nanog mailing list archives
RE: Sources of network security templates or designs
From: Sean Donelan <sean () donelan com>
Date: Tue, 29 Jun 2010 08:45:39 -0400 (EDT)
On Sat, 26 Jun 2010, Tomas L. Byrnes wrote:
While the DISA STIGs are probably the archetype, you have to start with whatever the sponsoring or certifying authority uses, if you need to pass some audit later.
True, but even sponsoring and certifying authorities need to get information from somewhere. So where should they get it from?
For example, amex/mastercard/visa/others created PCI security standards; and if all you want to do is achieve compliance with those security standards that's where you would stop. But where should the people creating the PCI security standards look beyond their own world to find better ideas to improve the next version? Replace "PCI" with whatever your favorite group is... CAG, SOX, FDCC, etc.
Those almost always reference NIST docs: http://www.nist.gov/itl/publications.cfm?defaultSearch=false&authorlist= &keywords=&topics=309&seriesName=&journalName=&datepicker1=&datepicker2= #
NIST documents are updated on a regular basis. If part of your job was helping to update NIST documents, are there other resources to consider
when updating those documents? Are there things in NIST documents you think could be improved?
For generic sources, I agree with Cymru as a good resource, but my favorite is SANS. http://www.sans.org/reading_room/
Current thread:
- Sources of network security templates or designs Sean Donelan (Jun 23)
- RE: Sources of network security templates or designs Chris Gravell (Jun 24)
- RE: Sources of network security templates or designs Sean Donelan (Jun 24)
- Re: Sources of network security templates or designs jul (Jun 26)
- RE: Sources of network security templates or designs Tomas L. Byrnes (Jun 26)
- RE: Sources of network security templates or designs Sean Donelan (Jun 29)
- RE: Sources of network security templates or designs Chris Gravell (Jun 24)