SP 800-193
(Draft) |
May 2017 |
DRAFT Platform Firmware Resiliency Guidelines Announcement and Draft Publication |
SP 800-192 |
June 2017 |
Verification and Test Methods for Access Control Policies/Models SP 800-192 FAQ
doi:10.6028/NIST.SP.800-192 [Direct Link] |
SP 800-191
(Draft) |
August 2017 |
DRAFT The NIST Definition of Fog Computing Announcement and Draft Publication |
SP 800-190
(Draft) |
July 2017 |
DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication |
SP 800-188
(Draft) |
December 2016 |
DRAFT De-Identifying Government Datasets (2nd Draft) Announcement and Draft Publication |
SP 800-187
(Draft) |
November 2016 |
DRAFT Guide to LTE Security Announcement and Draft Publication |
SP 800-185 |
December 2016 |
SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash SP 800-185 FAQ
doi:10.6028/NIST.SP.800-185 [Direct Link] |
|
|
Comments Received on Draft SP 800-185 |
SP 800-184 |
December 2016 |
Guide for Cybersecurity Event Recovery SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link] |
|
|
Press Release (12-22-2016) |
SP 800-183 |
July 2016 |
Networks of 'Things' SP 800-183 FAQ
doi:10.6028/NIST.SP.800-183 [Direct Link] |
|
|
Press Release |
SP 800-182 |
July 2016 |
Computer Security Division 2015 Annual Report SP 800-182 FAQ
doi:10.6028/NIST.SP.800-182 [Direct Link] |
SP 800-181 |
August 2017 |
National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework SP 800-181 FAQ
doi:10.6028/NIST.SP.800-181 [Direct Link] |
|
|
Reference Spreadsheet for NICE Framework |
|
|
NICE Framework homepage |
SP 800-180
(Draft) |
February 2016 |
DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines Announcement and Draft Publication |
SP 800-179 |
December 2016 |
Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link] |
|
|
Supplemental Content (GitHub) |
|
|
National Checklist Program |
SP 800-178 |
October 2016 |
A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) SP 800-178 FAQ
doi:10.6028/NIST.SP.800-178 [Direct Link] |
SP 800-177 |
September 2016 |
Trustworthy Email SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link] |
|
|
High Assurance Domains project |
SP 800-176 |
August 2015 |
Computer Security Division 2014 Annual Report SP 800-176 FAQ
doi:10.6028/NIST.SP.800-176 [Direct Link] |
SP 800-175A |
August 2016 |
Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link] |
|
|
Comments Received from Final Draft |
SP 800-175B |
August 2016 |
Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link] |
|
|
Comments Received from Final Draft |
SP 800-171 Rev. 1 |
December 2016 |
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-171r1 [Direct Link] |
|
|
Specific Changes to the Security Requirements in SP 800-171 |
SP 800-171 |
June 2015 (Updated 1/14/2016) |
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) FAQ
doi:10.6028/NIST.SP.800-171 [Direct Link] |
|
|
Press Release (06-19-2015) |
SP 800-170 |
June 2014 |
Computer Security Division 2013 Annual Report SP 800-170 FAQ
doi:10.6028/NIST.SP.800-170 [Direct Link] |
SP 800-168 |
May 2014 |
Approximate Matching: Definition and Terminology SP 800-168 FAQ
doi:10.6028/NIST.SP.800-168 [Direct Link] |
SP 800-167 |
October 2015 |
Guide to Application Whitelisting SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link] |
|
|
Press Release |
SP 800-166 |
June 2016 |
Derived PIV Application and Data Model Test Guidelines SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link] |
SP 800-165 |
July 2013 |
Computer Security Division 2012 Annual Report SP 800-165 FAQ
doi:10.6028/NIST.SP.800-165 [Direct Link] |
SP 800-164
(Draft) |
October 2012 |
DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices Announcement and Draft Publication |
SP 800-163 |
January 2015 |
Vetting the Security of Mobile Applications SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link] |
|
|
Press Release |
SP 800-162 |
January 2014 |
Guide to Attribute Based Access Control (ABAC) Definition and Considerations SP 800-162 FAQ
doi:10.6028/NIST.SP.800-162 [Direct Link] |
|
|
SP 800-162 (EPUB) FAQ |
SP 800-161 |
April 2015 |
Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link] |
SP 800-160 |
November 2016 |
Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link] |
|
|
"Rethinking Cybersecurity from the Inside Out" (blog post) |
SP 800-157 |
December 2014 |
Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link] |
|
|
Comments and resolutions on Draft SP 800-157 (Mar. 2014) |
SP 800-156 |
May 2016 |
Representation of PIV Chain-of-Trust for Import and Export SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link] |
