SF - 3.09.0 - NIST
NIST is not a framework, but rather simply a reference to the Computer Security Resource Center (http://csrc.nist.gov) of the National Institute of Standards and Technology of the United States government.
It is a truly valuable resource for anyone involved in information security. I tell classes that I facilitate in the United States that they should check it out since it is their tax dollars at work. I tell everyone else that it is available to them, free of charge, and it is not even their tax dollars at work.
One of the factors that makes this both an extraordinary valuable resource, and difficult to describe, is that it is constantly updated. There are a number of older documents and resources that are available on the site, but most of them get updated or replaced fairly regularly. I used to recommend a document numbered 800-37. It was one of the early checklists with, yes, roughly 135 items on it. Subsequently it was replaced by 800-37 version 2, which was a more principle oriented framework, but, unfortunately, to my way of thinking, was less useful. Valuable, yes, but not as useful as the original had been. However, most of the material on this site is very valuable, and it covers an extraordinary range of topics. One of the areas that it covers is looking at tools in the field of forensics. I was privileged to hear the presentation by the person who did the research, one time, and the depth and comprehensiveness of his research was truly astounding. If you know what you are doing, and are in court up against someone who is depending upon evidence gained from a disk image, with this knowledge you can rip their case to shreds.
And all of this is available, at no charge to the user.
Security frameworks (SF) series:
Introduction and ToC: https://fibrecookery.blogspot.com/2026/06/security-frameworks-sf-0000-intro-and.html
Next: TBA
No comments:
Post a Comment