• National Operations Security Program (National Security Decision Directive 298)
• Interagency OPSEC Support Staff


• Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security


• National Information Assurance Training and Education Center (NIATEC) Web Site
• Information Security and Forensics Tools
• Information Assurance Videos
• Information Assurance Videos Created by NIATEC Students
• Standards for Developing Curricula
• Information Assurance Course Modules
• Curriculum - Ethics
• Curriculum - Law and Legal
• Publications and Texts
• Seminal IA Papers from University of California at Davis (Historic)
• Common Criteria
• Common Criteria Tools
• Government Documents
• Federal Information Processing Standards Pubs [links 1-5]
• National Computer Security Center (NCSA) [links 6-7]
• National Institute of Standards and Technology (NIST) [links 8-9]
• National Standard Training for Info Security Standards (NSTISS) [link 10]
• New Zealand Security of Information Technology Pubs [link 11]
• U.S. Department of Defense (DoD) [link 12]
• U.S. Department of Justice (DOJ) [links 13-14]
• U.S. National Security Agency (NSA) [link 15]
• U.S. Office of Management and Budgets (OMB) [link 16]
• U.S. Office of Personnel Management (OPM) [link 17]
• White House [link 18]


• Documents of Historic Significance
• National Computer Security Center (NCSC) Rainbow Series Library
• Federation of American Scientists (FAS) Intelligence Resource Program
• NIST History of Computing, Early Computer Security Papers
• Presidential and National Security Directives
• Presidential Directives (PD): Carter Administration, 1977-81
• National Security Decision Directives (NSDD): Reagan Administration, 1981-1989
• National Security Directives (NSD): Bush Administration, 1989-93
• Presidential Decision Directives (PDD): Clinton Administration, 1993-2000
• The Clinton Administration's Policy on Critical Infrastructure Protection: Presidential Decision Directive 63, May 22, 1998
• National Security Presidential Directives (NSPD): George W. Bush Administration, 2001-2006