El Centro Criptológico Nacional es uno de los organismos más relevantes en lo que se refiere a la difusión de los conceptos de seguridad en España.
De su página web extraigo esta interesante lista de normas técnicas de seguridad:
[ISO-11770-3:2008]
ISO/IEC 11770-3:2008, Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques, 2008.
[ISO-27005:2008]
ISO/IEC 27005:2008, Information technology — Security techniques — Information security risk management, 2008.
[UNE-71504:2008]
UNE 71504:2008 – Metodología de análisis y gestión de riesgos de los sistemas de información, 2008.
[CCN-STIC-401:2007]
Guías Generales: Glosario y Abreviaturas. Centro Criptológico Nacional, Guía STIC 401 2007.
[ITIL:2007]
ITIL V3 Glossary, 30 May 2007
[NIST-SP800-38D:2007]
Recommendation for Block Cipher Modes of Operation: Galois/Counter, NIST Special Publication 800-38D, Nov 2007.
[NIST-SP800-57:2007]
Recommendation for Key Management – Part 1: General, NIST Special Publication 800-57, March 2007.
[NIST-SP800-94:2007]
Guide to Intrusion Detection and Prevention Systems (IDPS) NIST Special Publication 800-94, February 2007.
[ISO-11568-4:2007]
ISO 11568-4:2007, Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle, 2007.
[ISO-21827:2007]
ISO/IEC 21827:2002, Information technology — Systems Security Engineering — Capability Maturity Model (SSE-CMM), 2007.
[RFC4949:2007]
RFC4949, Internet Security Glossary, Version 2, August 2007Each entry is preceded by a character — I, N, O, or D — enclosed in parentheses, to indicate the type of definition (as is explained further in Section 3):
- «I» for a RECOMMENDED term or definition of Internet origin.
- «N» if RECOMMENDED but not of Internet origin.
- «O» for a term or definition that is NOT recommended for use in IDOCs but is something that authors of Internet documents should know about.
- «D» for a term or definition that is deprecated and SHOULD NOT be used in Internet documents.
.see url:http://www.ietf.org/rfc/rfc4949
[UNE-ISO-27001_es:2007]
UNE-ISO/IEC 27001:2007, Tecnología de la información – Técnicas de seguridad – Sistemas de Gestión de la Seguridad de la Información (SGSI) – Especificaciones (ISO/IEC 27001:2005), 2007.
[BS25999-1:2006]
Business continuity management – Part 1: Code of practice. British Standard BS 25999-1:2006.
[CC:2006]
Common Criteria for Information Technology Security Evaluation, version 3.1, revision 1, September 2006.
- Part 1 – Introduction and general model
- Part 2 – Security functional requirements
- Part 3 – Security assurance requirements
Also published as [ISO/IEC 15408].
[CCN-STIC-001:2006]
Políticas: Seguridad de las TIC en la Administración. Centro Criptológico Nacional, Guía STIC 001, 2006.
[CCN-STIC-002:2006]
Políticas: Definición de Criptología Nacional. Centro Criptológico Nacional, Guía STIC 002, 2006.
[CCN-STIC-003:2006]
Políticas: Uso Cifradores Certificados. Centro Criptológico Nacional, Guía STIC 003, 2006.
[CCN-STIC-103:2006]
Procedimientos: Catálogo de Productos con Certificación Criptológica Centro Criptológico Nacional, Guía STIC 103, 2006.
[CCN-STIC-150:2006]
Procedimientos: Evaluación y Clasificación Tempest de Cifradores con Certificación Criptológica. Centro Criptológico Nacional, Guía STIC 150 2006.
[CCN-STIC-151:2006]
Procedimientos: Evaluacin y Clasificacin Tempest de Equipos. Centro Criptológico Nacional, Guía STIC 151 2006.
[CCN-STIC-152:2006]
Procedimientos: Evaluacin y Clasificacin Zoning de Locales. Centro Criptológico Nacional, Guía STIC 152 2006.
[CCN-STIC-201:2006]
Normas: Organización y Gestión STIC. Centro Criptológico Nacional, Guía STIC 201 2006.
[CCN-STIC-202:2006]
Normas: Estructura y Contenido DRS. Centro Criptológico Nacional, Guía STIC 202 2006.
[CCN-STIC-203:2006]
Normas: Estructura y Contenido POS. Centro Criptológico Nacional, Guía STIC 203 2006.
[CCN-STIC-204:2006]
Normas: CO-DRS-POS Formulario Centro Criptológico Nacional, Guía STIC 204 2006.
