Normas relativas a la seguridad


El Centro Criptológico Nacional es uno de los organismos más relevantes en lo que se refiere a la difusión de los conceptos de seguridad en España.

De su página web extraigo esta interesante lista de normas técnicas de seguridad:

[ISO-11770-3:2008]

ISO/IEC 11770-3:2008, Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques, 2008.

[ISO-27005:2008]

ISO/IEC 27005:2008, Information technology — Security techniques — Information security risk management, 2008.

[UNE-71504:2008]

UNE 71504:2008 – Metodología de análisis y gestión de riesgos de los sistemas de información, 2008.

[CCN-STIC-401:2007]

Guías Generales: Glosario y Abreviaturas. Centro Criptológico Nacional, Guía STIC 401 2007.

[ITIL:2007]

ITIL V3 Glossary, 30 May 2007

[NIST-SP800-38D:2007]

Recommendation for Block Cipher Modes of Operation: Galois/Counter, NIST Special Publication 800-38D, Nov 2007.

[NIST-SP800-57:2007]

Recommendation for Key Management – Part 1: General, NIST Special Publication 800-57, March 2007.

[NIST-SP800-94:2007]

Guide to Intrusion Detection and Prevention Systems (IDPS) NIST Special Publication 800-94, February 2007.

[ISO-11568-4:2007]

ISO 11568-4:2007, Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle, 2007.

[ISO-21827:2007]

ISO/IEC 21827:2002, Information technology — Systems Security Engineering — Capability Maturity Model (SSE-CMM), 2007.

[RFC4949:2007]

RFC4949, Internet Security Glossary, Version 2, August 2007Each entry is preceded by a character — I, N, O, or D — enclosed in parentheses, to indicate the type of definition (as is explained further in Section 3):

  • “I” for a RECOMMENDED term or definition of Internet origin.
  • “N” if RECOMMENDED but not of Internet origin.
  • “O” for a term or definition that is NOT recommended for use in IDOCs but is something that authors of Internet documents should know about.
  • “D” for a term or definition that is deprecated and SHOULD NOT be used in Internet documents.

.see url:http://www.ietf.org/rfc/rfc4949

[UNE-ISO-27001_es:2007]

UNE-ISO/IEC 27001:2007, Tecnología de la información – Técnicas de seguridad – Sistemas de Gestión de la Seguridad de la Información (SGSI) – Especificaciones (ISO/IEC 27001:2005), 2007.

[BS25999-1:2006]

Business continuity management – Part 1: Code of practice. British Standard BS 25999-1:2006.

[CC:2006]

Common Criteria for Information Technology Security Evaluation, version 3.1, revision 1, September 2006.

  • Part 1 – Introduction and general model
  • Part 2 – Security functional requirements
  • Part 3 – Security assurance requirements

Also published as [ISO/IEC 15408].

[CCN-STIC-001:2006]

Políticas: Seguridad de las TIC en la Administración. Centro Criptológico Nacional, Guía STIC 001, 2006.

[CCN-STIC-002:2006]

Políticas: Definición de Criptología Nacional. Centro Criptológico Nacional, Guía STIC 002, 2006.

[CCN-STIC-003:2006]

Políticas: Uso Cifradores Certificados. Centro Criptológico Nacional, Guía STIC 003, 2006.

[CCN-STIC-103:2006]

Procedimientos: Catálogo de Productos con Certificación Criptológica Centro Criptológico Nacional, Guía STIC 103, 2006.

[CCN-STIC-150:2006]

Procedimientos: Evaluación y Clasificación Tempest de Cifradores con Certificación Criptológica. Centro Criptológico Nacional, Guía STIC 150 2006.

[CCN-STIC-151:2006]

Procedimientos: Evaluacin y Clasificacin Tempest de Equipos. Centro Criptológico Nacional, Guía STIC 151 2006.

[CCN-STIC-152:2006]

Procedimientos: Evaluacin y Clasificacin Zoning de Locales. Centro Criptológico Nacional, Guía STIC 152 2006.

[CCN-STIC-201:2006]

Normas: Organización y Gestión STIC. Centro Criptológico Nacional, Guía STIC 201 2006.

[CCN-STIC-202:2006]

Normas: Estructura y Contenido DRS. Centro Criptológico Nacional, Guía STIC 202 2006.

[CCN-STIC-203:2006]

Normas: Estructura y Contenido POS. Centro Criptológico Nacional, Guía STIC 203 2006.

[CCN-STIC-204:2006]

Normas: CO-DRS-POS Formulario Centro Criptológico Nacional, Guía STIC 204 2006.

