NIST-SP800-207零信任架构 中英文版

INTRODUCTION THE NEED TO PROTECT CONTROLLED UNCLASSIFIED INFORMATION oday, more than at any time in history, the federal government is relying on external service providers to help carry out a wide range of federal missions and business functions using state-of-the-practice information systems. Many federal contractors, for example, routinely process, store, and transmit sensitive federal information in their information systems1 to support the delivery of essential products and services to federal agencies (e.g., providing credit card and other financial services; providing Web and electronic mail services; conducting background investigations for security clearances; processing healthcare data; providing cloud services; and developing communications, satellite, and weapons systems). Additionally, federal information is frequently provided to or shared with entities such as State and local governments, colleges and universities, and independent research organizations. The protection of sensitive federal information while residing in nonfederal information systems2 and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations, including those missions and functions related to the critical infrastructure. The protection of unclassified federal information in nonfederal information systems and organizations is dependent on the federal government providing a disciplined and structured process for identifying the different types of information that are routinely used by federal agencies. On November 4, 2010, the President signed Executive Order 13556, Controlled Unclassified Information.3 The Executive Order established a governmentwide Controlled Unclassified Information (CUI)4 Program to standardize the way the executive branch handles unclassified information that requires protection and designated the National Archives and Rec

安全控制 NIST SP800-53 等保

美国国家标准和技术研究所NIST SP 800-172,第三节内容安全要求

本标准旨在为企业安全架构师介绍零信任理念。它旨在帮助理解用于民用非保密系统的零信任，并为将零信任安全概念移植和部署到企业环境提供路线图。 网络安全经理、网络管理员和管理者也可以从本文档中了解零信任和 ZTA。它不是针对 ZTA 的单一部署计划，因为企业将拥有需要保护的独特业务用例和数据资产。从对组织业务和数据的扎实了解开始，将形成一种强有力的零信任方法。

随机数熵评估标准 NIST.SP800-90B 源代码。 近似熵 最小熵

NIST SP 800-53 Revision 4 附錄D之後的所有控制措施(繁中版)

美国NIST发布的一些列等级保护的标准，很值得借鉴和学习