Home

ISATRP


Information Security Assurance Training and Rating Program


Please keep your contact information current.
Please contact isatrp (at) isatrp.org if you feel your information needs updating.


Information Security Info
Information Security Assurance

ISAM Info
ISAM Certified People
ISAM Certification Classes
CPE Requirements

ISRM Info
ISRM Certified People
ISRM Certification Classes
CPE Requirements

ISA-CMM Info
Rated Organizations

Other IAM Certified People
IEM Certified People

IA Regulations Comments

SH logo with link

POLICIES, REGULATIONS, GUIDELINES, CIRCULARS

Before you conduct an assessment, be aware of current regulations, manuals, certificates, rules for that particular company that you are assessing. Some of the many Rules/Regulations/Guides can be found at the following sites: (Note that this is not an all-inclusive list.) Some links may be out of date, please let us know if you find links that are out of date or great resources that should be added.

Government/DoD

C4I http://www.cygnacom.com/certification/dod_acq.htm
DoD http://www.defenselink.mil/execsec/adr1999/apdx_k.html .mil site
DoD 8500.2

DLM - Defense Logistics Management Standards Office site for numerous publications: http://www.dla.mil/j-6/dlmso/eLibrary/Manuals/other.asp .mil site
DoD 8500.2 http://www.dla.mil/j-6/dlmso/eLibrary/Manuals/other.asp .mil site
DoD 8500.2 http://niap.nist.gov/cc-scheme/policy/dod/d85002p.pdf
DoD 8500.1 and 2 http://www.eitoolkit.com/tools/initiation/info_assurance/10_8500_1_8500_2_dla_reference.ppt
DoD http://www.fcw.com/article78608-01-26-03-Print
DoDhttp://www.fcw.com/article78907-02-27-03-Web
DoD 8100.1 and 2 http://www.dtic.mil/whs/directives/corres/pdf/d81002_041404/d81002p.pdf .mil site
DITSCAP http://www.cygnacom.com/certification/ditscap.htm
DCID 6/3 http://www.cygnacom.com/certification/dcid63.htm
DoD Publicatons: DISA www.disa.mil .mil site
DoD 8500.2 Malicious Software http://iase.disa.mil/index2.html .mil site
DoD 8570.1

DCID 6/3 http://www.watchfire.com/securityzone/dcid.aspx
DITSCAP, Appendix Q http://www.i-assure.com/services/ditscap.htm
DSS Security Awareness http://www.dss.mil/training/salinks.htm#iss .mil site

FAR/DFAR http://www.acqnet.gov/far/

Section 508 Compliance Policy: http://www.section508.gov/index.cfm?FuesAction=Content&ID=3
Office of Acquisition Management: http://oamweb.osec.doc.gov
GAO - General Accounting Office: http://www.gao.gov/sitemap.html
Global CERTS http://www.globalcerts.net/government.php
Information Assurance (IA) Controls DIACAP http://www.cygnacom.com/certification/ia_controls.htm
NIACAP http://www.cygnacom.com/certification/niacap.htm
Non-DoD http://www.dla.mil/j-6/dlmso/eLibrary/Manuals/nondod.asp .mil site
Procurement Regulations: http://www.procurement-lawyer.com/regulations.htm
Regulations galore: http://www.regulations.gov/ and click on "Regulations by topic"
Security Assistance Act of 2002: http://www.disam.dsca.mil/pubs/USG/images/PDF/SAA%20OF%202002.htm .mil site

FEDERAL

FIPS Regulation- Electronic Data Interchange (EDI): http://www.itl.nist.gov/fipspubs/fip161-2.htm
FIPS Publications: Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems 199:
http://industries.bnet.com/whitepaper.aspx?scname=Enterprise+Architecture&scname=Enterprise+Architecture&x=40&docid=116702
FIPS 81 http://www.itl.nist.gov/fipspubs/fip81.htm
FIPS 140-1 http://www.entrust.com/resources/fips1401.htm
FIPS 140-2 Regulations http://www.corsec.com/index.php?option=com_content&task=blogcategory&id=41&Itemid=100
Office of the Federal Registery - GPO http://www.gpoaccess.gov/nara/index.html
OPM - Office of Personnel Management http://www.Opm.gov

Federal and Private Industry Publications

Federal Laws & Regulations (MS Word)

FIPS Pub 200 Minimum Security Requirements for Federal Information and Information Systems Dated Mar 2006
http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf

FINANCE compliance (Sarbanes/Oxley Act of 2002):

http://www.concur.com/solutions/value/compliance/default.asp?c1=sox1&source=google&kw=sarbanes_oxley_act
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
Office of Management and Budget (OMB) (OMB A-130 Circular) http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html
OMB Regulations: http://www.whitehouse.gov/omb/inforeg/regpol.html

HEALTH:

Health Service Policies and Regulations: http://www.hhs.gov/
HIPAA Advisory: http://www.hipaamanager.com/hm/what.cfm

HIPAA.Org

INDUSTRY STANDARDS:

Cabinet Office:

IdeaBYte on Information Assurance: "http://images.telos.com/files/external/Xacta_Paving_New_Ground.pdf"
EMA IA: http://www.emainc.com/capabilities/infoassur.asp

INTERNET SECURITY:

Carnegie Mellon Internet Security Expertise:http://www.cert.org

NATIONAL:

Information Assurance Technical Framework (IATF): http://www.iatf.net/framework_docs/version-3_1/index.cfm

NIST 800 Series:

NIST 800-48 Wireless Network Security: 802.11, Bluetooth, and Handheld Devices, November 2002: Committee on National Security Systems: http://www.cnss.gov/instructions.html

NSA

Operational Security (OPSEC)

NSA:

DSS:

Acronyms: http://www.nsa.gov/ia/acronyms.cfm?MenuID=10
Acronyms: http://www.acronymfinder.com/

Note: We realize that ".mil" sites are not accessible to everyone, so we have tried to give you a variety of links to assist you.
Comments and suggestions are always welcome.


Contact Us

© 2013 Security Horizon, Inc.
All rights reserved