[CCN-STIC-207:2006]

Normas: Estructura y Contenido del Concepto de Operación de Seguridad (COS). Centro Criptológico Nacional, Guía STIC 207 2006.

[CCN-STIC-301:2006]

Instrucciones Técnicas: Requisitos STIC. Centro Criptológico Nacional, Guía STIC 301 2006.

[CCN-STIC-302:2006]

Instrucciones Técnicas: Interconexión de CIS. Centro Criptológico Nacional, Guía STIC 302 2006.

[CCN-STIC-303:2006]

Instrucciones Técnicas: Inspección STIC. Centro Criptológico Nacional, Guía STIC 303 2006.

[CCN-STIC-400:2006]

Guías Generales: Manual de Seguridad de las TIC. Centro Criptológico Nacional, Guía STIC 400 2006.

[CCN-STIC-403:2006]

Guías Generales: Gestión de Incidentes de Seguridad. Centro Criptológico Nacional, Guía STIC 403 2006.

[CCN-STIC-404:2006]

Guías Generales: Control de Soportes Informáticos. Centro Criptológico Nacional, Guía STIC 404 2006.

[CCN-STIC-405:2006]

Guías Generales: Algoritmos y Parmetros de Firma Electrnica Centro Criptológico Nacional, Guía STIC 405 2006.

[CCN-STIC-406:2006]

Guías Generales: Seguridad de Redes Inalámbricas. Centro Criptológico Nacional, Guía STIC 406 2006.

[CCN-STIC-407:2006]

Guías Generales: Seguridad de Telefonía Móvil. Centro Criptológico Nacional, Guía STIC 407 2006.

[CCN-STIC-408:2006]

Guías Generales: Seguridad Perimetral – Cortafuegos. Centro Criptológico Nacional, Guía STIC 408 2006.

[CCN-STIC-414:2006]

Guías Generales: Seguridad en Voz sobre IP. Centro Criptológico Nacional, Guía STIC 414 2006.

[CCN-STIC-430:2006]

Guías Generales: Herramientas de Seguridad. Centro Criptológico Nacional, Guía STIC 430 2006.

[CCN-STIC-431:2006]

Guías Generales: Herramientas de Análisis de Vulnerabilidades. Centro Criptológico Nacional, Guía STIC 431 2006.

[CCN-STIC-432:2006]

Guías Generales: Seguridad Perimetral – Detección de Intrusos. Centro Criptológico Nacional, Guía STIC 432 2006.

[CCN-STIC-435:2006]

Guías Generales: Herramientas de Monitorización de Tráfico en Red. Centro Criptológico Nacional, Guía STIC 435 2006.

[CCN-STIC-512:2006]

Guías para Entornos Windows: Gestin de Actualizaciones de Seguridad en Sistemas Windows. Centro Criptológico Nacional, Guía STIC 512 2006.

[CCN-STIC-611:2006]

Guías para otros entornos: Configuración Segura (SuSE Linux). Centro Criptológico Nacional, Guía STIC 611 2006.

[CCN-STIC-612:2006]

Guías para otros entornos: Configuración Segura (Debian). Centro Criptológico Nacional, Guía STIC 612 2006.

[CCN-STIC-614:2006]

Guías para otros entornos: Configuración Segura (RedHat Enterprise AS 4 y Fedora). Centro Criptológico Nacional, Guía STIC 614 2006.

[CCN-STIC-641:2006]

Guías para otros entornos: Plantilla configuracin segura Routers CISCO. Centro Criptológico Nacional, Guía STIC 641 2006.

[CCN-STIC-642:2006]

Guías para otros entornos: Configuracin Segura (Switches Enterasys). Centro Criptológico Nacional, Guía STIC 642 2006.

[CCN-STIC-671:2006]

Guías para otros entornos: Configuracin Segura (Servidor Web Apache). Centro Criptológico Nacional, Guía STIC 671 2006.

[CCN-STIC-903:2006]

Informes Técnicos: kk Centro Criptológico Nacional, Guía STIC 903 2006.

[CCN-STIC-951:2006]

Informes Técnicos: kk Centro Criptológico Nacional, Guía STIC 951 2006.

[CCN-STIC-952:2006]

Informes Técnicos: kk Centro Criptológico Nacional, Guía STIC 952 2006.

[CEM:2006]

Common Evaluation Methodology, version 3.1, revision 1, September 2006. Also published as [ISO/IEC 18405].

[CNSS-4009:2006]

NATIONAL INFORMATION ASSURANCE (IA) GLOSSARY. Committee on National Security Systems. CNSS Instruction No. 4009. Revised June 2006.

[COBIT:2006]

CobiT – Control Objectives, Management Guidelines, Maturity Models. IT Gobernance Institute. Version 4.0, 2006.

[FIPS-200:2006]

FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.

[NIST7298:2006]

NIST IR 7298 Glossary of Key Information Security Terms, April 25, 2006.

[NIST-SP800-53:2006]

Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53, December 2006.

[NIST-SP800-88:2006]

Guidelines for Media Sanitization, NIST Special Publication 800-88, September 2006.

[NIST-SP800-100:2006]

Information Security Handbook: A Guide for Managers, NIST Special Publication 800-100, October 2006.

[ISO-11770-4:2006]

ISO/IEC 11770-4:2006, Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets, 2006.

[ISO-14888-3:2006]

ISO/IEC 14888-3:2006, Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms, 2006.

[ISO-18028-1:2006]

ISO/IEC 18028-1:2006, Information technology — Security techniques — IT network security — Part 1: Network security management, 2006.

[ISO-18028-2:2006]

ISO/IEC 18028-2:2006, Information technology — Security techniques — IT network security — Part 1: Network security architecture, 2006.

[ISO-18028-5:2006]

ISO/IEC 18028-5:2006, Information technology — Security techniques — IT network security — Part 5: Securing communications across networks using virtual private networks, 2006.

[ISO-18033-2:2006]

ISO/IEC 18033-2:2006, Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers 2006.

[ISO-18043:2006]

ISO/IEC 18043:2006, Information technology — Security techniques — Selection, deployment and operations of intrusion detection systems. 2006.

[ISO-19790:2006]

ISO/IEC 19790:2006, Information technology — Security techniques — Security requirements for cryptographic modules. 2006.

[CCN-STIC-101:2005]

Procedimientos: Procedimiento de Acreditacin Nacional. Centro Criptológico Nacional, Guía STIC 101, 2005.

[EBIOS:2005]

EBIOS – Expression des Besoins et Identification des Objectifs de Sécurité

[NIST-SP800-38B:2005]

Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Special Publication 800-38B, May 2005.

[NIST-SP800-77:2005]

Guide to IPsec VPNs NIST Special Publication 800-77, December 2005.

[NIST-SP800-83:2005]

Guide to Malware Incident Prevention and Handling, NIST Special Publication 800-83, November 2005.

[ISO-11568:2005]

ISO 11568-1:2005, Banking — Key management (retail) — Part 1: Principles, 2005.

[ISO-11568-2:2005]

ISO 11568-2:2005, Banking — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle, 2005.

[ISO-15443-1:2005]

ISO/IEC TR 15443:2005, Information technology — Security techniques — A framework for IT security assurance — Part 1: Overview and framework, 2005.

[ISO-17799:2005]

ISO/IEC 17799:2005, Information technology — Code of practice for information security management, 2005.

[ISO-18028-3:2005]

ISO/IEC 18028-3:2005, Information technology — Security techniques — IT network security — Part 3: Securing communications between networks using security gateways , 2005.

[ISO-18028-4:2005]

ISO/IEC 18028-4:2005, Information technology — Security techniques — IT network security — Part 4: Securing remote access, 2005.

[ISO-18031:2005]

ISO/IEC 18031:2005, Information technology — Security techniques — Random bit generation, 2005.

[ISO-18033-1:2005]

ISO/IEC 18033-1:2005, Information technology — Security techniques — Encryption algorithms — Part 1: General, 2005.

[ISO-18033-3:2005]

ISO/IEC 18033-3:2005, Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers 2005.

[ISO-18033-4:2005]

ISO/IEC 18033-4:2005, Information technology — Security techniques — Encryption algorithms — Part 3: Stream ciphers 2005.

[ISO-27001:2005]

ISO/IEC 27001:2005, Information technology — Security techniques — Information security management systems — Requirements, 2005.

[H.235:2005]

ITU-T H.235, Implementors Guide for H.235 V3: Security and encryption for H-series (H.323 and other H.245- based) multimedia terminals. (5 August 2005).

[X.509:2005]

ITU-T X.509, ISI/IEC 9594-8, Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks. 08/2005.

[Magerit-v2:2005]

Ministerio de Administraciones Públicas, Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información, MAP, versión 2.0, 2005.

[UNE-Guide73_es:2005]

Gestión del riesgo — Vocabulario — Directrices para la utilización en las normas, 2005.

[FIPS-199:2004]

FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004..

[NIST-SP800-27:2004]

Engineering Principles for Information Technology Security (A Baseline for Achieving Security), NIST Special Publication 800-27 Rev. A, June 2004.

[NIST-SP800-37:2004]

Guide for the Security Certification and Accreditation of Federal Information Systems, NIST Special Publication 800-37, May 2004.

[NIST-SP800-38C:2004]

Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C, May 2004.

[NIST-SP800-60V2:2004]

Volume II: Appendixes to Guide for Mapping Types of Information and Information Systems to Security Categories, NIST Special Publication 800-60, June 2004.

[NIST-SP800-61:2004]

Computer Security Incident Handling Guide, NIST Special Publication 800-61, January 2004.

[ISO-9798-5:2004]

ISO/IEC 9798-5:2004, Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques, 2004.

[ISO-10118-3:2004]

ISO/IEC 10118-3:2004 Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions, 2004.

[ISO-13335-1:2004]

ISO/IEC 13335-1:2004, Information technology — Security techniques — Management of information and communications technology security — Part 1: Concepts and models for information and communications technology security management, 2004.

[ISO-13888-1:2004]

ISO/IEC 13888-1:2004, IT security techniques — Non-repudiation — Part 1: General, 2004.

[ISO-15946-4:2004]

ISO/IEC 15946-4:2004 Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 4: Digital signatures giving message recovery, 2004.

[ISO-18044:2004]

ISO/IEC TR 18044:2004, Information technology — Security techniques — Information security incident management, 2004.

[UNE-71502:2004]

UNE 71502:2004, Especificaciones para los Sistemas de Gestión de la Seguridad de la Información (SGSI), 2004.

[CRAMM:2003]

CCTA Risk Analysis and Management Method (CRAMM), Version 5.0, 2003.

[NIST-SP800-55:2003]

Security Metrics Guide for Information Technology Systems, NIST Special Publication 800-55, July 2003.

[ISO-15782-1:2003]

ISO 15782-1:2003, Certificate management for financial services — Part 1: Public key certificates, 2003.

[X.805:2003]

ITU-T X.805, Security architecture for systems providing end-to-end communications, (10/03).

[Ley-59:2003]

Ley 59/2003, de 19 de diciembre, de firma electrónica.

[Octave:2003]

C. Alberts and A. Dorofee, Managing information Security Risks. The OCTAVE Approach, Addison Wesley, 2003.

[TDIR:2003]

Texas Department of Information Resources, Practices for Protecting Information Resources Assets, Revised September 2003.

[NIST-SP800-34:2002]

Contingency Planning Guide for Information Technology Systems, NIST Special Publication 800-34, June 2002.

[ISO-Guide73:2002]

Risk management — Vocabulary — Guidelines for use in standards, 2002.

[ISO-8825-1:2002]

ISO/IEC 8825-1:2002, Information technology — ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), 2002.

[ISO-9796-2:2002]

ISO/IEC 9796-2:2002, Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms, 2002.

[ISO-14516:2002]

ISO/IEC TR 14516:2002, Information technology — Security techniques — Guidelines for the use and management of Trusted Third Party services, 2002.

[ISO-15816:2002]

ISO/IEC 15816:2002, Information technology — Security techniques — Security information objects for access control, 2002.

[ISO-15939:2002]

ISO/IEC 15939:2002, Software engineering — Software measurement process, 2002.

[ISO-15945:2002]

ISO/IEC 15945:2002, Information technology — Security techniques — Specification of TTP services to support the application of digital signatures, 2002.

[ISO-15946-1:2002]

ISO/IEC 15946-1:2002, Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 1: General, 2002.

[ISO-15946-2:2002]

ISO/IEC 15946-2:2002, Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 2: Digital signatures, 2002.

[ISO-15946-3:2002]

ISO/IEC 15946-3:2002, Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 3: Key establishment, 2002.

[ISO-15947:2002]

ISO/IEC TR 15947:2002, Information technology — Security techniques — IT intrusion detection framework, 2002.

[ISO-18014-1:2002]

ISO/IEC IS 18014-2:2002, Information technology — Security techniques — Time-stamping services — Part 1: Framework 2002.

[ISO-18014-2:2002]

ISO/IEC IS 18014-2:2002, Information technology — Security techniques — Time-stamping services — Part 2: Mechanisms producing independent tokens 2002.

[H.530:2002]

ITU-H H.530, Symmetric security procedures for H.323 mobility in H.510. (03/02).

