Information Security Assurance
Training and Rating Program
Please keep your contact information current.
Please contact
isatrp@isatrp.org if you feel your information needs
updating.
Before you conduct an assessment, be aware of current regulations, manuals, certificates, rules for that particular company that you are assessing. Some of the many Rules/Regulations/Guides can be found at the following sites: (Note that this is not an all-inclusive list.) Some links may be out of date, please let us know if you find links that are out of date or great resources that should be added.
C4I http://www.cygnacom.com/certification/dod_acq.htm
DoD http://www.defenselink.mil/execsec/adr1999/apdx_k.html
.mil site
DoD 8500.2
DCID 6/3 http://www.watchfire.com/securityzone/dcid.aspx
DITSCAP, Appendix Q http://www.i-assure.com/services/ditscap.htm
DSS Security Awareness http://www.dss.mil/training/salinks.htm#iss .mil site
FAR/DFAR http://www.acqnet.gov/far/
Section 508 Compliance Policy: http://www.section508.gov/index.cfm?FuesAction=Content&ID=3
Office of Acquisition Management: http://oamweb.osec.doc.gov
GAO - General Accounting Office: http://www.gao.gov/sitemap.html
Global CERTS http://www.globalcerts.net/government.php
Information Assurance (IA) Controls DIACAP http://www.cygnacom.com/certification/ia_controls.htm
NIACAP http://www.cygnacom.com/certification/niacap.htm
Non-DoD http://www.dla.mil/j-6/dlmso/eLibrary/Manuals/nondod.asp
.mil site
Procurement Regulations: http://www.procurement-lawyer.com/regulations.htm
Regulations galore: http://www.regulations.gov/ and click on "Regulations by topic"
Security Assistance Act of 2002: http://www.disam.dsca.mil/pubs/USG/images/PDF/SAA%20OF%202002.htm .mil site
FIPS Regulation- Electronic Data Interchange (EDI): http://www.itl.nist.gov/fipspubs/fip161-2.htm
FIPS Publications: Federal Information Processing Standard (FIPS) 199, Standards
for Security Categorization of Federal Information and Information Systems 199:
http://industries.bnet.com/whitepaper.aspx?scname=Enterprise+Architecture&scname=Enterprise+Architecture&x=40&docid=116702
FIPS 81 http://www.itl.nist.gov/fipspubs/fip81.htm
FIPS 140-1 http://www.entrust.com/resources/fips1401.htm
FIPS 140-2 Regulations http://www.corsec.com/index.php?option=com_content&task=blogcategory&id=41&Itemid=100
Office of the Federal Registery - GPO http://www.gpoaccess.gov/nara/index.html
OPM - Office of Personnel Management http://www.Opm.gov
FIPS Pub 200 Minimum Security Requirements for Federal Information
and Information Systems Dated Mar 2006
http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf
http://www.concur.com/solutions/value/compliance/default.asp?c1=sox1&source=google&kw=sarbanes_oxley_act
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
Office of Management and Budget (OMB) (OMB A-130 Circular) http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html
OMB Regulations: http://www.whitehouse.gov/omb/inforeg/regpol.html
Health Service Policies and Regulations: http://www.hhs.gov/
HIPAA Advisory: http://www.hipaamanager.com/hm/what.cfm
HIPAA.Org
Cabinet Office:
IdeaBYte on Information Assurance: "http://images.telos.com/files/external/Xacta_Paving_New_Ground.pdf"NIST 800 Series:
NIST 800-48 Wireless Network Security: 802.11, Bluetooth, and Handheld Devices, November 2002:NSA
NSA:
DSS:
Acronyms: http://www.nsa.gov/ia/acronyms.cfm?MenuID=10
Acronyms: http://www.acronymfinder.com/
Note:
We realize that ".mil" sites are not accessible to everyone, so we have tried to give you a variety of links to assist you.
Comments and suggestions are always welcome.