Research Guides: Information Assurance & Cybersecurity: Standards and Guiding Documents

IEEE Standards

With an active portfolio of nearly 1,300 standards and projects under development, IEEE is a leading developer of industry standards in a broad range of technologies that drive the functionality, capabilities, and interoperability of products and services, transforming how people live, work, and communicate.

Browse IEEE Standards

Information Standards Organization (ISO) Information Security Management Standards

The ISO is a non-governmental organization that serves as an international standards setting body. ISO publishes two important information security standards:

Office of Management and Budget (OMB)

OMB is a bureau within the Executive Office of the President (EOP). OMB circulars and memoranda establish policy and provide guidance to federal agencies for the management and operation of federal information systems. Key information security related documents, issued by OMB, include:

Committee on National Security Systems (CNSS)

CNSS is the successor to the National Security Telecommunications and Information Systems Security Committee (NSTISSC). CNSS operates under authorities set forth in National Security Directive 42: National Policy for the Security of National Security Telecommunications and Information Systems as amended by Executive Orders (E.O.) 13284 and 13231. Key policy and guidance documents published by CNSS include:

National Institute of Standards and Technology (NIST)

NIST is the lead federal agency for the establishment of technical guidance and standards for federal information security programs. NIST guidance is published as Federal Information Processing Standards (FIPS), Special Publications, and technical reports. Key documents include:

National Information Assurance Partnership (NIAP)

The NIAP is jointly managed by NIST and the National Security Agency (NSA). Each of these organizations also publishes its own family of information assurance policy and guidance documents. Jointly, the NIAP provides management oversight and guidance for product certification activities under the Common Criteria Evaluation and Validation Scheme (CC-EVS) umbrella program. Key documents for the Common Criteria are:

Control Objectives for Information and Related Technology (COBIT)

The COBIT framework is maintained and published by ISACA, a nonprofit organization. COBIT is primarily a governance framework which lists best practices and business processes which organizations should follow:

COBIT Framework for IT Governance and Control (Preview)

Defense Information Assurance Program (DIAP)

The DIAP was established by the Secretary of Defense in compliance with the specific requirements set forth in federal law (10 U.S.C. 2224). The objectives of this program are: "to provide continuously for the availability, integrity, authentication, confidentiality, nonrepudiation, and rapid restitution of information and information systems that are essential elements of the Defense Information Infrastructure" (10 U.S.C. 2224(b)). Policy documents governing the operation of the DIAP are found in the Department of Defense Directives System 8500 series documents. Key documents in this series include:

Thank you!

The content on this page is used with permission, Information and Library Services, University of Maryland University College, Adelphi, MD.