-
Notifications
You must be signed in to change notification settings - Fork 70
/
Copy pathstandards.yml
163 lines (147 loc) · 11.4 KB
/
standards.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# GSA: IDManagement.gov
# Polices for _university/standards.md
# Jekyll access: site.data.standards
# Format: YAML
#
# Legend:
# name: name of standard
# pubdate: the year(YYYY) or full name of month and Year(M YYYY)
# url: address on the document or site
# target: options(_blank|_self) _blank = new browser window, _self = replace current page content
# summary: description of the policy
# source: web address of website, name of site, governing orgainzation, or regulatory body
# expanded: options(true|false) default is false, which means the accordion is closed in it's initial state
#
# See: Blank Standard Template at the end of this file to create a new entry
# General Rule: if the desired default display state of the accordion is `expanded`, set the expanded property to `true` (default is `false`) to keep the page condensed.
# Note: default setting are listed last, not to get in the way of data entry
#
- name: "NIST SP 800-205: Attribute Considerations for Access Control Systems"
summary: This guideline provides federal agencies with information for implementing attributes in access control systems. Attributes enable a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document outlines factors which influence attributes that an authoritative body must address when standardizing an attribute system and proposes some notional implementation suggestions for consideration.
pubdate: June 2019
url: https://csrc.nist.gov/publications/detail/sp/800-205/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-116 Rev. 1: Guidelines for the Use of PIV Credentials in Facility Access"
summary: This guideline provides resources for using PIV credentials in facility access, enabling federal agencies to operate as government-wide interoperable enterprises. This guideline covers the risk-based strategy to select appropriate PIV authentication mechanisms as expressed within FIPS 201.
pubdate: June 2018
url: https://csrc.nist.gov/publications/detail/sp/800-116/rev-1/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-63-3: Digital Identity Guidelines"
summary: Agencies use these guidelines as part of the risk assessment and implementation of their digital service(s). These guidelines provide mitigations for an authentication error's negative impacts by separating the individual elements of identity assurance into its component parts.
pubdate: June 2017
url: https://csrc.nist.gov/publications/detail/sp/800-63/3/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-63A: Digital Identity Guidelines - Enrollment and Identity Proofing"
summary: This guideline focuses on the enrollment and verification of an identity for use in digital services. Central to this is a process known as identity proofing in which an applicant provides evidence to a credential service provider (CSP) reliably identifying themselves, thereby allowing the CSP to assert that identification at an Identity Assurance Level (IAL). This document defines technical requirements for each of the three IALs.
pubdate: June 2017
url: https://csrc.nist.gov/publications/detail/sp/800-63a/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-63B: Digital Identity Guidelines - Authentication and Lifecycle Management"
summary: These guidelines focus on the authentication of subjects interacting with government systems over open networks, establishing that a given claimant is a subscriber who has been previously authenticated. The result of the authentication process may be used locally by the system performing the authentication or may be asserted elsewhere in a federated identity system. This document defines technical requirements for each of the three Authentication Assurance Levels (AALs).
pubdate: June 2017
url: https://csrc.nist.gov/publications/detail/sp/800-63b/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-63C: Digital Identity Guidelines - Federation and Assertions"
summary: These guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. This guideline focuses on the use of federated identity and the use of assertions to implement identity federations. Federation allows a given CSP to provide authentication and (optionally) subscriber attributes to a number of separately-administered relying parties. Similarly, relying parties may use more than one CSP.
pubdate: June 2017
url: https://csrc.nist.gov/publications/detail/sp/800-63c/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-73-4: Interfaces for PIV"
summary: This guideline specifies the PIV data model, command interface, client application programming interface (API), and references to transitional interface specifications.
pubdate: February 2016
url: https://csrc.nist.gov/publications/detail/sp/800-73/4/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-79-2: Guidelines for the Authorization of PIV Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)"
summary: The guideline specifies the assessment for the reliability of issuers of PIV credentials and Derived PIV credentials. The reliability of an issuer is of utmost importance when a federal agency is required to trust the identity credentials of individuals that were created and issued by another federal agency.
pubdate: July 2015
url: https://csrc.nist.gov/publications/detail/sp/800-79/2/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-53 Rev. 5: Security and Privacy Controls for Federal Information Systems and Organizations"
summary: This guideline provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations, assets, individuals, other organizations, and the Nation from a diverse set of threats.
pubdate: December 2020
url: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-53A Rev. 5: Assessing Security and Privacy Controls in Information Systems and Organizations"
summary: This guideline provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 5.
pubdate: January 2022
url: https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-157: Guidelines for Derived PIV Credentials"
summary: This guideline provides technical instructions for the implementation of standards-based, secure, reliable, interoperable public key infrastructure (PKI) based identity credentials that are issued by federal departments and agencies to individuals who possess and prove control over a valid PIV credential.
pubdate: December 2014
url: https://csrc.nist.gov/publications/detail/sp/800-157/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-162: Guide to Attribute Based Access Control (ABAC) Definition and Considerations"
summary: This guideline provides federal agencies with a definition of ABAC. ABAC is a logical access control methodology in which authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes.
pubdate: January 2014
url: https://csrc.nist.gov/publications/detail/sp/800-162/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors"
summary: This standard specifies the architecture and technical requirements for a common identification standard for federal employees and contractors. The overall goal is to achieve appropriate security assurance for multiple applications by efficiently verifying the claimed identity of individuals seeking physical access to federally controlled government facilities and electronic access to government information systems.
pubdate: January 2022
url: https://csrc.nist.gov/publications/detail/fips/201/3/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-76-2: Biometric Data Specification for PIV"
summary: This guideline contains technical specifications for biometric data mandated in FIPS. These specifications reflect the design goals of interoperability and performance of the PIV credential. This specification addresses image acquisition to support the background check, fingerprint template creation, retention, and authentication. The biometric data specification in this document is the mandatory format for biometric data carried in the PIV Data Model (SP 800-73-1, Appendix A). Biometric data used only outside the PIV Data Model is not within the scope of this standard.
pubdate: July 2013
url: https://csrc.nist.gov/publications/detail/sp/800-76/2/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
- name: "NIST SP 800-122: Guide for Protecting the Confidentiality of Personally Identifiable Information (PII)"
summary: This guideline assists federal agencies in protecting the confidentiality of a specific category of data commonly known as PII. This document provides practical, context-based guidance for identifying PII and determining what level of protection is appropriate for each instance of PII. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for breaches involving PII.
pubdate: April 2010
url: https://csrc.nist.gov/publications/detail/sp/800-122/final
source: National Institute of Standards and Technology (NIST)
target: _blank
expanded: false
doctype: PDF
# Standard Blank Template
# - name:
# summary:
# pubdate:
# url:
# source:
# target: _blank
# expanded: false
# doctype: PDF