NIST IT Security: Search

NIST Site Search

Product Research

Advertise on this site

Headlines

eEye Digital Security - Zero-Day Tracker

»	Mac OS X ARDAgent Local Privilege Escalation ARDAgent in Apple Mac OS X 10.5 and 10.4 allows local users to gain privileges via an osascript tell ...
»	Creative Software AutoUpdate Engine ActiveX stack buffer overflow The Creative Software AutoUpdate Engine ActiveX control is a component that provides automatic updat ...
»	Internet Connection Sharing DoS A denial of service vulnerability exists within the Internet Connection Sharing service in Microsoft ...
»	RPC Memory Exhaustion The three referenced exploits take advantage of an inherent problem in RPC, in which an attacker get ...

Date published: Thu, 20 Nov 2008 21:48:00 PST
Details

GCN.com IT Security News

»	IT security: Survey says it's better A majority of federal decisionmakers surveyed about cybersecurity say they are more confident about ...
»	Transition Watch: Cybersecurity challenges loom for Obama Some tough cybersecurity tasks left over from the Bush administration will need the attention of the ...
»	Linux gets Common Criteria certs Oracle's Linux OS meets Common Criteria Evaluation Assurance Level 4+ and complies with the Controll ...
»	GCN Lab Review: Norton Internet Security 2009 GCN Lab Review: Norton Internet Security 2009 is speedier than previous versions and fights malware, ...
»	Coviello: Better times ahead for government IT security New administration and a heightened awareness point to a new priority, according to RSA Security CEO ...
»	NIST extends comment period for draft assistance in assessing security controls An interagency work group is developing a set of examples to help IT administrators meet requirement ...
»	Agency partnership improves mobile data security The Data at Rest Tiger Team, DOD’s Enterprise Software Initiative and GSA’s SmartBuy are ...
»	Unisys' Stealth Solution Unisys Corp. has announced a new technology method for safeguarding the flow of sensitive data acros ...

Date published: Thu, 20 Nov 2008 20:01:28 GMT
Details

US-CERT Current Activity

»	Malicious Code Spreading Through USB Flash Drive Devices
»	Adobe Releases Update for AIR
»	Apple Releases Security Updates for Safari
»	U.S. Federal Reserve Fraudulent Email Scam
»	Mozilla Releases Updates to Address Vulnerabilities in Multiple Products
»	Apple Releases iLife Support 8.3.1
»	Microsoft Releases November Security Bulletin
»	VMware Releases Security Advisory VMSA-2008-0018 and Updates VMSA-2008-0016.1
»	Adobe Reader Exploit Circulating
»	Microsoft Releases Advance Notification for November Security Bulletin

Date published: not known
Details

SecurityFocus News

»	News: Microsoft hopes free security means less malware Microsoft hopes free security means less malware
»	News: Researchers find more flaws in wireless security Researchers find more flaws in wireless security
»	News: Secure hash competition kicks off Secure hash competition kicks off >> Advertisement << Can you answer th ...
»	News: You don't know (click)jack You don't know (click)jack
»	Brief: Brief study shows difficulty in detecting malware Brief study shows difficulty in detecting malware

Date published: not known
Details

ha.ckers.org web application security lab

»	HTTPOnly Fix In MSXML I’m happy to announce that Microsoft has released MS08-069 today. It’s got a lot of cha ...
»	Lifelock Protects You from Clickjacking Well, now I’ve seen everything. Just when I didn’t think I could ever be amazed more by ...
»	Security Expert Rehabilitation In light of my last gloom and doom post, I wanted to turn the tables and add some humor. A while ba ...
»	Apocalyptic Vulnerability Percentages - FUD 101 I’ve spent a long time in the trenches and recently I’ve been getting more and more jade ...
»	More McAfee Snakeoil Ranting I know a lot of people are just tired of the same old PCI ASV rant that really surfaced last year, b ...
»	Clickjacking Details Today is the day we can finally start talking about clickjacking. This is just meant to be a quick ...
»	Tomcat SSL Fingerprinting I ran into this a few weeks ago and I thought it was just so silly I had to post it. If you telnet ...
»	OWASP Pelting I’m already back in the airport after a long day over at the world OWASP conference in New Yor ...
»	Clickjacking There’s been a bit of drama over the last week or so around the upcoming world OWASP conferenc ...
»	More Timing Precision Enhancements Okay, so my last post on timing precision was interesting, but then I went back and started doing mo ...

