FedCIRC-Pilot - The FedCIRC pilot project has successfully transition to GSA, however there remains several key activities to complete under the GITS project "Government Wide Incident Response Capability for Federal Civilian Agencies." Ms. Swanson, formerly the FedCIRC Pilot Program Manager, will continue to focus on incident handling by sharing the lessons learned in developing a government wide incident handling capability and by either revising Special Publication 800-3, "Establishing a Computer Security Incident Response Capability (CSIRC)" or developing a companion NIST Publication.
Agency Assistance - Under OMB Circular A-130, NIST is responsible for providing guidance and assistance to agencies for the security of sensitive information in Federal computer systems. Ms. Swanson actively assists agencies, on a cost reimbursable basis, with their computer security problems. Ms. Swanson routinely presents NIST guidance to the Federal community.
Publications and Papers:
- NIST Special Publication 800-18, "Guide For Developing Security Plans for Information Technology Systems." December 1998. Co-authored with Federal Computer Security Managers' Forum Working Group.
- NIST Special Publication 800-14, "Generally Accepted Principles and Practices for Securing Information Technology Systems." September 1996. Co-authored with Barbara Guttman.
- NISTIR 4933, "Computer Security Bulletin Board System User's Guide." September 1992. Co-authored with Mark Skandera
- NIST Special Publication 500-169, "Executive Guide to the Protection of Information Resources." October 1989. Co-authored with Cheryl Helsing and Mary Anne Todd
- NIST Special Publication 500-170, "Management Guide to the Protection of Information Resources." October 1989. Co-authored with Cheryl Helsing and Mary Anne Todd
- NIST Special Publication 500-171, "Computer User's Guide to the Protection of Information Resources." October 1989. Co-authored with Cheryl Helsing and Mary Anne Todd
- "Lessons Learned from the FedCIRC Pilot." Fran Nielsen and Marianne Swanson; Proceedings of the System Administration, Networking and Security (SANS) Conference, October 24-31, 1998.
- "U.S. Government wide Incident Response Capability." Proceedings of the 19th National Information Systems Security Conference. October 22-15, 1996
Computer Security Division
Security Management and Assurance Group