Home
IATRP


INFOSEC Assurance Training and Rating Program

We realize that many students have not had their name added to the IATRP certified list, or information updated. We apologize for the delays and any inconvenience. The website is in the process of being reworked without any change to what you should see. Please contact iatrp@iatrp.com if you feel your information is not correct or needs updating. Thank you for your patience and we apologize for any inconvenience.

INFOSEC Info
INFOSEC Assurance

IAM Info
IAM Certified People
IAM Certification Classes
IAM Modules

IEM Info
IEM Certified People
IEM Certification Classes
IEM Modules

IA-CMM Info
Awards & Ceremonies
Rated Organizations
Manual - Version 3.1

Other Links
IA Regulations Comments

Tools
Functional Flow
Site Map

What's New
- New Look & Feel
 - IAM version 3.1
 - New Program Number: 410-854-8959

NSA logo with link to www.nsa.gov

POLICIES, REGULATIONS, GUIDELINES, CIRCULARS

Before you conduct an assessment, be aware of current regulations, manuals, certificates, rules for that particular company that you are assessing. Some of the many Rules/Regulations/Guides can be found at the following sites: (Note that this is not an all-inclusive list.)

Government/DoD

C4I http://www.cygnacom.com/certification/dod_acq.htm
DoD http://www.defenselink.mil/execsec/adr1999/apdx_k.html .mil site
DoD 8500.2

DLM - Defense Logistics Management Standards Office site for numerous publications: http://www.dla.mil/j-6/dlmso/eLibrary/Manuals/other.asp .mil site
DoD 8500.2 http://www.dla.mil/j-6/dlmso/eLibrary/Manuals/other.asp .mil site
DoD 8500.2 http://niap.nist.gov/cc-scheme/policy/dod/d85002p.pdf
DoD 8500.1 and 2 http://www.eitoolkit.com/tools/initiation/info_assurance/10_8500_1_8500_2_dla_reference.ppt
DoD http://www.fcw.com/article78608-01-26-03-Print
DoDhttp://www.fcw.com/article78907-02-27-03-Web
DoD 8100.1 and 2 http://www.dtic.mil/whs/directives/corres/pdf/d81002_041404/d81002p.pdf .mil site
DITSCAP http://www.cygnacom.com/certification/ditscap.htm
DCID 6/3 http://www.cygnacom.com/certification/dcid63.htm
DoD Publicatons: DISA www.disa.mil .mil site
DoD 8500.2 Malicious Software http://iase.disa.mil/index2.html .mil site
DoD 8570.1

DCID 6/3 http://www.watchfire.com/securityzone/dcid.aspx
DITSCAP, Appendix Q http://www.i-assure.com/services/ditscap.htm
DSS Security Awareness http://www.dss.mil/training/salinks.htm#iss .mil site

FAR/DFAR http://www.acqnet.gov/far/

Section 508 Compliance Policy: http://www.section508.gov/index.cfm?FuesAction=Content&ID=3
Office of Acquisition Management: http://oamweb.osec.doc.gov
GAO - General Accounting Office: http://www.gao.gov/sitemap.html
Global CERTS http://www.globalcerts.net/government.php
Information Assurance (IA) Controls DIACAP http://www.cygnacom.com/certification/ia_controls.htm
NIACAP http://www.cygnacom.com/certification/niacap.htm
Non-DoD http://www.dla.mil/j-6/dlmso/eLibrary/Manuals/nondod.asp .mil site
Procurement Regulations: http://www.procurement-lawyer.com/regulations.htm
Regulations galore: http://www.regulations.gov/ and click on "Regulations by topic"
Security Assistance Act of 2002: http://www.disam.dsca.mil/pubs/USG/images/PDF/SAA%20OF%202002.htm .mil site

FEDERAL

FIPS Regulation- Electronic Data Interchange (EDI): http://www.itl.nist.gov/fipspubs/fip161-2.htm
FIPS Publications: Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems 199:
http://industries.bnet.com/whitepaper.aspx?scname=Enterprise+Architecture&scname=Enterprise+Architecture&x=40&docid=116702
FIPS 81 http://www.itl.nist.gov/fipspubs/fip81.htm
FIPS 140-1 http://www.entrust.com/resources/fips1401.htm
FIPS 140-2 Regulations http://www.corsec.com/docs.php
Office of the Federal Registery - GPO http://www.gpoaccess.gov/nara/index.html
OPM - Office of Personnel Management http://www.Opm.gov

Federal and Private Industry Publications

Federal Laws & Regulations (MS Word)

FIPS Pub 200 Minimum Security Requirements for Federal Information and Information Systems Dated Mar 2006
http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf

FINANCE compliance (Sarbanes/Oxley Act of 2002):

http://www.concur.com/solutions/value/compliance/default.asp?c1=sox1&source=google&kw=sarbanes_oxley_act
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
Office of Management and Budget (OMB) (OMB A-130 Circular) http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html
OMB Regulations: http://www.whitehouse.gov/omb/inforeg/regpol.html

HEALTH:

Health Service Policies and Regulations: http://www.hhs.gov/
HIPAA Advisory: http://www.hipaamanager.com/hm/what.cfm

HIPAA.Org

INDUSTRY STANDARDS:

Cabinet Office:

IdeaBYte on Information Assurance: "http://images.telos.com/files/external/Xacta_Paving_New_Ground.pdf"
EMA IA: http://www.emainc.com/capabilities/infoassur.asp

INTERNET SECURITY:

Carnegie Mellon Internet Security Expertise:http://www.cert.org

NATIONAL:

Information Assurance Technical Framework (IATF): http://www.iatf.net/framework_docs/version-3_1/index.cfm

NIST 800 Series:

NIST 800-48 Wireless Network Security: 802.11, Bluetooth, and Handheld Devices, November 2002: Committee on National Security Systems: http://www.cnss.gov/instructions.html

NSA

Operational Security (OPSEC)

NSA:

DSS:

Acronyms: http://www.nsa.gov/ia/acronyms.cfm?MenuID=10
Acronyms: http://www.acronymfinder.com/

Note: We realize that ".mil" sites are not accessible to everyone, so we have tried to give you a variety of links to assist you.
Comments and suggestions are always welcome.

Contact Us | Phone: 410-854-8959