Date published: not known
Details

Tech Insider

»	First, Figure Out the Online App, Then ...
»	A Serious Gamer for the Obama Team
»	Feds May Want Vendors to Vouch
»	CACI Hires Former FBI CIO
»	What If We're All the CTO?
»	What should the CTO do?
»	Former Feds Mentioned as Possible Federal CTO
»	Abuzz Over the Federal CTO
»	Are Staffing Troubles Brewing? Find Out
»	Making the Google Government a Reality
»	Lessons from Change.gov
»	CIOs: Counselor vs. Value Seeker
»	CTO Chatter Begins
»	Defense's Looming Fiscal Crisis
»	Technology We (Want to) Believe In

Date published: not known
Details

CIAC Updates

»	T-025: Vulnerabilities in Microsoft XML Core Services A remote code execution vulnerability exists in the way that Microsoft XML Core Services parses XML ...
»	T-024: Vulnerability in Server Message Block (SMB) A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Pr ...
»	T-023: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco P ...
»	T-022: OpenOffice.org Security Vulnerabilities Several vulnerabilities have been discovered in the OpenOffice.org office suite, in the WMF file par ...
»	T-021: libspf2 DNS TXT Vulnerability libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. An SPF record ...
»	T-020: Security Update for Adobe Reader 8 and Acrobat 8 Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions ...
»	T-019: libxml2 Vulnerability It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. T ...
»	T-018: Vulnerability in Server Service A remote code execution vulnerability exists in the Server service on Windows systems. The vulnerabi ...
»	T-017: Gear Software CD DVD Filter Vulnerability The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allo ...
»	T-016: iseemedia / Roxio / MGI Software LPViewer ActiveX Vulnerabilities The iseemedia LPViewer ActiveX control contains multiple stack buffer overflows, which can allow a r ...
»	T-015: InstallShield / Macrovision / Acresso FLEXnet Connect Vulnerabilities Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, whi ...
»	CIACTech08-003: Understanding Cross-Site Scripting (XSS) Cross-Site Scripting has become an increasingly prevalent attack vector that can be leveraged to per ...
»	CIACTech08-002: Understanding Windows Hash Dumpers and Crackers Windows hash dumping tools are often spotlighted as hacker tools that can somehow magically extract ...
»	CIACTech08-001: Understanding PHP Exploits Many websites use the PHP programming language to build web pages on the fly from individual files a ...
»	CIACTech07-001: MOICE - Microsoft Office Isolated Conversion Environment A common cyber attack is to send a user an Office document (Word, Excel, PowerPoint) containing mal ...

Date published: not known
Details

Search NIST IT Security

Results 1 - 8 of 8 in Content

FISMA
Federal Information Security Management Act Implementation Project Protecting the Nation\'s Critical Information Infrastructure “Each...
Posted on Monday 28 November 2005 - 22:00:00 in

Non-Encrypted Hall of Shame
...ata protection within the federal government, how FISMA relates to all this, and the massive finger pointing that is just getting started. Proper enc...
Posted on Wednesday 10 October 2007 - 19:55:58 in

Federal Information Processing Standards (FIPS)
With the passage of the Federal Information Security Management Act (FISMA) of 2002 all Federal Information Processing Standards (FIPS) are now manda...
Posted on Sunday 22 January 2006 - 16:44:21 in

NIST SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems
Federal Information Security Management Act (FISMA), requires each federal agency to develop, document, and implement an agency-wide information secur...
Posted on Saturday 21 January 2006 - 22:00:00 in

NIST SP 800-26 rev 1, Security Self-Assessment Guide for Information Technology Systems
... the Federal Information Security Management Act (FISMA) and Office of Management and Budget (OMB) policy, each agency must implement and maintain an ...
Posted on Wednesday 18 January 2006 - 22:00:00 in

NIST SP 800-66 HIPAA Security Rule
...ermissible uses and/or disclosures. Although FISMA applies to all federal agencies and all information types, only a subset of agencies is subjec...
Posted on Tuesday 17 January 2006 - 22:00:00 in

OMB Circular A-130
...nt and compliance with this Circular." Under FISMA all NIST FIPS documents are now required. The 800 series documents are also going to be used ...
Posted on Sunday 11 December 2005 - 22:00:00 in

Security
...as we would like. Auditors are now turning to \"best practices\" when judging how well we\'re complying with FISMA requirements.
Posted on Wednesday 30 November 2005 - 17:11:34 in

