Reference and Resources
ANNUAL TRENDING REPORTS
The MPAA is also pleased to release a trending report on the facilities that were visited by the calendar year when the inspection occurred. Each report provides a summary of trends and observations.
2011 Trending Report (available Q1 2012)2010 Trending Report
OTHER ONLINE RESOURCES
International Organization for Standardization (ISO), Standard 27001. Information technology - Security techniques - Information security management systems – Requirements. October 2005.
http://www.27000.org/iso-27001.htmInternational Organization for Standardization (ISO), Standard 27002. Information technology - Security techniques - Code of practice for information security management. July 2007.
http://www.27000.org/iso-27002.htmInternational Organization for Standardization (ISO), Standard 27005. Information technology - Security technique- Information security risk management. June 2008.
http://www.27000.org/iso-27005.htmNational Institute of Standards and Technology Special Publication 800-53. Recommended Security Controls for Federal Information Systems, February 2005.
http://csrc.nist.gov/publications/drafts/800-53/800-53-rev3-IPD.pdfNational Institute of Standards and Technology Special Publication IR 7298. Glossary of Key Information Security Terms, April 2006.
http://csrc.nist.gov/publications/nistir/NISTIR-7298_Glossary_Key_Infor_Security_Terms.pdfSysAdmin, Audit, Networking, and Security (SANS Institute). Glossary of Terms Used in Security and Intrusion Detection
http://www.sans.org/resources/glossary.php#mThe Open Web Application Security Project (OWASP) – Testing Guide
http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdfNational Institute of Standards and Technology Special Publication 800-88. Guidelines for Media Sanitization, September 2006
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdfNational Industrial Security Program - Operating Manual (DoD 5220.22-M), February 2006
http://www.dss.mil/isp/odaa/documents/nispom2006-5220.pdfThe Center for Internet Security – Security Benchmarks
http://cisecurity.org/en-us/?route=downloads.multiformNational Security Agency - Security Configuration Guides
http://www.nsa.gov/ia/guidance/security_configuration_guides/National Institute of Standards and Technology Special Publication 800-92. Guide to Computer Security Log Management, September 2006.
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdfNational Institute of Standards and Technology Special Publication 800-44. Guidelines on Securing Public Web Servers, September 2007.
http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdfNational Institute of Standards and Technology Special Publication 800-40. Creating a Patch and Vulnerability Management Program, November 2005.
http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdfCERTIFICATION BODIES
Before the end of this year, the MPAA will provide links to other organizations or entities where you can receive information about how your facility can obtain certification and/or accreditation from a recognized body.
