• X.1500 Cybersecurity information exchange techniques (awaiting publication – please check ITU-T SG 17 list of published standards)

  Network Interoperability and Reliability Council

Focus Groups of the Network Interoperability and Reliability Council have developed recommended best practices in the areas of cyber security, wireless security and public data network reliability. Links to these reports are as follows:
Homeland Security

• Subcommittee 2B: Homeland Security Cyber Security Best Practices
• Focus Group 2B Final Report - Summary of Activities, Guidance and Cybersecurity Issues
• Focus Group 2B Final Best Practices

Network Best Practices

• Subcommittee 3B: Public Data Network Reliability / Gap Analysis Report
• Public Data Network Reliability - Final Report

  National Institute of Standards and Technology

• SP 800-13 Telecommunications Security Guidelines for Telecommunications Management Network
• 800-77 Guide to IPsec VPNs

Electronic Authentication and Personal Identification

  European Network and Information Security Agency

• Security risks in cross-border electronic authentication
• Privacy and security risks when authenticating on the internet with European eID cards

  National Institute of Standards and Technology

• 800-63 Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology
• 800-63 Rev. 1 DRAFT Electronic Authentication Guideline
• 800-76 Biometric Data Specification for Personal Identity Verification
• 800-79  Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
• 800-89 Recommendation for Obtaining Assurances for Digital Signature Applications
• 800-116 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

Electronic Signatures

  European Telecommunications Standards Institute

• TR 102 572: Best Practices for handling electronic signatures and signed data for digital accounting

  This document defines a set of practices applicable to the various security related aspects of signing fiscally relevant documents when issued and storing them for legal purposes.

E-mail Security

  National Institute of Standards and Technology

• 800-45 Version 2 Guidelines on Electronic Mail Security

 Financial Services Security

  Payment Card Industry

• The Payment Card Industry (PCI) Data Security Standard

This standard defines 12 key requirements organized into six control groups (Build and Maintain a Secure Network, Protect Cardholder Data, Maintain a Vulnerability Management Program, Implement Strong Access Control Measures, Regularly Monitor and Test Networks, and Maintain an Information Security Policy.)

Incident Management, Monitoring and Response

  European Network and Information Security Agency

• Good practice guide for incident management
• Reporting security incidents – good practices
• Baseline capabilities of national/government CERTS
• CERT cooperation and its further facilitation.

  National Institute of Standards and Technology

• 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
• 800-86 Guide to Integrating Forensic Techniques into Incident Response
• 800-83 Guide to Malware Incident Prevention and Handling
• 800-61 Rev 1 Computer Security Incident Handling Guide

Media and End User Device Security

  European Network and Information Security Agency

• Secure USB Flash Drives
• Secure Printing

  National Institute of Standards and Technology

• 800-88 Guidelines for Media Sanitization
• SP 800-111 Guide to Storage Encryption Technologies for End User Devices
• SP 800-114 User's Guide to Securing External Devices for Telework and Remote Access

Mobile Device Security 

  European Network and Information Security Agency

• Smartphones: information security risks, opportunities and recommendations for users
• Security issues in the context of authentication using mobile devices (Mobile eID)
• Mobile identity management

  National Institute of Standards and Technology

• 800-101 Guidelines on Cell Phone Forensics
• 800-121 Guide to Bluetooth Security
• 800-127 Guide to Securing WiMAX Wireless Communications
• 800-124 Guidelines on Cell Phone and PDA Security
• 800-72 Guidelines on PDA Forensics 

Network Security and Information Exchange

  European Network and Information Security Agency

• Good practice guide

  National Institute of Standards and Technology

• 800-52 Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
• 800-58 Security Considerations for Voice Over IP Systems
• 800-81 Rev. 1 Secure Domain Name System (DNS) Deployment Guide

Operating System and Server Security 

  National Institute of Standards and Technology

• 800-68 Guidance for securing Microsoft Windows XP systems for IT Professionals
• 800-123 Guide to General Server Security

Planning, Testing and Security Management

  National Institute of Standards and Technology

• 800-40 Version 2.0 Creating a Patch and Vulnerability Management Program
• 800-65 Integrating IT Security into the Capital Planning and Investment Control Process
• 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
• 800-92 Guide to Computer Security Log Management
• 800-118 DRAFT Guide to Enterprise Password Management
• 800-128 DRAFT Guide for Security Configuration Management of Information Systems
• 800-117 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0

Radio Frequency Identification (RFID) Security

• 800-98 Guidelines for Securing Radio Frequency Identification (RFID) Systems

Risk Management

  European Network and Information Security Agency

• Principles and Inventories for Risk Management of Risk Assessment Methods and Tools
• Risk Management and IT Security for Micro and Small Businesses
• Determining Your Organization’s Information Risk Assessment and Management
• Reference source for threats, vulnerabilities, impacts and controls in IT risk assessment and risk management
• Methodology for evaluating usage and comparison of risk assessment and risk management items
• Emerging and future risks framework
• Cloud computing risk assessment

 National Institute of Standards and Technology

• 800-30 Risk Management Guide for Information Technology Systems
• 800-37 Rev. 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

Security Metrics

  National Institute of Standards and Technology

• 800-55 Security Metrics Guide for Information Technology Systems 

Security Policy

  National Institute of Standards and Technology

• 800-41 Rev. 1 Guidelines on Firewalls and Firewall Policy

Spam, Spyware and Malicious Code

  National Institute of Standards and Technology

• 800-28 Guidelines on Active Content and Mobile Code V2
• 800-83 Guide to Malware Incident Prevention and Handling

Web Security

  European Network and Information Security Agency

• Web 2.0 Security and Privacy

  National Institute of Standards and Technology

• 800-95 Guide to Secure Web Services
• 800-44 V 2 Guidelines on Securing Public Web Servers
• 800-119 Guidelines for the Secure Deployment of IPv6

Wireless Networks

  National Institute of Standards and Technology

• 800-120 Recommendation for EAP Methods Used in Wireless Network Access Authentication
• 800-97 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
• 800-48 Guide to Securing Legacy 802.11 Wireless networks

  Network Interoperability and Reliability Council

• Focus Group 3A Report - Wireless Network Reliability / Gap Analysis Report
• Focus Group 3A Report - Wireless Network Reliability - Final Report