[FIPS-140-2:2001]

FIPS 140-2, Security Requirements for Cryptographic Modules, May 2001.

[NIST-SP800-33:2001]

Underlying Technical Models for Information Technology Security, NIST Special Publication 800-33, December 2001.

[NIST-SP800-38A:2001]

Recommendation for Block Cipher Modes of Operation – Methods and Techniques, NIST Special Publication 800-38A, Dec 2001.

[ISO-15292:2001]

ISO/IEC 15292:2001, Information technology – Security techniques – Protection Profile registration procedures, 2001.

[CIAO:2000]

Critical Infrastructure Assurance Office, Practices for Securing Critical Information Assets, January 2000.

[FIPS-186-2:2000]

FIPS 186-2, Digital Signature Standard (DSS), January, 2000.

[ISO-9000_es:2000]

Sistemas de gestión de la calidad — Conceptos y vocabulario, 2000.

[ISO-10118-1:2000]

ISO/IEC 10118-1:2000, Information technology — Security techniques — Hash-functions — Part 1: General, 2000.

[ISO-13335-4:2000]

ISO/IEC 13335-4:2000, Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards, 2000.

[Directive-1999/93/EC:1999]

Directive 1999/93/EC of the European Parliament and the Council of 13 December 1999 on a Community framework for electronic signatures.

[FIPS-43-3:1999]

FIPS 43-3, Data Encryption Standard (DES), October 1999 (withdrawn May 19, 2005).

[ISO-8732:1999]

ISO 8732:1988/Cor 1:1999, Banking – Key management (wholesale), 1999.

[ISO-9797-1:1999]

ISO/IEC 9797-1:1999, Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher, 1999.

[ISO-2382-8:1998]

ISO/IEC 2382-8:1998, Information technology — Vocabulary — Part 8: Security, 1998.

[ISO-14888-1:1998]

ISO/IEC 14888-1:1998, Information technology — Security techniques — Digital signatures with appendix — Part 1: General, 1998.

[CESID:1997]

Centro Superior de Información de la Defensa, Glosario de Términos de Criptología, Ministerio de Defensa, 3ª edición, 1997.

[ISO-9798-1:1997]

ISO/IEC 9798-1:1997, Information technology — Security techniques — Entity authentication — Part 1: General, 1997.

[Magerit:1997]

Ministerio de Administraciones Públicas, Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información, MAP, versión 1.0, 1997.

[Ribagorda:1997]

A. Ribagorda, Glosario de Términos de Seguridad de las T.I., Ediciones CODA, 1997.

[ISO-10181-1:1996]

ISO/IEC 10181-1:1996, ITU-T X.810, Information technology – Open Systems Interconnection – Security frameworks for open systems: Overview, 1996.

[ISO-10181-2:1996]

ISO/IEC 10181-2:1996, ITU-T X.811, Information technology — Open Systems Interconnection — Security frameworks for open systems: Authentication framework, 1996.

[ISO-11770-1:1996]

ISO/IEC 11770-1:1996, Information technology — Security techniques — Key management — Part 1: Framework, 1996.

[ISO-11770-2:1996]

ISO/IEC 11770-2:1996, Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques, 1996.

[X.790:1995]

ITU-T X.790, X.790 Trouble management function for ITU-T applications. (11/95).

[X.810:1995]

ITU-T X.810, ISO/IEC 10181-1:1996, Information technology – Open Systems Interconnection – Security frameworks for open systems: Overview. (11/95).

[IRM-5239-8:1995]

IRM-5239-08A, U.S. Marine Corps, Compuer Security Procedures, 1995.

[ITSEM:1993]

ITSEM – Information Technology Security Evaluation Manual. Commission of the European Communities. 1993.

[ITSEC:1991]

ITSEC – Information Technology Security Evaluation Criteria – Harmonized Criteria of France, Germany, the Netherlands, and the United Kingdom, Version 1.1, Published by Dept. of Trade and Industry, London, 1991.

[ISO-7498-2:1989]

ISO 7498-2:1989, ITU-T X.800, Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture, 1989.

[TCSEC:1985]

TCSEC – Trusted Computer Systems Evaluation Criteria, DoD 5200.28-STD, Department of Defense, United States of America, 1985

[FIPS-81:1980]

FIPS 81, DES Modes of Operation, December 1980 (withdrawn May 19, 2005).

[BLP:1976]

Bell, D. E. and LaPadula, L. J., Secure Computer Systems: Unified Exposition and Multics Interpretation, MTR-2997 Rev. 1, MITRE Corp., Bedford, Mass., March 1976.

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s