PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

do you follow nist docs?

From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Fri, 30 Oct 2009 20:31:43 -0400
This may be better answered by someone who works for the US Federal
Government (which I don't).  I can't say that I have built anything
exclusively to any NIST standards but have found many of them to be
extremely valuable.  I have found the NIST guides to be a very valuable
resource (some more than others).  When building new systems I have found
the following guides to be very useful (I usually take bits and pieces from
each - and best of all, all are free):

 

NIST Guides

NSA Guides (this is a great place to start when looking for security
guidance around Cisco routers and switches.)

CIS Benchmarks

Microsoft Security Guidelines (for Microsoft OSes and products of course)

 

Tim, you make want to check out some of these.  You did not say whether you
were deploying IIS or Apache.  You will find references for both from the
resources listed.  You can also find a lot of guides online.  There are also
several good books around Apache Security.  Unfortunately, I have not come
across many good books dedicated to IIS security.   You may want to check
out the IIS resource kit from Microsoft Press. 

 

Jody

 

 

  _____  

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Michael Dickey
Sent: Friday, October 30, 2009 11:19 AM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] do you follow nist docs?

 

I don't want to usurp Tim's post, but with the mention of NIST, it brings up
a question I've always had.

 

Does anyone truly adhere to and build systems based off NIST docs? I'm not
talking "inspired by" builds that take a handful of the settings and use
them, but actually building to the specs such that you can say your build
guide is NIST? This is a bit of a sanity check for me, as I'm skeptical.

 

Don't get me wrong, I'm not dissing NIST! They make for great reading!
(Usually.)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091030/55b42713/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: