Information Technology Reference
In-Depth Information
Control
Reference
Description of
Applicability
a
Category/Document
AC
SP 800-14:
Generally Accepted Principles
and Practices for Securing Information
Technology Systems
AC
SP 800-12:
An Introduction to Computer
Security: The NIST Handbook
At
Awareness and training
AT
FIPS 200:
Security Controls for Federal
Information Systems
AT
SP 800-100:
Information Security
Handbook for Managers
AT
SP 800-66:
An Introductory Resource
Guide for Implementing the Health
Insurance Portability and Accountability
Act (HIPAA) Security Rule
AT
SP 800-50:
Building an Information
Technology Security Awareness and
Training Program
AT
SP 800-40:
Procedures for Handling
Security Patches
AT
SP 800-31:
Intrusion Detection Systems
(IDSs)
AT
SP 800-16:
Information Technology
Security Training Requirements: A Role-
and Performance-Based Model
AT
SP 800-14:
Generally Accepted Principles
and Practices for Securing Information
Technology Systems
AT
SP 800-12:
An Introduction to Computer
Security: The NIST Handbook
AU
Audit and Accountability
AU
FIPS 200:
Security Controls for Federal
Information Systems
AU
FIPS 198:
The Keyed-Hash Message
Authentication Code (HMAC)