Results 1 - 1 of 1 in Links

FISMA | Government Computer News - FISMA Compliance Page
An excellent FISMA news portal. This page only contains links to news articles related to FISMA
http://www.gcn.com/FISMA/

Results 1 - 10 of 16 in News

News Release - LogLogic Announces FISMA Control and Compliance Suite Based On NIST For Government Organizations
... the Federal Information Security Management Act (FISMA), adding to the industry's deepest log reporting and alerting capabilities. Offering more tha...
Posted on Sunday 13 May 2007 - 15:19:25

FISMA guidance nearly complete
... NIST’s computer security division. // @@@fisma, nist, gov, sp, 800, 53, federal, information, security, management, act, guidance, guidelines...
Posted on Thursday 01 December 2005 - 04:25:48

New audit management ISO 17799, FISMA compliance software
...major mandates and standards including ISO 17799, FISMA, NERC CIP, GLBA, and HIPAA. The company has also integrated 16 CIS benchmarks into Command Cen...
Posted on Sunday 11 December 2005 - 00:26:53

New FISMA compliance tool by McAfee
...with Federal Information Security Management Act (FISMA) of 2002 and four other federal and commercial regulations. // @@@nist, fisma, fips, gov,...
Posted on Monday 28 November 2005 - 20:31:24

Hardening Microsoft Windows – STIGS, Baselines, and Compliance
...Sarbanes, Oxley, Gramm, Leach, Bliley, Act, glba, fisma, federal, management@@@ Windows hardening is basically locking down and securing the ope...
Posted on Friday 09 February 2007 - 04:09:59

U.S. Government Standardizing on Windows Hardening
...ndardized, standards, implementation, guidelines, fisma, 800-53@@@ Few federal agencies have fully implemented NIST.gov, CIS, DISA, or NSA harde...
Posted on Monday 26 March 2007 - 21:33:22

Veterans Affairs Banning Use of Home Computers for Official Business
...ably going to be required to do this anyway under FISMA and to meet their POA&M requirements. It is next to impossible to lock down employee's home co...
Posted on Saturday 10 June 2006 - 21:54:10

Stop Taking Work Home If You Don't Encrypt It!
...You may have thought you could whitewash all that FISMA, A-130, FIPS, etc., compliance stuff but this is for real. You're going to see the hit the f...
Posted on Monday 22 May 2006 - 18:43:51

Government Employee Guilty of Hacking Supervisors Computer
...ss. The auditor had been working on IT Security FISMA audits. // @@@ig, fisma, auditor, department, education, spying, boss, arrested, fired, k...
Posted on Wednesday 01 March 2006 - 19:13:26

DHS Network - 6.5 Million porn pages accessed
... DHS was also criticized for the usual A-130 and FISMA shortfalls, such as; it needs to draft security plans, institute certification and accreditat...
Posted on Tuesday 31 January 2006 - 04:09:19

Go to page >>

Results 1 - 1 of 1 in Forum

As part of thread: Oracle 10g NIST Controls

Forum -> NIST SP 800 Documents

...started. There are commercially available compliance tools as well such as http://www.integrigy.com/solutions/government-oracle-fisma-stig
Posted by NIST.org on Tuesday 25 September 2007 - 17:47:46

Results in Comments

No matches found

Results 1 - 2 of 2 in Other Pages

FISMA - MANAGING ENTERPRISE RISK
The Nine-Step Process Toward Achieving More Secure Information Systems *Categorize (your information and information system) *Select (the appro...
Posted on Monday 28 November 2005 - 21:25:43

NIST Book Store
...Ethical Hacking »Malware, Spyware, Viruses »FISMA Compliance, Policies, etc »PKI, Encryption, Smartcards »Windows Security Guides »HIPA...
Posted on Friday 17 November 2006 - 13:52:10

Results in Bugtracker2

No matches found

Translate to:

Latest NIST.org news and comments

Microsoft Has Released An Extremely Urgent Out of Band Windows Update Posted on:10/23/08

If You Haven't Patched Your DNS Server Yet You're Simply Negligent Posted on:08/06/08

Firefox 3.0 Vulnerabilities, 2.0.x Also Vulnerable Posted on:06/21/08

Ransomware Will Win The War Posted on:06/16/08

WordPress Sites Need To Upgrade, The Rest Of Us Need To Watch This Too. Posted on:05/01/08

SQL Injections Continue – 100s of Thousands of URL's Infected Posted on:04/28/08

Symantec Raises Threat Level Due To In The Wild Image File Exploits Posted on:04/10/08

