Documents: https://sites.google.com/site/cloudauditcontrols
Nostalgia. http://www.defense.gov/multimedia/audio/generalqrts.wav.
Federal
Vulnerability Notifications
Nostalgia. http://www.defense.gov/multimedia/audio/generalqrts.wav.
Federal
- NIST SP800-53 Database
- STIG Viewer http://iase.disa.mil/stigs/stig_viewing_guidance.html
- http://www.cnss.gov/full-index.html
- Federal Information Processing Standards (FIPS): FIPS 199 -- Security Categorization | FIPS 200 -- Minimum Security Controls
- NIST Special Publications: SP 800-30 -- Risk Assessment | SP 800-37 -- Risk Management Framework | SP 800-53 Rev 4 -- Security Controls | SP 800-53A -- Security Controls Assessement | SP 800-60 Vol 1 -- Security Categorization | SP 800-60 Vol 2 -- Security Categorization | SP 800-137 -- Continuous Monitoring
- Committee on National Security Systems (CNSS): CNSSP 22 -- Risk Management Policy for NSS | CNSSI 1253 -- Security Categorization and Control Selection for NSS)
- Department of Defense Instructions: CNSSI 1253 -- Security Categorization and Control Selection for NSS) | DoDI 8510.01 -- (DIACAP)
- Federal Information Security Management Act (FISMA): FISMA Implementation Project (NIST) | Federal Risk and Authorization Management Program (FedRAMPSM) | Federal Cloud Strategy
- Thank you IA Security Solutions for a great concise list.
- Common Regulations and Standards SOX | GLBA | FFIEC | Basel II | FCRA | HIPAA | NERC | NRC | CFAA | FISMA | FRCP | FISCAM | Privacy Act of 1974 | Safe Harbor | NYSE | PCI-DSS | COSO
- Audit Practices and Guides | ISO 27001:2005 | ISO/IEC 27002-2005 | OGC ITIL | BCI | CobiT | ISACA | AICPA | ISACA | OECD
- PCI-DSS Compliance Checker: http://www.vmware.com/products/datacenter-virtualization/pci-compliance-checker/overview.html
- VMware Hardening Guidelines: http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html
- The Sarbanes-Oxley Act
- Gramm-Leach-Bliley Act
- Basel II: International Convergence of Capital Measurement and Capital Standards
- Fair Credit Reporting Act
- Health Insurance Portability and Accountability Act
- North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards
- NRC Regulations (10 CFR) § 73.54
- Computer Fraud and Abuse Act
- Federal Information Security Management Act
- Federal Rules of Civil Procedure
- Federal Information System Controls Audit Manual
- Privacy Act of 1974
- US Department of Commerce EU Safe Harbor Privacy Principles
- NYSE Listed Company Manual
- PCI-DSS (Payment Card Industry Data Security Standard)
- COSO Enterprise Risk Management Integrated Framework
- ISO 27001:2005, Information Security Management Systems - Requirements
- ISO/IEC 27002-2005 Code of practice for information security management
- OGC ITIL: Security Management
- Business Continuity Institute (BCI) Good Practice Guidelines, 2005
- CobiT 4.1
- ISACA IS Standards, Guidelines, and Procedures for Auditing and Control Professionals, May 15, 2009
- AICPA Incident Response Plan: Template for Breach of Personal Information
- ISACA Cross-Border Privacy Impact Assessment
- OECD Principles of Corporate Governance, 2004
- OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
- AICPA Audit and Accounting Guides
- DOT Physical Security Survey Checklist
- US-CERT: http://www.us-cert.gov/ncas
- Security Focus Bugtraq: http://www.securityfocus.com
- Microsoft: http://go.microsoft.com/fwlink/?LinkId=51352
- Secunia: http://secunia.com/advisories/mailing_lists
Audit
| Business
Continuity Planning | Development
and Acquisition | E-Banking | Information
Security | Management
| Operations
| Outsourcing
Technology Services | Retail
Payment Systems | Supervision
of Technology Service Providers | Wholesale
Payment Systems
VCE
- Product Security Center: http://www.vce.com/security/
- VCE Security Response Center: http://www.vce.com/products/auxiliary-products/security/response-center
- Product Security Center: http://www.vmware.com/technical-resources/security/index.html
- Advisories: http://www.vmware.com/security/advisories/
- Certifications: http://www.vmware.com/support/support-resources/certifications.html
- Compliance: http://www.vmware.com/technical-resources/security/compliance/
- E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
- Security Advisories are posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
- E-mail: security@vmware.com; PGP key at: http://kb.vmware.com/kb/1055
- VMware Security Advisories: http://www.vmware.com/security/advisories
- VMware security response policy: http://www.vmware.com/support/policies/security_response.html
- General support life cycle policy: http://www.vmware.com/support/policies/eos.html
- VMware Infrastructure support life cycle policy: http://www.vmware.com/support/policies/eos_vi.html
- Product Security Center: http://tools.cisco.com/security/center/home.x
- Security Policy and Advisories: There are several ways to stay connected and informed about the latest security vulnerability information from Cisco. To subscribe to the mailing list, send an e-mail message to cust-security-announce-join@cisco.com. (The content of the message does not matter.) You will receive confirmation, instructions, and a list policy statement. For a full list of options, including RSS, view their product security policy: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#rsvifc
- Certifications: http://www.cisco.com/web/strategy/government/sec_cert.html
- Compliance: http://www.cisco.com/web/strategy/index.html
- Export and Contract Compliance: http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_compliance.html
- Cyber Risk Reports: http://tools.cisco.com/security/center/cyberRiskReport.x
- Services (FW, SLB, IPS/IDS): http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns743/ns994/landing_ntwk_services.html
- Security and Virtualization: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/dc_sec_design.html
- Data Center Security: http://www.cisco.com/en/US/netsol/ns750/networking_solutions_sub_program_home.html
- Data Center Design Zone: http://www.cisco.com/en/US/netsol/ns743/networking_solutions_program_home.html
- Product Security Center: http://www.emc.com/products/security/index.htm
- Advisories: http://www.emc.com/contact-us/contact/product-security-response-center.htm
- Subscribe to both EMC Security Advisories All EMC Products - Current Year and relevant product-specific documents on Powerlink. Click the lightning bolt (i.e. Alert Me) icon next to the Product documents of choice to add it to your Alerts Portlet. You can choose to be notified by email and/or each time you login to Powerlink.
- Certifications: http://www.emc.com/products/external-security-validation.htm
- Compliance: Organized under specific Business Needs: http://www.emc.com/solutions/index.htm
- Security Solutions: http://www.emc.com/security/index.htm
