NIST 800-115

Summary

NIST Special Publication 800-115 is an overview of the key elements of security testing. It directs organizations on how to plan and conduct technical information security testing, analyze the findings, and develop remediation strategies. The version used in this section is NIST 800-115 September 2008.

Definitions

Definition	Requirements
NIST800115-3_2. Log review	322. Avoid excessive logging 376. Register severity level 377. Store logs based on valid regulation 075. Record exceptional events in logs
NIST800115-3_4. System configuration review	062. Define standard configurations
NIST800115-3_5. Network sniffing	181. Transmit data using secure protocols 255. Allow access only to the necessary ports 033. Restrict administrative access
NIST800115-3_6. File integrity checking	178. Use digital signatures 320. Avoid client-side control enforcement 040. Compare file format and extension
NIST800115-4_2. Network port and service identification	237. Ascertain human interaction 266. Disable insecure functionalities 327. Set a rate limit
NIST800115-4_4. Wireless scanning	181. Transmit data using secure protocols 249. Locate access points
NIST800115-4_4_1. Passive wireless scanning	154. Eliminate backdoors 253. Restrict network access 254. Change SSID name
NIST800115-5_1. Password cracking	127. Store hashed passwords 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords 333. Store salt values separately
NIST800115-6_6. Legal considerations	331. Guarantee legal compliance
NIST800115-7_4_1. Data collection	365. Avoid exposing technical information
NIST800115-7_4_3. Data transmission	181. Transmit data using secure protocols
NIST800115-7_4_4. Data destruction	183. Delete sensitive data securely 360. Remove unnecessary sensitive information

Last updated

2023/09/18