PaulDotCom mailing list archives
do you follow nist docs?
From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Fri, 30 Oct 2009 20:31:43 -0400
This may be better answered by someone who works for the US Federal Government (which I don't). I can't say that I have built anything exclusively to any NIST standards but have found many of them to be extremely valuable. I have found the NIST guides to be a very valuable resource (some more than others). When building new systems I have found the following guides to be very useful (I usually take bits and pieces from each - and best of all, all are free): NIST Guides NSA Guides (this is a great place to start when looking for security guidance around Cisco routers and switches.) CIS Benchmarks Microsoft Security Guidelines (for Microsoft OSes and products of course) Tim, you make want to check out some of these. You did not say whether you were deploying IIS or Apache. You will find references for both from the resources listed. You can also find a lot of guides online. There are also several good books around Apache Security. Unfortunately, I have not come across many good books dedicated to IIS security. You may want to check out the IIS resource kit from Microsoft Press. Jody _____ From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Michael Dickey Sent: Friday, October 30, 2009 11:19 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] do you follow nist docs? I don't want to usurp Tim's post, but with the mention of NIST, it brings up a question I've always had. Does anyone truly adhere to and build systems based off NIST docs? I'm not talking "inspired by" builds that take a handful of the settings and use them, but actually building to the specs such that you can say your build guide is NIST? This is a bit of a sanity check for me, as I'm skeptical. Don't get me wrong, I'm not dissing NIST! They make for great reading! (Usually.) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091030/55b42713/attachment.htm
Current thread:
- do you follow nist docs? Michael Dickey (Oct 30)
- do you follow nist docs? Jody & Jennifer McCluggage (Oct 30)
- do you follow nist docs? Ron Gula (Oct 30)
- do you follow nist docs? iamnowonmai (Oct 30)
- do you follow nist docs? Michael Dickey (Oct 31)
- do you follow nist docs? Tim Mugherini (Oct 31)
- do you follow nist docs? Michael Dickey (Oct 31)