NIST IT Security: Search

NIST Site Search

Product Research

Advertise on this site

Headlines

eEye Digital Security - Zero-Day Tracker

»	Excel Invalid Object A remote code execution vulnerability exists within Microsoft Excel which may allow for a remote att ...
»	Adobe PDF Buffer Overflow A vulnerability exists within Adobe Acrobat that allows an attacker to execute arbitrary code on a v ...
»	Creative Software AutoUpdate Engine ActiveX stack buffer overflow The Creative Software AutoUpdate Engine ActiveX control is a component that provides automatic updat ...
»	Internet Connection Sharing DoS A denial of service vulnerability exists within the Internet Connection Sharing service in Microsoft ...
»	RPC Memory Exhaustion The three referenced exploits take advantage of an inherent problem in RPC, in which an attacker get ...

Date published: Fri, 12 Mar 2010 23:09:00 PST
Details

SecurityFocus News

»	News: Change in Focus Change in Focus
»	News: Twitter attacker had proper credentials Twitter attacker had proper credentials
»	News: PhotoDNA scans images for child abuse PhotoDNA scans images for child abuse >> Advertisement << Can you answe ...
»	News: Conficker data highlights infected networks Conficker data highlights infected networks
»	Brief: Google offers bounty on browser bugs Google offers bounty on browser bugs

Date published: not known
Details

ha.ckers.org web application security lab

»	Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here ...
»	RSA Conference Wrapup Well another RSA Conference has come and gone. Lots of vendor noise about their product being the o ...
»	Facebook Patents Social Feeds and I Patent XSS In honor of the USPO’s decision to allow Facebook’s patent for social feeds I decided to ...
»	Banks, Businesses, Viruses and the UCC There’s an interesting post over at Krebs On Security talking about some poor company that is ...
»	Google Buzz Security Flaw … Speaking of Google, I got an email from TrainReq (the same fellow who allegedly hacked Miley ...
»	Nevermind, I Was Wrong, Google Is Evil I’ve been waiting a while to do this post - several weeks actually since my original post. In ...

Date published: not known
Details

US-CERT Current Activity

»	Apple Releases Safari 4.0.5
»	Microsoft Releases March Security Bulletin
»	Energizer DUO USB Battery Charger Software Allows Remote System Access
»	Cisco Releases Multiple Security Advisories
»	Microsoft Releases Advance Notification for March Security Bulletin
»	U.S. Census Bureau 2010 Census Campaign Warning
»	Microsoft Re-Releases Security Bulletin MS10-015
»	Microsoft Releases Security Advisory to Address VBScript Vulnerability
»	Adobe Releases a Security Update for Download Manager
»	Mozilla Releases Security Advisories

Date published: not known
Details

DOE-CIRC Updates

»	T-325: Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
»	T-324: Samba 'CAP_DAC_OVERRIDE' File Permissions Security Bypass Vulnerability Samba 'CAP_DAC_OVERRIDE' File Permissions Security Bypass Vulnerability
»	T-323: Microsoft Security Advisory (981374) Microsoft Security Advisory (981374)
»	T-322: March Patch Tuesday Notes March Patch Tuesday Notes
»	T-321: Energizer DUO USB battery charger software allows unauthorized remote system access Energizer DUO USB battery charger software allows unauthorized remote system access
»	T-320: Apache 2.2.14 mod_isapi Dangling Pointer Apache 2.2.14 mod_isapi Dangling Pointer
»	T-319: Apache Multiple Security Vulnerabilities Apache Multiple Security Vulnerabilities
»	T-318: Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities
»	T-317: Vulnerability in VBScript Could Allow Remote Code Execution Vulnerability in VBScript Could Allow Remote Code Execution
»	T-316: Microsoft Windows Client/Server Run-time Subsystem Local Privilege Escalation Vulnerability Microsoft Windows Client/Server Run-time Subsystem Local Privilege Escalation Vulnerability
»	T-315: PHP 5.2.13 Security Update PHP 5.2.13 Security Update
»	T-314: Microsoft Windows ICMPv6 Router Advertisement Remote Code Execution Vulnerability Microsoft Windows ICMPv6 Router Advertisement Remote Code Execution Vulnerability
»	T-313: Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerabi ...
»	T-312: Adobe Download Manager Unspecified Arbitrary File Download Vulnerability Adobe Download Manager Unspecified Arbitrary File Download Vulnerability
»	T-311: Microsoft Windows SMB Client Race Condition Remote Code Execution Vulnerability Microsoft Windows SMB Client Race Condition Remote Code Execution Vulnerability

Date published: not known
Details

Virus Bulletin news

»	Estonian virus writer sent to jail Author of Allapple virus sentenced.
»	Morphing PDFs in new SEO poisoning trick Harmless documents replaced by web pages containing malicious code.
»	Botnet taken down as ringleaders are arrested 'Mariposa' included almost 13 million zombies.
»	March issue of VB published The March issue of Virus Bulletin is now available for subscribers to download.
»	Spammers move from China to Russia Stricter rules on registering .cn domains leads to increase in malicious .ru domains.
»	Nearly 20% still running IE 6 VB poll finds users still running outdated browser despite campaigns to boycott it.

