Skip to Main Content

National Institute of Standards and Technology (NIST)

Information Standards Organization (ISO) Information Security Management Standards

The ISO is a non-governmental organization that serves as an international standards setting body. ISO publishes two important information security standards:

Defense Information Assurance Program (DIAP)

The DIAP was established by the Secretary of Defense in compliance with the specific requirements set forth in federal law (10 U.S.C. 2224). The objectives of this program are: "to provide continuously for the availability, integrity, authentication, confidentiality, nonrepudiation, and rapid restitution of information and information systems that are essential elements of the Defense Information Infrastructure" (10 U.S.C. 2224(b)).  Policy documents governing the operation of the DIAP are found in the Department of Defense Directives System 8500 series documents. Key documents in this series include:

Control Objectives for Information and Related Technology (COBIT)

The COBIT framework is maintained and published by ISACA, a nonprofit organization. COBIT is primarily a governance framework which lists best practices and business processes which organizations should follow: