Industry:Project Review/NIST SP 800-37r1 FPD Appendix A

APPENDIX A

REFERENCES

LAWS, POLICIES, DIRECTIVES, INSTRUCTIONS, STANDARDS, AND GUIDELINES

1. E-Government Act [includes FISMA] (P.L. 107-347), December 2002.

2. Federal Information Security Management Act (P.L. 107-347, Title III), December 2002.

3. Paperwork Reduction Act (P.L. 104-13), May 1995.

1. Committee on National Security Systems (CNSS) Instruction 4009, National Information Assurance Glossary, June 2006.

2. Committee on National Security Systems (CNSS) Instruction 1253, Security Categorization and Control Selection for National Security Systems, October 2009.

3. Office of Management and Budget, Circular A-130, Appendix III, Transmittal Memorandum #4, Management of Federal Information Resources, November 2000.

4. Office of Management and Budget Memorandum M-02-01, Guidance for Preparing and Submitting Security Plans of Action and Milestones, October 2001.

1. National Institute of Standards and Technology Federal Information Processing Standards Publication 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004.

2. National Institute of Standards and Technology Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.

1. National Institute of Standards and Technology Special Publication 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems, February 2006.

2. National Institute of Standards and Technology Special Publication 800-27, Revision A, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2004.

3. National Institute of Standards and Technology Special Publication 800-30, Risk Management Guide for Information Technology Systems, July 2002.

4. National Institute of Standards and Technology Special Publication 800-39 (Second Public Draft), Managing Risk from Information Systems: An Organizational Perspective, April 2008.

5. National Institute of Standards and Technology Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations, August 2009.

6. National Institute of Standards and Technology Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans, July 2008.

7. National Institute of Standards and Technology Special Publication 800-59, Guideline for Identifying an Information System as a National Security System, August 2003.

8. National Institute of Standards and Technology Special Publication 800-60, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, August 2008.

9. National Institute of Standards and Technology Special Publication 800-70, Revision 1, National Checklist Program for IT Products--Guidelines for Checklist Users and Developers, September 2009.