Date published: not known
Details

DarkReading - All Stories

»	Tech Insight: The Keys To Cohesive Encryption In The Enterprise Lack of standards for multivendor encryption make key management a major challenge today ...
»	Hackers Not Playing Games With Gaming Sites Internet gaming companies can be damaged by cyber attacks in a broader variety of ways than other co ...
»	Malware-Serving ISP Taken Down, Researchers Say "Troyak" went dark overnight, cutting off service to many Zeus botnets
»	Ex-TSA Employee Indicted For Tampering With Database Of Terrorist Suspects Case serves as a wake-up call on the potential dangers of malicious insider access to sensitive data ...
»	New Twitter Feature Looks For Malicious URLs Meanwhile, one in eight Twitter accounts is either malicious, suspicious, or suspended, according to ...

Date published: not known
Details

Search NIST IT Security

Results 1 - 8 of 8 in Content

FISMA
Federal Information Security Management Act Implementation Project Protecting the Nation\'s Critical Information Infrastructure “Each...
Posted on Monday 28 November 2005 - 22:00:00 in

Non-Encrypted Hall of Shame
...ata protection within the federal government, how FISMA relates to all this, and the massive finger pointing that is just getting started. Proper enc...
Posted on Wednesday 10 October 2007 - 19:55:58 in

Federal Information Processing Standards (FIPS)
With the passage of the Federal Information Security Management Act (FISMA) of 2002 all Federal Information Processing Standards (FIPS) are now manda...
Posted on Sunday 22 January 2006 - 16:44:21 in

NIST SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems
Federal Information Security Management Act (FISMA), requires each federal agency to develop, document, and implement an agency-wide information secur...
Posted on Saturday 21 January 2006 - 22:00:00 in

NIST SP 800-26 rev 1, Security Self-Assessment Guide for Information Technology Systems
... the Federal Information Security Management Act (FISMA) and Office of Management and Budget (OMB) policy, each agency must implement and maintain an ...
Posted on Wednesday 18 January 2006 - 22:00:00 in

NIST SP 800-66 HIPAA Security Rule
...ermissible uses and/or disclosures. Although FISMA applies to all federal agencies and all information types, only a subset of agencies is subjec...
Posted on Tuesday 17 January 2006 - 22:00:00 in

OMB Circular A-130
...nt and compliance with this Circular." Under FISMA all NIST FIPS documents are now required. The 800 series documents are also going to be used ...
Posted on Sunday 11 December 2005 - 22:00:00 in

Security
...as we would like. Auditors are now turning to \"best practices\" when judging how well we\'re complying with FISMA requirements.
Posted on Wednesday 30 November 2005 - 17:11:34 in

Results 1 - 1 of 1 in Links

FISMA | Government Computer News - FISMA Compliance Page
An excellent FISMA news portal. This page only contains links to news articles related to FISMA
http://www.gcn.com/FISMA/

Results 1 - 10 of 17 in News

News Release - LogLogic Announces FISMA Control and Compliance Suite Based On NIST For Government Organizations
... the Federal Information Security Management Act (FISMA), adding to the industry's deepest log reporting and alerting capabilities. Offering more tha...
Posted on Sunday 13 May 2007 - 15:19:25

FISMA guidance nearly complete
... NIST’s computer security division. // @@@fisma, nist, gov, sp, 800, 53, federal, information, security, management, act, guidance, guidelines...
Posted on Thursday 01 December 2005 - 04:25:48

New audit management ISO 17799, FISMA compliance software
...major mandates and standards including ISO 17799, FISMA, NERC CIP, GLBA, and HIPAA. The company has also integrated 16 CIS benchmarks into Command Cen...
Posted on Sunday 11 December 2005 - 00:26:53

New FISMA compliance tool by McAfee
...with Federal Information Security Management Act (FISMA) of 2002 and four other federal and commercial regulations. // @@@nist, fisma, fips, gov,...
Posted on Monday 28 November 2005 - 20:31:24

