Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Technical Guide to Information Security Testing and Assessment

Published

Author(s)

Murugiah P. Souppaya, Karen A. Scarfone

Abstract

The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing, implementing, and maintaining technical information security test and examination processes and procedures. These can be used for several purposes, such as finding vulnerabilities in a system or network and verifying compliance with a policy or other requirements. The guide is not intended to present a comprehensive information security testing and examination program but rather an overview of key elements of technical security testing and examination, with an emphasis on specific technical techniques, the benefits and limitations of each, and recommendations for their use.
Citation
Special Publication (NIST SP) - 800-115
Report Number
800-115

Keywords

penetration testing, risk assessment, security assessment, security examination, security testing, vulnerability scanning

Citation

Souppaya, M. and Scarfone, K. (2008), Technical Guide to Information Security Testing and Assessment, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=152164 (Accessed December 14, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created September 30, 2008, Updated May 4, 2021