|
|
XSD Schema File for SP 800-156 Chain of Trust |
SP 800-155
(Draft) |
December 2011 |
DRAFT BIOS Integrity Measurement Guidelines Announcement and Draft Publication |
SP 800-154
(Draft) |
March 2016 |
DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication |
SP 800-153 |
February 2012 |
Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link] |
|
|
Press Release (Mar. 6, 2012) |
SP 800-152 |
October 2015 |
A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS) SP 800-152 FAQ
doi:10.6028/NIST.SP.800-152 [Direct Link] |
|
|
Comments received on final (3rd) Draft (Dec. 2014) |
|
|
Draft 3 (Dec. 2014) |
|
|
Draft 2 (Jan. 2014) |
|
|
Draft (Aug. 2012) |
SP 800-150 |
October 2016 |
Guide to Cyber Threat Information Sharing SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link] |
SP 800-147B |
August 2014 |
BIOS Protection Guidelines for Servers SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
SP 800-147 |
April 2011 |
BIOS Protection Guidelines SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
|
|
Press Release |
SP 800-146 |
May 2012 |
Cloud Computing Synopsis and Recommendations SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link] |
|
|
SP 800-146 (EPUB) FAQ |
|
|
Press Release |
SP 800-145 |
September 2011 |
The NIST Definition of Cloud Computing SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link] |
|
|
SP 800-145 (EPUB) FAQ |
|
|
Press Release |
SP 800-144 |
December 2011 |
Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link] |
|
|
SP 800-144 (EPUB) FAQ |
|
|
Press Release |
SP 800-142 |
October 2010 |
Practical Combinatorial Testing SP 800-142 FAQ
doi:10.6028/NIST.SP.800-142 [Direct Link] |
SP 800-137 |
September 2011 |
Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link] |
|
|
Press Release |
SP 800-135 Rev. 1 |
December 2011 |
Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-135r1 [Direct Link] |
|
|
Informative Note (09-19-2016) |
SP 800-133 |
December 2012 |
Recommendation for Cryptographic Key Generation SP 800-133 FAQ
doi:10.6028/NIST.SP.800-133 [Direct Link] |
|
|
SP 800-133 (EPUB) FAQ |
|
|
Press Release |
SP 800-132 |
December 2010 |
Recommendation for Password-Based Key Derivation: Part 1: Storage Applications SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link] |
SP 800-131A Rev. 1 |
November 2015 |
Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths SP 800-131A Rev. 1 FAQ
doi:10.6028/NIST.SP.800-131Ar1 [Direct Link] |
|
|
Comments and resolutions on Draft (July 2015) |
SP 800-130 |
August 2013 |
A Framework for Designing Cryptographic Key Management Systems SP 800-130 FAQ
doi:10.6028/NIST.SP.800-130 [Direct Link] |
SP 800-128 |
August 2011 |
Guide for Security-Focused Configuration Management of Information Systems SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link] |
SP 800-127 |
September 2010 |
Guide to Securing WiMAX Wireless Communications SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link] |
|
|
SP 800-127 (EPUB) FAQ |
|
|
Press Release |
SP 800-126A
(Draft) |
July 2016 |
DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication |
SP 800-126 Rev. 3
(Draft) |
July 2016 |
DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication |
SP 800-126 Rev. 2 |
September 2011 (Updated 3/19/2012) |
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
|
|
NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-126 Rev. 1 |
February 2011 |
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
SP 800-126 |
November 2009 |
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link] |
SP 800-125A
(Draft) |
October 20, 2014 |
DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication |
SP 800-125B |
March 2016 |
Secure Virtual Network Configuration for Virtual Machine (VM) Protection SP 800-125B FAQ
doi:10.6028/NIST.SP.800-125B [Direct Link] |
SP 800-125 |
January 2011 |
Guide to Security for Full Virtualization Technologies SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link] |
|
|
Press Release |
SP 800-124 Rev. 1 |
June 2013 |
Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link] |
|
|
SP 800-124 Rev. 1 (EPUB) FAQ |
|
|
Press Release |
SP 800-123 |
July 2008 |
Guide to General Server Security SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link] |
|
|
SP 800-123 (EPUB) FAQ |
SP 800-122 |
April 2010 |
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link] |
|
|
SP 800-122 (EPUB) FAQ |
SP 800-121 Rev. 2 |
May 2017 |
Guide to Bluetooth Security SP 800-121 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-121r2 [Direct Link] |