[CCN-STIC-207:2006]
Normas: Estructura y Contenido del Concepto de Operación de Seguridad (COS). Centro Criptológico Nacional, Guía STIC 207 2006.
[CCN-STIC-301:2006]
Instrucciones Técnicas: Requisitos STIC. Centro Criptológico Nacional, Guía STIC 301 2006.
[CCN-STIC-302:2006]
Instrucciones Técnicas: Interconexión de CIS. Centro Criptológico Nacional, Guía STIC 302 2006.
[CCN-STIC-303:2006]
Instrucciones Técnicas: Inspección STIC. Centro Criptológico Nacional, Guía STIC 303 2006.
[CCN-STIC-400:2006]
Guías Generales: Manual de Seguridad de las TIC. Centro Criptológico Nacional, Guía STIC 400 2006.
[CCN-STIC-403:2006]
Guías Generales: Gestión de Incidentes de Seguridad. Centro Criptológico Nacional, Guía STIC 403 2006.
[CCN-STIC-404:2006]
Guías Generales: Control de Soportes Informáticos. Centro Criptológico Nacional, Guía STIC 404 2006.
[CCN-STIC-405:2006]
Guías Generales: Algoritmos y Parmetros de Firma Electrnica Centro Criptológico Nacional, Guía STIC 405 2006.
[CCN-STIC-406:2006]
Guías Generales: Seguridad de Redes Inalámbricas. Centro Criptológico Nacional, Guía STIC 406 2006.
[CCN-STIC-407:2006]
Guías Generales: Seguridad de Telefonía Móvil. Centro Criptológico Nacional, Guía STIC 407 2006.
[CCN-STIC-408:2006]
Guías Generales: Seguridad Perimetral – Cortafuegos. Centro Criptológico Nacional, Guía STIC 408 2006.
[CCN-STIC-414:2006]
Guías Generales: Seguridad en Voz sobre IP. Centro Criptológico Nacional, Guía STIC 414 2006.
[CCN-STIC-430:2006]
Guías Generales: Herramientas de Seguridad. Centro Criptológico Nacional, Guía STIC 430 2006.
[CCN-STIC-431:2006]
Guías Generales: Herramientas de Análisis de Vulnerabilidades. Centro Criptológico Nacional, Guía STIC 431 2006.
[CCN-STIC-432:2006]
Guías Generales: Seguridad Perimetral – Detección de Intrusos. Centro Criptológico Nacional, Guía STIC 432 2006.
[CCN-STIC-435:2006]
Guías Generales: Herramientas de Monitorización de Tráfico en Red. Centro Criptológico Nacional, Guía STIC 435 2006.
[CCN-STIC-512:2006]
Guías para Entornos Windows: Gestin de Actualizaciones de Seguridad en Sistemas Windows. Centro Criptológico Nacional, Guía STIC 512 2006.
[CCN-STIC-611:2006]
Guías para otros entornos: Configuración Segura (SuSE Linux). Centro Criptológico Nacional, Guía STIC 611 2006.
[CCN-STIC-612:2006]
Guías para otros entornos: Configuración Segura (Debian). Centro Criptológico Nacional, Guía STIC 612 2006.
[CCN-STIC-614:2006]
Guías para otros entornos: Configuración Segura (RedHat Enterprise AS 4 y Fedora). Centro Criptológico Nacional, Guía STIC 614 2006.
[CCN-STIC-641:2006]
Guías para otros entornos: Plantilla configuracin segura Routers CISCO. Centro Criptológico Nacional, Guía STIC 641 2006.
[CCN-STIC-642:2006]
Guías para otros entornos: Configuracin Segura (Switches Enterasys). Centro Criptológico Nacional, Guía STIC 642 2006.
[CCN-STIC-671:2006]
Guías para otros entornos: Configuracin Segura (Servidor Web Apache). Centro Criptológico Nacional, Guía STIC 671 2006.
[CCN-STIC-903:2006]
Informes Técnicos: kk Centro Criptológico Nacional, Guía STIC 903 2006.
[CCN-STIC-951:2006]
Informes Técnicos: kk Centro Criptológico Nacional, Guía STIC 951 2006.
[CCN-STIC-952:2006]
Informes Técnicos: kk Centro Criptológico Nacional, Guía STIC 952 2006.
[CEM:2006]
Common Evaluation Methodology, version 3.1, revision 1, September 2006. Also published as [ISO/IEC 18405].
