One of the great resources on the interweb for all things security is the National Institute of Standards and Technology (NIST). Namely their computer security group (CSRC).
A few weeks ago NIST made some headlines when they recommended against a quick adoption of Vista. This was a huge kick in the knickers for Microsoft but, NIST was only being cautious. Justifiably so. That very day I had a junior external consultant give me an earful as to “What the hell do they know?”. They being NIST. When he came to, after suffering a thrashing about the head and neck with a trout, I offered that maybe he should become acquainted with some of their documents. I then pulled him back in the window and let go of his ankles.
Now, to avoid similar food/vertical related assaults, NIST has created a document that walks the reader though the NIST resources.
A new resource especially useful for newcomers to this excellent collection is the “Guide to NIST Computer Security Documents” edited by Tanya Brewer and Matthew Scholl and dated February 2007 (but the PDF file shows that it was updated in April). The editors write:
“Currently, there are over 250 NIST information security documents. This number includes Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, Information Technology Laboratory (ITL) Bulletins, and NIST Interagency Reports (NISTIR). These documents are typically listed by publication type and number or by month and year in the case of the ITL Bulletins. This can make finding a document difficult if the number or date is not known. In order to make NIST information security documents more accessible, especially to those just entering the security field or with limited needs for the documents, we are presenting this Guide.
So, if ever confronted with a similar situation please refrain and simply share their Guide.
[tags]NIST, Guide to Documentation, NIST Computer Security Documents[/tags]