Hardening Microsoft Windows – STIGS, Baselines, and Compliance
...Sarbanes, Oxley, Gramm, Leach, Bliley, Act, glba, fisma, federal, management@@@ Windows hardening is basically locking down and securing the ope...
Posted on Friday 09 February 2007 - 04:09:59

DRAFT Special Publication 800-37 Revision 1 Available
...800-37, 800, 37, sp, risk, management, framework, FISMA, federal, information, systems, technology, nist, sp800, sp-800@@@ To learn more about t...
Posted on Tuesday 17 November 2009 - 20:41:18

U.S. Government Standardizing on Windows Hardening
...ndardized, standards, implementation, guidelines, fisma, 800-53@@@ Few federal agencies have fully implemented NIST.gov, CIS, DISA, or NSA harde...
Posted on Monday 26 March 2007 - 21:33:22

Veterans Affairs Banning Use of Home Computers for Official Business
...ably going to be required to do this anyway under FISMA and to meet their POA&M requirements. It is next to impossible to lock down employee's home co...
Posted on Saturday 10 June 2006 - 21:54:10

Stop Taking Work Home If You Don't Encrypt It!
...You may have thought you could whitewash all that FISMA, A-130, FIPS, etc., compliance stuff but this is for real. You're going to see the hit the f...
Posted on Monday 22 May 2006 - 18:43:51

Government Employee Guilty of Hacking Supervisors Computer
...ss. The auditor had been working on IT Security FISMA audits. // @@@ig, fisma, auditor, department, education, spying, boss, arrested, fired, k...
Posted on Wednesday 01 March 2006 - 19:13:26

Go to page >>

Results 1 - 2 of 2 in Forum

As part of thread: Authorizing Oficial?

Forum -> NIST SP 800 Documents

...rnment agencies. Each of them is required by law (FISMA) to have an information security program and have their implementation of the controls assess...
Posted by rriggins on Wednesday 19 August 2009 - 06:55:59

As part of thread: Oracle 10g NIST Controls

Forum -> NIST SP 800 Documents

...started. There are commercially available compliance tools as well such as http://www.integrigy.com/solutions/government-oracle-fisma-stig
Posted by NIST.org on Tuesday 25 September 2007 - 17:47:46

Results in Comments

No matches found

Results 1 - 2 of 2 in Other Pages

FISMA - MANAGING ENTERPRISE RISK
The Nine-Step Process Toward Achieving More Secure Information Systems *Categorize (your information and information system) *Select (the appro...
Posted on Monday 28 November 2005 - 21:25:43

NIST Book Store
...Ethical Hacking »Malware, Spyware, Viruses »FISMA Compliance, Policies, etc »PKI, Encryption, Smartcards »Windows Security Guides »HIPA...
Posted on Friday 17 November 2006 - 13:52:10

Results in Bugtracker2

No matches found

Translate to:

Latest NIST.org news and comments

NIST Computer Security Division Released Special Publication 800-38E Posted on:01/25/10

DRAFT Special Publication 800-37 Revision 1 Available Posted on:11/17/09

News Blog: "Mass Panic! The iPhone Has a Vulnerability" Posted on:07/30/09

First ZeroDay Exploit Hits Firefox Posted on:07/20/09

"FBI Probes Hacker's $10 Million Ransom Demand for Stolen Virginia Medical Records" Posted on:05/06/09

Free Online Antivirus, Spyware, and Firewall Scanners Review Posted on:05/04/09

Conflicker Worm / Botnet Downloads Mystery Payload – April 9th update Posted on:04/09/09

Conflicker Worm - April Fools Day Likely To Make Fools Out Of Us Either Way Posted on:03/30/09

ESET NOD32 False Positive for Kryptik.JX Causing Problems Posted on:03/09/09

New Report Shows 92 Percent of Critical Microsoft Vulnerabilities are Mitigated by Eliminating Admin Rights Posted on:02/03/09

Federal Employees At Risk Again From Monster.com Compromise Posted on:01/25/09

Microsoft Windows Does Not Disable AutoRun Properly - Technical Cyber Security Alert TA09-020A Posted on:01/21/09

Internet Explorer XML Exploit Allows Remote Code Execution Posted on:12/14/08

Microsoft Has Released An Extremely Urgent Out of Band Windows Update Posted on:10/23/08

If You Haven't Patched Your DNS Server Yet You're Simply Negligent Posted on:08/06/08

Google Ads

NIST Security Books

NIST IT Security Books

Training / Books

»Security Certifications -
» CISSP, SSCP, Security+, etc.

