Professional Documents
Culture Documents
Nist 800
Nist 800
NIST Special Publication 800-14 describes common security principles that should be addressed
within security policies. The purpose of this document is to describe 8 principles and 14
practices that can be used to develop security policies. A significant part of this document is
dedicated to auditing user activity on a network. Specific requirements include tracking user
actions and, in the event of any investigation, the ability to reconstruct exactly what a user has
done. Auditing, monitoring, and intrusion detection are heavily emphasized in this standard.
The eight principles of Special Publication 800-14 are as
follows:
1. Policy
2. Program Management
3. Risk Management
4. Life Cycle Planning
5. Personnel/User Issues
6. Preparing for Contingencies and Disasters
7. Computer Security Incident Handling
8. Awareness and Training
9. Security Considerations in Computer Support and Operations
10. Physical and Environmental Security
11. Identification and Authentication
12. Logical Access Control
13. Audit Trails
14. Cryptography
This standard provides guidelines for all of these areas. Therefore, it is a
good place to get guidance on what security should be implemented at a
target network. You can then tailor your penetration test to validate (or
refute) that these standards are being met.