SANS Internet Storm Center Starts Monthly Podcast Posted on:04/10/08

FBI Reports Online Crime At All Time High Posted on:04/07/08

Symantec Antivirus ActiveX Vulnerability Posted on:04/06/08

MS Excel "Extremely Critical" Vulnerability Allows Remote Code Execution Posted on:01/18/08

RealPlayer Buffer Overflow Vulnerability – Highly Critical Posted on:01/06/08

Highly Critical and Extremely Critical Vulnerabilities in Lotus Notes and Apple Quicktime Posted on:11/29/07

New Phishing Scam Hitting Hard, No Clicks Required Posted on:11/15/07

RealPlayer Extremely Critical Vulnerability Posted on:10/24/07

Google Ads

NIST Security Books

NIST IT Security Books

Training / Books

»Security Certifications -
» CISSP, SSCP, Security+, etc.

»Computer Forensics

»Ethical Hacking

»Malware, Spyware, Viruses

»FISMA Compliance, Policies, etc

»PKI, Encryption, Smartcards

»Windows Security Guides

»HIPAA, SOX, CISP, etc.

NIST.org Security Bookstore

Current Security News

SANS Internet Storm Center, InfoCON: green

» Infocon: green

» Large quantity SQL Injection mitigation , (Thu, Nov 20th)
[19 Nov 2008 09:00pm]

» How to Handle DDoS Incidents?, (Wed, Nov 19th)
[19 Nov 2008 08:58pm]

» An Ad for DDoS Services - Network, Phone, Competition, (Wed, Nov 19th)
[19 Nov 2008 08:57pm]

» Are We Doomed?, (Wed, Nov 19th)
[19 Nov 2008 03:38pm]

» 2 Cheat Sheets for Incident Handling, (Wed, Nov 19th)
[19 Nov 2008 11:40am]

» Security Awareness Training is Boring, (Wed, Nov 19th)
[19 Nov 2008 08:19am]

***
***
CNET News.com - Security

» Report: Obama's cell records improperly accessed
[20 Nov 2008 09:41pm]

» Phishing, e-mail money laundering scams on the rise
[20 Nov 2008 05:56pm]

» USB devices spreading viruses
[20 Nov 2008 05:10pm]

» British PM comments on NASA hacker Gary McKinnon
[20 Nov 2008 03:15pm]

» Is white listing going mainstream?
[20 Nov 2008 02:42pm]

» Video: Daily Debrief: Devising your Black Friday strategy
[20 Nov 2008 01:41pm]

» Certification credited with boosting online confidence
[20 Nov 2008 12:30pm]

» iTunes customers angry over copy protection moves at Apple
[19 Nov 2008 06:57pm]

» Security firm Finjan raises $22 million
[19 Nov 2008 04:21pm]

» Green Hills spins off Integrity operating system
[19 Nov 2008 03:32pm]

» Texas university launches security tech incubator
[19 Nov 2008 03:07pm]

» Antivirus firms shrug at Microsoft's free security suite
[19 Nov 2008 11:38am]

» How Live OneCare changed the antivirus landscape
[19 Nov 2008 09:14am]

» Will Microsoft's antivirus move draw antitrust fire?
[18 Nov 2008 04:17pm]

» Microsoft to offer free consumer security suite
[18 Nov 2008 03:28pm]

***Computerworld Security News

» Bush's exit to put new e-records system to the test
[20 Nov 2008 10:00pm]

» Massachusetts extends compliance deadline on new data encryption rules
[19 Nov 2008 10:00pm]

» Opinion: Obama's BlackBerry is no security threat
[19 Nov 2008 10:00pm]

» Teenager pleads guilty to botnet, 'swatting' charges
[18 Nov 2008 10:00pm]

» How much does spam cost you? Google will calculate
[18 Nov 2008 10:00pm]

» Feds urged to provide cybersecurity incentives
[18 Nov 2008 10:00pm]

» More Security News

***

More IT Security
News Feeds

NIST - Books You Need

NIST Bookstore

RSS Feeds

Our news can be syndicated by using these rss feeds.

Add to NetVibes

Add to Bloglines

Add to NewsGator

Add to My Yahoo

Add to Technorati

Subscribe in FeedLounge

Add to ProtoPage

Symantec News

Welcome

Other News

News Release - LogLogic Announces FISMA Control and Compliance Suite Based On NIST For Government Organizations

Commercial spyware using rootkit techniques to avoid removal

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.