Other People's Policies

Modified 04 April 2007

• There are various documents, ranging from copies of policies now or previously in effect at various universities, to NIST security documents, to U.S. Federal Criterea for Information Technology Security, to some more narrative papers, all at the CERIAS archive: ftp://ftp.cerias.purdue.edu/pub/doc/policy/
• "NIST's Special Publication: Internet Security Policy: A Technical Guide", which is "intended to help an organization create a coherent Internet-specific information security policy." http://csrc.nist.gov/isptg/
• NIST's document "Building Effective, Tailored Information Security Policy" http://csrc.nist.gov/nissc/1997/panels/isptg/pescatore/html/
• NIST's document "Guidelines on Firewalls and Firewall Policy" http://csrc.nist.gov/publications/nistpubs/index.html
• Generally Accepted System Security Principles (GASSP) — From the International Information Security Foundation: http://web.mit.edu/security/www/gassp1.html
• SANS has The SANS Security Policy Project: http://www.sans.org/resources/policies/
• BS 7799 — British code of practice for information security management. You'll have to search for standard 7799 at this site: http://bsonline.techindex.co.uk

Security Page

© Bob Cromwell Jul 2008. Created with /bin/vi, hosted on OpenBSD with Apache.    Root password available here