260 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
guides for applications, database servers, operating systems, routers,
switches, Web servers, and browsers.
− Defense Information Systems Agency (DISA) Security Technical
Implementation Guides (https://iase.disa.mil.techguid/stigs.html)—ese
guides are only available via .mil and .gov domains.
− National Institute of Standards and Technology (NIST) (http://csrc.nist.
gov/pcig/cig.html)—e Cyber Security Research and Development Act
requires NIST to develop security conguration checklists. is site con-
tains checklists for VOIP, routers, biometrics, databases, applications,
domain name servers, and many others. e NIST security congura-
tion chec ...