Special Publication 800-115
Technical Guide to
Information Security Testing
and Assessment
Recommendations of the National Institute
of Standards and Technology
Karen Scarfone
Murugiah Souppaya
Amanda Cody
Angela Orebaugh
Technical Guide to Information Security
Testing and Assessment
Recommendations of the National Institute of Standards and Technology
Karen Scarfone Murugiah Souppaya
Amanda Cody
Angela Orebaugh NIST Special Publication 800-115
C O M P U T E R S E C U R I T Y
Computer Security Division
Information Technology Laboratory
National Institute of St andards and Technology
Gaithersburg, MD 20899-8930
September 2008
U.S. Department of Commerce
Carlos M. Gutierrez, Secretary
National Institute of Standards and Technology
Dr. Patrick D. Gallagher, Deputy Director TECHNICAL GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at th e National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of
information technology (IT). ITL’s responsibilities include the development of technical, physical,
administrative, and management standards and guide lines for the cost-effective security and privacy of
sensitive unclassified information in Federal computer systems. This Special Publication 800-series
reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.
Certain commercial entities, equipment, or materials may be identified in this
document in order to describe an experimental procedure or concept adequately.
Such identification is not intended to imply recommendation or endorsement by the
National Institute of Standards and Technology, nor is it intended to imply that the
entities, materials, or equipment are necessa rily the best available for the purpose. National Institute of Standards and Technology Special Publication 800-115
Natl. Inst. Stand. Technol. Spec. Publ. 800-115, 80 pages (Sep. 2008)
iiTECHNICAL GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
Acknowledgements
The authors, Karen Scarfone and Murugiah Souppa ya of the National Institute of Standards and
Technology (NIST) and Ama nda Cody and Angela Orebaugh of B ooz Allen Hamilton, wish to thank
their colleagues who reviewed drafts of this documen t and contributed to its technical content. The
authors would like to acknowledge John Connor, Tim Grance, Blair Heiserman, Arnold Johnson, Richard
Kissel, Ron Ross, Matt Scholl, and Pat Toth of NIST and Steve Allison, Derrick Dicoi, Daniel Owens, Victoria Thompson, Selena Tonti, Theodore Winograd , and Gregg Zepp of Booz Allen Hamilton for their
keen and insightful assistance throughout the developm ent of the document. The authors appreciate all
the feedback provided during the public comment pe riod, especially by Marshall Abrams, Karen Quigg,
and others from MITRE Corporati on; William Mills of SphereCom Enterprises; and representatives from
the Financial Management Service (Department of the Treasury) and the Department of Health and Human Services (HHS).
Trademark Information
All names are registered trademarks or trademarks of their respective companies.
iiiTECHNICAL GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
Table of Contents
Executive Summary ..............................................................................................................ES-1
1. Introduction ..................................................................
NIST.SP.800-115 - Technical Guide to Information Security Testing and Assessment
安全标准 >
NIST >
文档预览
中文文档
80 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共80页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2023-01-05 17:30:05上传分享