NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Information Security Handbook: A Guide for Managers

Published

Author(s)

Pauline Bowen, Joan Hash, Mark Wilson

Abstract

This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. Typically, the organization looks to the program for overall responsibility to ensure the selection and implementation of appropriate security controls and to demonstrate the effectiveness of satisfying their stated security requirements. The topics within this document were selected based on the laws and regulations relevant to information security, including the Clinger-Cohen Act of 1996, the Federal Information Security Management Act (FISMA) of 2002, and Office of Management and Budget (OMB) Circular A-130. The material in this handbook can be referenced for general information on a particular topic or can be used in the decision making process for developing an information security program. National Institute of Standards and Technology (NIST) Interagency Report (IR) 7298, Glossary of Key Information Security Terms, provides a summary glossary for the basic security terms used throughout this document. While reading this handbook, please consider that the guidance is not specific to a particular agency. Agencies should tailor this guidance according to their security posture and business requirements.
Citation
Special Publication (NIST SP) - 800-100
Report Number
800-100
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

Awareness, capital planning, certification, configuration management, contingency plan, incident response, interconnecting systems, performance measures, risk management, security governance, security plans, security services, system development life cycle, training
Information technology, Cybersecurity and privacy and Data and informatics

Citation

Bowen, P. , Hash, J. and Wilson, M. (2006), Information Security Handbook: A Guide for Managers, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50901 (Accessed October 6, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created December 1, 2006, Updated February 19, 2017
Was this page helpful?