- Assessing Security Vulnerabilities and Patching Australian Defense, 2011
- iOS5 Hardening Guide Australian Defense, 2012
- Minimizing Administrative Privileges – Australian Defense, 2011
- NSA Defense In Depth
- Top 4 Mitigation Strategies to Protect Sensitive Information, Australian Defense, 2011
- Top 35 Mitigation Strategies to Protect Sensitive Information, Australian Defense, 2011
- Top 35 Mitigation Strategies Summary, Australian Defense, 2011
Cloud Security
Citadel Guide
Other Practices
- Amazon Web Services Risk and Compliance Whitepaper, 2012
- Security Guide: Cloud Security Alliance v3.0
- Cloud Controls Matrix — Cloud Security Alliance v1.2, 2011
Secure System Development
- Software Assurance Maturity Model
- Open Source Security Testing Methodology Manual
- OWASP ASVS Web Application Standard Release, 2009
- OWASP Top 10 – 2010
Additional Government Documents
- Definition of Cloud Computing, NIST-SP800-145, 2011
- Guide to Intrusion Detection and Prevention Systems, NIST-SP800-94, 2007
- Computer Security Incident Handling Guide, NIST-SP800-61, 2012
- Guide to Protecting Confidentiality of Personally Identifiable Information, NIST-SP800-122, 2010
- Guide to General Server Security, NIST-SP800-123, 2008
- Guidelines on Security and Privacy in Public Cloud Computing, NIST-SP800-144, 2001
- Guidelines for Securing Wireless Local Area Networks, NIST-SP800-153, 2012
- National Strategy for Trusted Identities in Cyberspace, 2010
- Guidelines on Cell Phone and PDA Security, NIST-SP800-124, 2008
- White House Cybersecurity Initiative
- NSA Information Assurance Roadmap, 2004
- Glossary of Key Information Security Terms, NIST-7298, 2006
- Building Information Security Awareness Program, NIST-SP800-50, 2003
- Information Categorization Guide Vol. 1, NIST-SP800-60, 2008
- Managing Risk from Information Systems, NIST-SP800-39, 2008
- Guide for Security Certification and Accreditation of Federal Information Systems, NIST-SP800-37, 2004
- Risk Management Guide for IT Systems, NIST-SP800-30, 2002
- Minimum Security Requirements for Federal Information and Information Systems, FIPS 200, 2006
- Standards for Security Categorization of Federal Information and Information Systems, FIPS PUB 999, 2002
- 60 Minutes Network Security Guide, NSA, 2002