»Computer Forensics

»Ethical Hacking

»Malware, Spyware, Viruses

»FISMA Compliance, Policies, etc

»PKI, Encryption, Smartcards

»Windows Security Guides

»HIPAA, SOX, CISP, etc.

NIST.org Security Bookstore

Current Security News

SANS Internet Storm Center, InfoCON: green

» Infocon: green

» Firefox 3.6 is being pushed out to users. http://www.mozilla.com/en-US/firefox/3.6/releasenotes/, (Fri, Mar 12th)
[11 Mar 2010 07:17pm]

» A new version of Safari is out. Looks like for Mac and Windows. Plenty of security fixes (mostly for Windows Safari users http://support.apple.com/kb/HT4070), (Thu, Mar 11th)
[11 Mar 2010 04:05pm]

» Interesting SKYPE SPIM., (Thu, Mar 11th)
[11 Mar 2010 03:40pm]

» New version of foxit pdf reader available. http://www.foxitsoftware.com/downloads/index.php, (Thu, Mar 11th)
[11 Mar 2010 01:50pm]

» Cert write up on Skype IMBot Logic and Functionality., (Thu, Mar 11th)
[11 Mar 2010 11:28am]

» One a day keeps the hackers away. Read our discussion of the top 25 coding errors in the appsec streetfighter blog http://appsecstreetfighter.com ., (Thu, Mar 11th)
[11 Mar 2010 08:53am]

» What's My Firewall Telling Me? (Part 4), (Wed, Mar 10th)
[10 Mar 2010 10:04am]

» Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7, (Wed, Mar 10th)
[09 Mar 2010 08:36pm]

» March 2010 - Microsoft Patch Tuesday Diary, (Tue, Mar 9th)
[09 Mar 2010 11:10am]

» Samurai WTF 0.8, (Mon, Mar 8th)
[09 Mar 2010 09:33am]

***CNET News.com

» Microsoft races to plug IE hole after exploit code released
[12 Mar 2010 04:30pm]

» When malware strikes via bad ads on good sites
[12 Mar 2010 11:24am]

» ISP interruptions trip up Zeus botnet
[12 Mar 2010 08:41am]

» Researcher publishes exploit for new IE hole
[11 Mar 2010 09:28am]

» LimeWire enlists AVG for user protection
[10 Mar 2010 05:53pm]

» Twitter to block malicious links
[10 Mar 2010 02:07pm]

» WhitePages.com halts ad networks over malware
[10 Mar 2010 10:01am]

» LifeLock to pay $12 million to settle deceptive-practices claim
[10 Mar 2010 09:02am]

» Malware found on HTC Android phone from Vodafone
[09 Mar 2010 01:40pm]

» Microsoft warns of zero-day IE hole on Patch Tuesday
[09 Mar 2010 12:48pm]

» Drudge Report accused of serving malware, again
[09 Mar 2010 10:31am]

» Backdoor found in Energizer Duo USB battery charger
[08 Mar 2010 10:10am]

» Police get Webcam pictures in school spy case
[06 Mar 2010 02:12pm]

» At RSA 2010, the secure and the insecure (photos)
[05 Mar 2010 03:04pm]

» RSA 2010: Taking on cyberthreats
[04 Mar 2010 05:09pm]

***Computerworld Security News

» FBI: Cyberfraud losses doubled in 2009
[12 Mar 2010 06:19pm]

» Troyak takedown, security blues, ICANN meets
[12 Mar 2010 03:19pm]

» Data Exfiltration: How Data Gets Out
[12 Mar 2010 12:04pm]

» Microsoft admits Office patch gaffes
[12 Mar 2010 11:58am]

» Former Barclays programmer gets four years for role in TJX attacks
[12 Mar 2010 11:21am]

» Apple plugs 16 holes in Safari as Pwn2Own looms
[12 Mar 2010 05:01am]

» More Security News

***GSO

» Netgear Router Hack Pt. 2 by Kenny
[01 Dec 2009 05:16pm]

» Netgear Router Hack Pt. 1 by Kenny
[01 Dec 2009 05:16pm]

***

More IT Security
News Feeds

More Sponsors

Advertise on this site

NIST - Books You Need

NIST Bookstore

RSS Feeds

Our news can be syndicated by using these rss feeds.

Add to NetVibes

Add to Bloglines

Add to NewsGator

Add to My Yahoo

Add to Technorati

Subscribe in FeedLounge

Add to ProtoPage

Symantec News

Welcome

Other News

News Release - LogLogic Announces FISMA Control and Compliance Suite Based On NIST For Government Organizations

Commercial spyware using rootkit techniques to avoid removal

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.