Dempsey K, ed. Information Security Continuous Monitoring (ISCM) for federal information systems and organizations. Gaithersburg, MD: US Department of Commerce, National Institute of Standards and Technology; 2011.

Guide for applying the risk management framework to federal information systems: A security life cycle approach Revision 1, ed. Gaithersburg, MD: US Department of Commerce, National Institute of Standards and Technology; 2010.

NIST Computer Security Publications. http://csrc.nist.gov/publications/PubsSPs.html Accessed 06.05.13.

Recommended security controls for federal information systems and organizations Revision 3, ed. Gaithersburg, MD: US Department of Commerce, National Institute of Standards and Technology; 2009.

Ross R, ed. Guide for assessing the security controls in federal information systems. Gaithersburg, MD: US Department of Commerce, Technology Administration, National Institute of Standards and Technology; 2006.

Stine K, ed. Guide for mapping types of information and information systems to security categories. Revision 1, ed. Gaithersburg, MD: US Department of Commerce, National Institute of Standards and Technology; 2008.

Swanson M, Hash J, Bowen P, eds. Guide for developing security plans for federal information systems. Revision 1, ed. Gaithersburg, MD: US Department of Commerce, National Institute of Standards and Technology; 2006.

US General Services Administration website. http://www.gsa.gov/portal/category/102371?utm_source=OCSIT&utm_medium=print-radio&utm_term=fedramp&utm_campaign=shortcuts Accessed 06.05.13.