Information Security Assurance
Training and Rating Program
Please keep your contact information current.
Please contact isatrp (at) isatrp.org if you feel your information needs updating.
Before you conduct an assessment, be aware of current regulations, manuals, certificates, rules for that particular company that you are assessing. Some of the many Rules/Regulations/Guides can be found at the following sites: (Note that this is not an all-inclusive list.) Some links may be out of date, please let us know if you find links that are out of date or great resources that should be added.
DoD http://www.defenselink.mil/execsec/adr1999/apdx_k.html .mil site
DCID 6/3 http://www.watchfire.com/securityzone/dcid.aspx
DITSCAP, Appendix Q http://www.i-assure.com/services/ditscap.htm
DSS Security Awareness http://www.dss.mil/training/salinks.htm#iss .mil site
Section 508 Compliance Policy: http://www.section508.gov/index.cfm?FuesAction=Content&ID=3
Office of Acquisition Management: http://oamweb.osec.doc.gov
GAO - General Accounting Office: http://www.gao.gov/sitemap.html
Global CERTS http://www.globalcerts.net/government.php
Information Assurance (IA) Controls DIACAP http://www.cygnacom.com/certification/ia_controls.htm
Non-DoD http://www.dla.mil/j-6/dlmso/eLibrary/Manuals/nondod.asp .mil site
Procurement Regulations: http://www.procurement-lawyer.com/regulations.htm
Regulations galore: http://www.regulations.gov/ and click on "Regulations by topic"
Security Assistance Act of 2002: http://www.disam.dsca.mil/pubs/USG/images/PDF/SAA%20OF%202002.htm .mil site
FIPS Regulation- Electronic Data Interchange (EDI): http://www.itl.nist.gov/fipspubs/fip161-2.htm
FIPS Publications: Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems 199:
FIPS 81 http://www.itl.nist.gov/fipspubs/fip81.htm
FIPS 140-1 http://www.entrust.com/resources/fips1401.htm
FIPS 140-2 Regulations http://www.corsec.com/index.php?option=com_content&task=blogcategory&id=41&Itemid=100
Office of the Federal Registery - GPO http://www.gpoaccess.gov/nara/index.html
OPM - Office of Personnel Management http://www.Opm.gov
FIPS Pub 200 Minimum Security Requirements for Federal Information
and Information Systems Dated Mar 2006
Office of Management and Budget (OMB) (OMB A-130 Circular) http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html
OMB Regulations: http://www.whitehouse.gov/omb/inforeg/regpol.html
Health Service Policies and Regulations: http://www.hhs.gov/
HIPAA Advisory: http://www.hipaamanager.com/hm/what.cfm
NIST 800 Series:
We realize that ".mil" sites are not accessible to everyone, so we have tried to give you a variety of links to assist you.
Comments and suggestions are always welcome.