I’ve been asked to compile a list of minimum security standards and to reference what document they came from. I’ve used NIST-IR 5153 and looked at other publications like FIPS 199 and others. So far I have only managed to find a few policies regarding password length and related topics. There must be a detailed list somewhere where minimum security standards are stated. Can anyone point me in the right direction ASAP? Thanks.
