Skip to main content

NIST 800-115

logo

Summary

NIST Special Publication 800-115 is an overview of the key elements of security testing. It directs organizations on how to plan and conduct technical information security testing, analyze the findings, and develop remediation strategies. The version used in this section is NIST 800-115 September 2008.

Definitions

DefinitionRequirements
3_2. Log review075. Record exceptional events in logs
322. Avoid excessive logging
376. Register severity level
377. Store logs based on valid regulation
3_4. System configuration review062. Define standard configurations
3_5. Network sniffing033. Restrict administrative access
181. Transmit data using secure protocols
255. Allow access only to the necessary ports
3_6. File integrity checking040. Compare file format and extension
178. Use digital signatures
320. Avoid client-side control enforcement
4_2. Network port and service identification237. Ascertain human interaction
266. Disable insecure functionalities
327. Set a rate limit
4_4. Wireless scanning181. Transmit data using secure protocols
249. Locate access points
4_4_1. Passive wireless scanning154. Eliminate backdoors
253. Restrict network access
254. Change SSID name
5_1. Password cracking127. Store hashed passwords
130. Limit password lifespan
132. Passphrases with at least 4 words
133. Passwords with at least 20 characters
139. Set minimum OTP length
332. Prevent the use of breached passwords
333. Store salt values separately
6_6. Legal considerations331. Guarantee legal compliance
7_4_1. Data collection365. Avoid exposing technical information
7_4_3. Data transmission181. Transmit data using secure protocols
7_4_4. Data destruction183. Delete sensitive data securely
360. Remove unnecessary sensitive information