This document provides techniques and procedures for the secure use of Voice over Internet Protocol (VoIP) within the Department of Homeland Security (DHS) Information Technology (IT) Program. It is published as an Attachment to the DHS 4300A Sensitive Systems Handbook, which is based on DHS Sensitive Systems Policy Directive 4300A.
Web Content Filtering (WCF) provides protection at the application layer for web traffic by blocking access to suspicious websites, preventing malware from running on systems and networks, and detecting and blocking phishing attempts as well as malicious web content.
This article describes the steps to take to secure video conferencing.
This blog post is for developers and manufacturers working with private-trust client or device certificates, such as those used in a software application or IoT device.
This link provides a list of Security Technical Implementation Guides (STIGs) for various web server platforms.
This DoD Security Tip provides guidance on malicious code and how to protect an organization’s information systems from it.
This provides a response to an FAQ regarding protection of CUI at rest through physical and logical protections other than encryption.
Data encryption is the process of translating data into a code (ciphertext) so that only people with access to a secret key can read it. Encrypting data is one of the most popular and effective security methods used by an organization.
This article from Boston University gives a broad overview of authentication, authorization and encryption and their uses. This provides a response to an FAQ regarding protection of CUI at rest through physical and logical protections other than encryption. Information Protection resources that provide resources on how to secure documents and other data across your organization. Learn more about the challenge and importance of applied cryptography to your organization This NIST Special Publication provides recommendations to facilitate more efficient and effective storage encryption solution design, implementation, and management for Federal departments and agencies. This NIST Special Publication is one part in a series of documents intended to provide guidance to the Federal Government for using cryptography to protect its sensitive, but unclassified digitized information during transmission and while in storage. NIST resource that define requirements for proper protection of information at rest (e.g, encryption, off-line storage, physical protection) This sample policy from SANS provides guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. This SANS provided policy outlines the requirements for protecting encryption keys that are under the control of end users. This SANS whitepaper defines FIPS, identify FIPS approved encryption algorithms, and examine some different vendor solutions and their use of these approved algorithms. This whitepaper outlines the challenges and solutions of data security. This video from SANS educates viewers on the positive and negative aspects of using full disk encryption for security.
This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC). This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. Information Protection resources that provide resources on how to secure documents and other data across your organization. This NIST document is intended to provide programmatic guidance of the CMVP. Learn more about the challenge and importance of applied cryptography to your organization The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171. This whitepaper outlines the challenges and solutions of data security.
This example procedure from the EPS facilitates the implementation of security control requirements for the System and Communications Protection control family, as identified NIST SP 800-53.
This publication from the FCC provides answers to FAQs about VoIP.