圖書1. | NIST(2003)。Standards for Security Categorization of Federal Information and Information Systems。NIST。 |
2. | OMB(2000)。OMB Circular No. A-130。 |
3. | NIST(2000)。Federal Information Technology Security Assessment Framework。NIST。 |
4. | OMB(2003)。OMB M-03-19。 |
5. | Swanson, M.(2001)。Security Self-Assessment Guide for Information Technology Systems。NIST。 |
6. | The White House(1998)。The Clinton Administration's Policy on Critical Infrastructure Protection: Presidential Decision Directive 63 (PPD-63)。 |
7. | NSA(2003)。INFOSEC Assurance Capability Maturity Model (IA-CMM)。NSA。 |
8. | Swanson, M.(1998)。Guide for Developing Security Plans for Information Technology Systems。NIST。 |
9. | Stoneburner, G.、Goguen, A.、Feringa, A.(2004)。Risk Management Guide for Information Technology Systems (Draft)。NIST。 |
10. | Ross, R.、Swanson, M.(2004)。Guidelines for the Security Certification and Accreditation of Federal Information Technology System。NIST。 |
11. | CNSS(2003)。NSTISSP。 |
12. | OMB(2005)。Federal Information Security Management Act 2004 Report to Congress。 |
13. | Ross, R.(2005)。Recommended Security Controls for Federal Systems (all parts)。NIST。 |
其他1. | ISO(2003)。Text for ISO/IEC 2nd PDTR 19791, Information technology--Security techniques--Security assessment for operational systems(ISO/IEC JTC1/SC27 N 4246)。 |
2. | ISO(2004)。Text for ISO/IEC FCD 24743, Information technology--Security techniques--Information security management systems requirements specification(ISO/IEC JTC1/SC27N4186)。 |
3. | National Institute of Standards and Technology(20021024)。Federal Information Security Management Act (FISMA) Implementation Project,Computer Security Resource Center。,http://csrc. nist.gov/groups/SMA/fisma/index.htm。 |
4. | ISO/IEC(2005)。Information Technology--Security techniques--Code of Practice for Information Security Management(ISO/IEC 17799:2005)。 |
5. | Hamilton, B. A.(2002)。Depart of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile (Medium Robustness),http://www.commoncriteriaportal.org/files/ppfiles/PP_PKIKMI_TKN_MR_V3.0.pdf。 |
6. | International Organization for Standardization(2008)。Information Technology--Security Techniques--Evaluation Criteria for IT Security (all parts)(ISO/IEC 15408)。,Geneva:International Organization for Standardization。 |