[CNSS-4009:2006]
NATIONAL INFORMATION ASSURANCE (IA) GLOSSARY. Committee on National Security Systems. CNSS Instruction No. 4009. Revised June 2006.
[COBIT:2006]
CobiT – Control Objectives, Management Guidelines, Maturity Models. IT Gobernance Institute. Version 4.0, 2006.
[FIPS-200:2006]
FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.
[NIST7298:2006]
NIST IR 7298 Glossary of Key Information Security Terms, April 25, 2006.
[NIST-SP800-53:2006]
Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53, December 2006.
[NIST-SP800-88:2006]
Guidelines for Media Sanitization, NIST Special Publication 800-88, September 2006.
[NIST-SP800-100:2006]
Information Security Handbook: A Guide for Managers, NIST Special Publication 800-100, October 2006.
[ISO-11770-4:2006]
ISO/IEC 11770-4:2006, Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets, 2006.
[ISO-14888-3:2006]
ISO/IEC 14888-3:2006, Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms, 2006.
[ISO-18028-1:2006]
ISO/IEC 18028-1:2006, Information technology — Security techniques — IT network security — Part 1: Network security management, 2006.
[ISO-18028-2:2006]
ISO/IEC 18028-2:2006, Information technology — Security techniques — IT network security — Part 1: Network security architecture, 2006.
[ISO-18028-5:2006]
ISO/IEC 18028-5:2006, Information technology — Security techniques — IT network security — Part 5: Securing communications across networks using virtual private networks, 2006.
[ISO-18033-2:2006]
ISO/IEC 18033-2:2006, Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers 2006.
[ISO-18043:2006]
ISO/IEC 18043:2006, Information technology — Security techniques — Selection, deployment and operations of intrusion detection systems. 2006.
[ISO-19790:2006]
ISO/IEC 19790:2006, Information technology — Security techniques — Security requirements for cryptographic modules. 2006.
[CCN-STIC-101:2005]
Procedimientos: Procedimiento de Acreditacin Nacional. Centro Criptológico Nacional, Guía STIC 101, 2005.
[EBIOS:2005]
EBIOS – Expression des Besoins et Identification des Objectifs de Sécurité
[NIST-SP800-38B:2005]
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Special Publication 800-38B, May 2005.
[NIST-SP800-77:2005]
Guide to IPsec VPNs NIST Special Publication 800-77, December 2005.
[NIST-SP800-83:2005]
Guide to Malware Incident Prevention and Handling, NIST Special Publication 800-83, November 2005.
[ISO-11568:2005]
ISO 11568-1:2005, Banking — Key management (retail) — Part 1: Principles, 2005.
[ISO-11568-2:2005]
ISO 11568-2:2005, Banking — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle, 2005.
[ISO-15443-1:2005]
ISO/IEC TR 15443:2005, Information technology — Security techniques — A framework for IT security assurance — Part 1: Overview and framework, 2005.
[ISO-17799:2005]
ISO/IEC 17799:2005, Information technology — Code of practice for information security management, 2005.
[ISO-18028-3:2005]
ISO/IEC 18028-3:2005, Information technology — Security techniques — IT network security — Part 3: Securing communications between networks using security gateways , 2005.
[ISO-18028-4:2005]
ISO/IEC 18028-4:2005, Information technology — Security techniques — IT network security — Part 4: Securing remote access, 2005.
[ISO-18031:2005]
ISO/IEC 18031:2005, Information technology — Security techniques — Random bit generation, 2005.
[ISO-18033-1:2005]
ISO/IEC 18033-1:2005, Information technology — Security techniques — Encryption algorithms — Part 1: General, 2005.
[ISO-18033-3:2005]
ISO/IEC 18033-3:2005, Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers 2005.
[ISO-18033-4:2005]
ISO/IEC 18033-4:2005, Information technology — Security techniques — Encryption algorithms — Part 3: Stream ciphers 2005.
[ISO-27001:2005]
ISO/IEC 27001:2005, Information technology — Security techniques — Information security management systems — Requirements, 2005.
[H.235:2005]
ITU-T H.235, Implementors Guide for H.235 V3: Security and encryption for H-series (H.323 and other H.245- based) multimedia terminals. (5 August 2005).
[X.509:2005]
ITU-T X.509, ISI/IEC 9594-8, Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks. 08/2005.
[Magerit-v2:2005]
Ministerio de Administraciones Públicas, Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información, MAP, versión 2.0, 2005.
[UNE-Guide73_es:2005]
Gestión del riesgo — Vocabulario — Directrices para la utilización en las normas, 2005.
[FIPS-199:2004]
FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004..
[NIST-SP800-27:2004]
Engineering Principles for Information Technology Security (A Baseline for Achieving Security), NIST Special Publication 800-27 Rev. A, June 2004.
[NIST-SP800-37:2004]
Guide for the Security Certification and Accreditation of Federal Information Systems, NIST Special Publication 800-37, May 2004.
[NIST-SP800-38C:2004]
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C, May 2004.
[NIST-SP800-60V2:2004]
Volume II: Appendixes to Guide for Mapping Types of Information and Information Systems to Security Categories, NIST Special Publication 800-60, June 2004.
[NIST-SP800-61:2004]
Computer Security Incident Handling Guide, NIST Special Publication 800-61, January 2004.
[ISO-9798-5:2004]
ISO/IEC 9798-5:2004, Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques, 2004.
[ISO-10118-3:2004]
ISO/IEC 10118-3:2004 Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions, 2004.
[ISO-13335-1:2004]
ISO/IEC 13335-1:2004, Information technology — Security techniques — Management of information and communications technology security — Part 1: Concepts and models for information and communications technology security management, 2004.
[ISO-13888-1:2004]
ISO/IEC 13888-1:2004, IT security techniques — Non-repudiation — Part 1: General, 2004.
[ISO-15946-4:2004]
ISO/IEC 15946-4:2004 Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 4: Digital signatures giving message recovery, 2004.
[ISO-18044:2004]
ISO/IEC TR 18044:2004, Information technology — Security techniques — Information security incident management, 2004.
[UNE-71502:2004]
UNE 71502:2004, Especificaciones para los Sistemas de Gestión de la Seguridad de la Información (SGSI), 2004.
[CRAMM:2003]
CCTA Risk Analysis and Management Method (CRAMM), Version 5.0, 2003.
[NIST-SP800-55:2003]
Security Metrics Guide for Information Technology Systems, NIST Special Publication 800-55, July 2003.
[ISO-15782-1:2003]
ISO 15782-1:2003, Certificate management for financial services — Part 1: Public key certificates, 2003.
[X.805:2003]
ITU-T X.805, Security architecture for systems providing end-to-end communications, (10/03).
[Ley-59:2003]
Ley 59/2003, de 19 de diciembre, de firma electrónica.
[Octave:2003]
C. Alberts and A. Dorofee, Managing information Security Risks. The OCTAVE Approach, Addison Wesley, 2003.
[TDIR:2003]
Texas Department of Information Resources, Practices for Protecting Information Resources Assets, Revised September 2003.
[NIST-SP800-34:2002]
Contingency Planning Guide for Information Technology Systems, NIST Special Publication 800-34, June 2002.
[ISO-Guide73:2002]
Risk management — Vocabulary — Guidelines for use in standards, 2002.
[ISO-8825-1:2002]
ISO/IEC 8825-1:2002, Information technology — ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), 2002.
[ISO-9796-2:2002]
ISO/IEC 9796-2:2002, Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms, 2002.
[ISO-14516:2002]
ISO/IEC TR 14516:2002, Information technology — Security techniques — Guidelines for the use and management of Trusted Third Party services, 2002.
[ISO-15816:2002]
ISO/IEC 15816:2002, Information technology — Security techniques — Security information objects for access control, 2002.
[ISO-15939:2002]
ISO/IEC 15939:2002, Software engineering — Software measurement process, 2002.
[ISO-15945:2002]
ISO/IEC 15945:2002, Information technology — Security techniques — Specification of TTP services to support the application of digital signatures, 2002.
[ISO-15946-1:2002]
ISO/IEC 15946-1:2002, Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 1: General, 2002.
[ISO-15946-2:2002]
ISO/IEC 15946-2:2002, Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 2: Digital signatures, 2002.
[ISO-15946-3:2002]
ISO/IEC 15946-3:2002, Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 3: Key establishment, 2002.
[ISO-15947:2002]
ISO/IEC TR 15947:2002, Information technology — Security techniques — IT intrusion detection framework, 2002.
[ISO-18014-1:2002]
ISO/IEC IS 18014-2:2002, Information technology — Security techniques — Time-stamping services — Part 1: Framework 2002.
[ISO-18014-2:2002]
ISO/IEC IS 18014-2:2002, Information technology — Security techniques — Time-stamping services — Part 2: Mechanisms producing independent tokens 2002.
[H.530:2002]
ITU-H H.530, Symmetric security procedures for H.323 mobility in H.510. (03/02).
[FIPS-140-2:2001]
FIPS 140-2, Security Requirements for Cryptographic Modules, May 2001.
