Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 43

The National Institute of Standards and Technology (NIST) is a federal agency designed to improve science, standards, and technology. Over the years, NIST has created many publications related to information security and recommendations on how to secure different types of systems. In recent years, the NIST has created Special Publication (SP) documents that relate to many aspects of security, security controls, penetration testing, and cybersecurity. Following are some key special publications to be aware of:

 NIST SP 800-30: This special publication provides guidance related to risk assessment.

 NIST SP 800-53: This special publication provides guidance related to security and privacy controls.

 NIST SP 800-39: This special publication provides guidance on risk management strategies.

There are a number of other standards and recommendations published by NIST that are designed to help organizations improve security:

 NIST Cybersecurity Framework (CSF): The NIST CSF is designed to help organizations create a solid cybersecurity program. The framework is organized into five functions to help identify assets within the business and reduce the risk against those assets. The five functions are identify, protect, detect, respond, and recover.

 NIST SP 800-115: In this special publication the NIST makes recommendations on steps to take when performing information security testing and assessments.