Skip to main content

NIST 800-115

logo

Summary

NIST Special Publication 800-115 is an overview of the key elements of security testing. It directs organizations on how to plan and conduct technical information security testing, analyze the findings, and develop remediation strategies. The version used in this section is NIST 800-115 September 2008.

Definitions

DefinitionRequirements
3_2. Log review
075. Record exceptional events in logs
322. Avoid excessive logging
376. Register severity level
377. Store logs based on valid regulation
3_4. System configuration review
062. Define standard configurations
3_5. Network sniffing
033. Restrict administrative access
181. Transmit data using secure protocols
255. Allow access only to the necessary ports
3_6. File integrity checking
040. Compare file format and extension
178. Use digital signatures
320. Avoid client-side control enforcement
4_2. Network port and service identification
237. Ascertain human interaction
266. Disable insecure functionalities
327. Set a rate limit
4_4. Wireless scanning
181. Transmit data using secure protocols
249. Locate access points
4_4_1. Passive wireless scanning
154. Eliminate backdoors
253. Restrict network access
254. Change SSID name
5_1. Password cracking
127. Store hashed passwords
130. Limit password lifespan
132. Passphrases with at least 4 words
133. Passwords with at least 20 characters
139. Set minimum OTP length
332. Prevent the use of breached passwords
333. Store salt values separately
6_6. Legal considerations
331. Guarantee legal compliance
7_4_1. Data collection
365. Avoid exposing technical information
7_4_3. Data transmission
181. Transmit data using secure protocols
7_4_4. Data destruction
183. Delete sensitive data securely
360. Remove unnecessary sensitive information
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

Last updated on