[NIST-SP800-33:2001]
Underlying Technical Models for Information Technology Security, NIST Special Publication 800-33, December 2001.
[NIST-SP800-38A:2001]
Recommendation for Block Cipher Modes of Operation – Methods and Techniques, NIST Special Publication 800-38A, Dec 2001.
[ISO-15292:2001]
ISO/IEC 15292:2001, Information technology – Security techniques – Protection Profile registration procedures, 2001.
[CIAO:2000]
Critical Infrastructure Assurance Office, Practices for Securing Critical Information Assets, January 2000.
[FIPS-186-2:2000]
FIPS 186-2, Digital Signature Standard (DSS), January, 2000.
[ISO-9000_es:2000]
Sistemas de gestión de la calidad — Conceptos y vocabulario, 2000.
[ISO-10118-1:2000]
ISO/IEC 10118-1:2000, Information technology — Security techniques — Hash-functions — Part 1: General, 2000.
[ISO-13335-4:2000]
ISO/IEC 13335-4:2000, Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards, 2000.
[Directive-1999/93/EC:1999]
Directive 1999/93/EC of the European Parliament and the Council of 13 December 1999 on a Community framework for electronic signatures.
[FIPS-43-3:1999]
FIPS 43-3, Data Encryption Standard (DES), October 1999 (withdrawn May 19, 2005).
[ISO-8732:1999]
ISO 8732:1988/Cor 1:1999, Banking – Key management (wholesale), 1999.
[ISO-9797-1:1999]
ISO/IEC 9797-1:1999, Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher, 1999.
[ISO-2382-8:1998]
ISO/IEC 2382-8:1998, Information technology — Vocabulary — Part 8: Security, 1998.
[ISO-14888-1:1998]
ISO/IEC 14888-1:1998, Information technology — Security techniques — Digital signatures with appendix — Part 1: General, 1998.
[CESID:1997]
Centro Superior de Información de la Defensa, Glosario de Términos de Criptología, Ministerio de Defensa, 3ª edición, 1997.
[ISO-9798-1:1997]
ISO/IEC 9798-1:1997, Information technology — Security techniques — Entity authentication — Part 1: General, 1997.
[Magerit:1997]
Ministerio de Administraciones Públicas, Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información, MAP, versión 1.0, 1997.
[Ribagorda:1997]
A. Ribagorda, Glosario de Términos de Seguridad de las T.I., Ediciones CODA, 1997.
[ISO-10181-1:1996]
ISO/IEC 10181-1:1996, ITU-T X.810, Information technology – Open Systems Interconnection – Security frameworks for open systems: Overview, 1996.
[ISO-10181-2:1996]
ISO/IEC 10181-2:1996, ITU-T X.811, Information technology — Open Systems Interconnection — Security frameworks for open systems: Authentication framework, 1996.
[ISO-11770-1:1996]
ISO/IEC 11770-1:1996, Information technology — Security techniques — Key management — Part 1: Framework, 1996.
[ISO-11770-2:1996]
ISO/IEC 11770-2:1996, Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques, 1996.
[X.790:1995]
ITU-T X.790, X.790 Trouble management function for ITU-T applications. (11/95).
[X.810:1995]
ITU-T X.810, ISO/IEC 10181-1:1996, Information technology – Open Systems Interconnection – Security frameworks for open systems: Overview. (11/95).
[IRM-5239-8:1995]
IRM-5239-08A, U.S. Marine Corps, Compuer Security Procedures, 1995.
[ITSEM:1993]
ITSEM – Information Technology Security Evaluation Manual. Commission of the European Communities. 1993.
[ITSEC:1991]
ITSEC – Information Technology Security Evaluation Criteria – Harmonized Criteria of France, Germany, the Netherlands, and the United Kingdom, Version 1.1, Published by Dept. of Trade and Industry, London, 1991.
[ISO-7498-2:1989]
ISO 7498-2:1989, ITU-T X.800, Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture, 1989.
[TCSEC:1985]
TCSEC – Trusted Computer Systems Evaluation Criteria, DoD 5200.28-STD, Department of Defense, United States of America, 1985
[FIPS-81:1980]
FIPS 81, DES Modes of Operation, December 1980 (withdrawn May 19, 2005).
[BLP:1976]
Bell, D. E. and LaPadula, L. J., Secure Computer Systems: Unified Exposition and Multics Interpretation, MTR-2997 Rev. 1, MITRE Corp., Bedford, Mass., March 1976.
Todo es electrónico 