Handbook AS-805 Archives -

Handbook AS-805 Archives - https://zymitry.com/tag/handbook-as-805/ Tech & Other Stuff Thu, 05 Jun 2025 22:53:56 +0000 en-US hourly 1 https://wordpress.org/?v=7.0 https://i0.wp.com/zymitry.com/wp-content/uploads/2016/11/favicon.png?fit=32%2C32&ssl=1 Handbook AS-805 Archives - https://zymitry.com/tag/handbook-as-805/ 32 32 120106411 Information Security Publication Comparison https://zymitry.com/information-security-publication/ https://zymitry.com/information-security-publication/#respond Sat, 26 Nov 2016 04:18:17 +0000 http://zymitry.com/?p=297 Information Security Publication Comparison: Chart comparing major sections of the USPS Handbook AS-805 - Information Security to NIST Special Publications; 800-12, 800-14, 800-18, 800-26, and 800-30.

The post Information Security Publication Comparison appeared first on .

]]> Information Security Publication Comparison

Information Security Publication Comparison

Chart comparing major sections of the USPS Handbook AS-805 – Information Security to NIST Special Publications; 800-12, 800-14, 800-18, 800-26, and 800-30.

Handbook AS-805 – Information Security (USPS, 2015)	NIST Special Publications
Introduction: Corporate Information Security	Generally Accepted System Security Principles (NIST SP 800-14)
Security Roles and Responsibilities	System Security Plan Responsibilities (NIST SP 800-18), (NIST SP 800-14)
Information Designation and Control	Generally Accepted System Security Principles (NIST SP 800-14)
Security Risk Management	Guide for Conducting Risk Assessments. (NIST SP 800-30) (NIST SP 800-14)
Acceptable Use	Generally Accepted System Security Principles (NIST SP 800-14)
Personnel Security	Generally Accepted System Security Principles (NIST SP 800-14)
Physical and Environmental Security	3.10 Physical and Environmental Security (NIST SP 800-14), Physical and Environmental Security (NIST SP 800-12),
Development and Operations Security	1.5 Major Applications, General Support Systems, and Minor Applications (NIST SP 800-18), 3.9 Security Considerations in Computer Support and Operations (NIST SP 800-14)
Information Security Services	3.14 Minimum Security Controls (NIST SP 800-18)
Hardware and Software Security	Several chapters (NIST SP 800-14)
Network Security	2.3 General Support Systems (NIST SP 800-18) Management Control (NIST SP 800-12)
Business Continuity Management	3.6 Preparing for Contingencies and Disasters (NIST SP 800-14),
Security Incident Management	12.0 Computer Security Incident Handling (NIST SP 800-12), 3.7 Computer Security Incident Handling (NIST SP 800-14)
Security Compliance and Monitoring	3.16 Ongoing System Security Plan Maintenance (NIST SP 800-18)

Chart comparing the ISO/IEC 27002 with NIST Publications

ISO27002 (Praxiom web, 2013)	NIST 800-12	NIST 800-14	NIST 800-18	NIST 800-26	NIST 800-30
Security Policy Management	Covered. NIST is more of an overview	Covers many aspects such as security program management.	Covered. Both cover same aspects.	Not directly covered. Program management briefly covered.	Not covered
Corporate Security Management	Covered. NIST is more of an overview	Covered in depth.	Covers duties and responsibilities.	Not covered	Not covered
Personal Security Management	Covers personnel/user issues	Both cover same aspects	Not covered	Covered only as a checklist item	Not covered
Organizational Asset Management	Covered	Not covered	Not Covered	Covered	Not Covered
Information Access Management	Covered Chapter 17	Covered Chapter 3	Not covered	Not covered	Not covered
Cryptography Policy Management	Covered Chapter 19	Covered briefly Chapter 3.14	Not covered	Not covered	Not covered
Physical Security Management	Covered Chapter 15	Covered Chapter 3.10	Not covered	Not covered	Not Covered
Operational Security Management	Covered	Covered. ISO 27002 offers more detail	Covered	Covered	Covered
Network Security Management	Covered only as a control	Covered only as a system	Not covered	Not covered	Not covered
System Security Management	Not covered	Not covered	Covered Chapter 2.3	Covered Chapter 3.1.2	Not covered
Supplier Relationship Management	Covered as overview Chapter 10	Not covered	Not covered	Not covered	Not covered
Security Incident Management	Covered in detail 11 & 12	Covered Chapter 3.7	Not covered	Not covered	Covers threat events and response
Security Continuity Management	Not covered	Covers security reassessment	Covered Chapter 3.16	Covered Chapter 4.3.1	Covers assessment cycle
Security Compliance Management	Covered Chapter 6	Covers as part of policy	Covered Chapter 3.12	Covers compliance reviews	Covered

References

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

http://www.praxiom.com/iso-27002.htm

https://csrc.nist.gov/publications/detail/sp/800-12/archive/1995-10-02

Click to access 800-14.pdf

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-18r1.pdf

https://about.usps.com/handbooks/as805/welcome.htm

Additional Articles

Bring Your Own Device (BYOD) Policies and Practices

The Governance of Cloud-Based Systems

Cloud Computing Models -SaaS, PaaS, IaaS

Exploring the Implications of Artificial Intelligence

Artificial Intelligence in Texas Higher Education: Ethical Considerations, Privacy, and Security

Terms and Conditions of Use

The post Information Security Publication Comparison appeared first on .

]]> https://zymitry.com/information-security-publication/feed/ 0

297