NIST Guideline in Network Security Testing
The United States National Institute of Standards and Technology (NIST) have released a document called as Technical Guide to Information Security Testing and Assessment which addresses and covers network penetration testing methodologies at a high level.
The actual document addresses the process typically applied in penetration testing, planning for penetration tests, conducting detailed analysis, and dealing with validation of discovered concerns. The NIST guideline in network security testing also includes appendices that cover some common tools found in Backtrack, a penetration testing Linux distribution.
Download NIST Guideline in Network Security Testing here
Download NIST Guideline in Network Security Testing
Another very helpful appendix is an actual template or format for the rules of engagement, assisting and helping penetration testers and target system employees agree upon various vital aspects of how the penetration testing will be carried out.
One of the most valuable aspects of the NIST guideline in network security testing is the drive and motivation which can help us inspire in management. If management suggests that our testing methodology need not include some vital component that NIST advises, penetration testers can ask our management why they want to deviate from NIST’s guidance. Management may then offer business rationale for doing it, or consider that complying with the NIST guideline in network security testing is a much better practice than what they anticipated.
Yet another document from NIST also covers measuring security in an organization. The Guide for Assessing the Security Controls in Federal Information Systems, Special Publication 800-534, is much more high-level than SP 800-115, however it still gives some useful and important tips for planning security assessments.
Incoming search terms:
- nist penetration testing
- nist penetration testing documentation
- guideline on network security testing
- which nist standards document encompasses security testing and penetration testing
- nist penetration