SP 800-120 |
September 2009 |
Recommendation for EAP Methods Used in Wireless Network Access Authentication SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link] |
SP 800-119 |
December 2010 |
Guidelines for the Secure Deployment of IPv6 SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link] |
SP 800-117 Rev. 1
(Draft) |
January 2012 |
DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication |
SP 800-117 |
July 2010 |
Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link] |
SP 800-116 Rev. 1
(Draft) |
December 2015 |
DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication |
SP 800-116 |
November 2008 |
A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link] |
SP 800-115 |
September 2008 |
Technical Guide to Information Security Testing and Assessment SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link] |
|
|
SP 800-115 (EPUB) FAQ |
SP 800-114 Rev. 1 |
July 2016 |
User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-114r1 [Direct Link] |
SP 800-113 |
July 2008 |
Guide to SSL VPNs SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link] |
SP 800-111 |
November 2007 |
Guide to Storage Encryption Technologies for End User Devices SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link] |
SP 800-108 |
October 2009 |
Recommendation for Key Derivation Using Pseudorandom Functions (Revised) SP 800-108 FAQ
doi:10.6028/NIST.SP.800-108 [Direct Link] |
|
|
Comments received on Draft (Apr. 2008) |
SP 800-107 Rev. 1 |
August 2012 |
Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link] |
SP 800-106 |
February 2009 |
Randomized Hashing for Digital Signatures SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link] |
SP 800-102 |
September 2009 |
Recommendation for Digital Signature Timeliness SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link] |
SP 800-101 Rev. 1 |
May 2014 |
Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link] |
SP 800-100 |
October 2006 (Updated 3/7/2007) |
Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) FAQ
doi:10.6028/NIST.SP.800-100 [Direct Link] |
SP 800-98 |
April 2007 |
Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link] |
SP 800-97 |
February 2007 |
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97 FAQ
doi:10.6028/NIST.SP.800-97 [Direct Link] |
SP 800-96 |
September 2006 |
PIV Card to Reader Interoperability Guidelines SP 800-96 FAQ
doi:10.6028/NIST.SP.800-96 [Direct Link] |
SP 800-95 |
August 2007 |
Guide to Secure Web Services SP 800-95 FAQ
doi:10.6028/NIST.SP.800-95 [Direct Link] |
SP 800-94 Rev. 1
(Draft) |
July 2012 |
DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication |
SP 800-94 |
February 2007 |
Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link] |
SP 800-92 |
September 2006 |
Guide to Computer Security Log Management SP 800-92 FAQ
doi:10.6028/NIST.SP.800-92 [Direct Link] |
|
|
SP 800-92 (EPUB) FAQ |
SP 800-90A Rev. 1 |
June 2015 |
Recommendation for Random Number Generation Using Deterministic Random Bit Generators SP 800-90A Revision 1 FAQ
doi:10.6028/NIST.SP.800-90Ar1 [Direct Link] |
|
|
Press Release |
SP 800-90B
(Draft) |
January 2016 |
DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation Announcement and Draft Publication |
SP 800-90C
(Draft) |
April 2016 |
DRAFT Recommendation for Random Bit Generator (RBG) Constructions Announcement and Draft Publication |
SP 800-89 |
November 2006 |
Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link] |
SP 800-88 Rev. 1 |
December 2014 |
Guidelines for Media Sanitization SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link] |
SP 800-87 Rev. 1 |
April 2008 |
Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-87r1 [Direct Link] |
SP 800-86 |
August 2006 |
Guide to Integrating Forensic Techniques into Incident Response SP 800-86 FAQ
doi:10.6028/NIST.SP.800-86 [Direct Link] |
SP 800-85A-4 |
April 2016 |
PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) SP 800-85A-4 FAQ
doi:10.6028/NIST.SP.800-85A-4 [Direct Link] |
SP 800-85B-4
(Draft) |
August 2014 |
DRAFT PIV Data Model Test Guidelines Announcement and Draft Publication |
SP 800-85B |
July 2006 |
PIV Data Model Test Guidelines SP 800-85B FAQ
doi:10.6028/NIST.SP.800-85B [Direct Link] |
SP 800-84 |
September 2006 |
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link] |
|
|
SP 800-84 (EPUB) FAQ |
SP 800-83 Rev. 1 |
July 2013 |
Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link] |
SP 800-82 Rev. 2 |
May 2015 |
Guide to Industrial Control Systems (ICS) Security SP 800-82 Revision 2 FAQ
doi:10.6028/NIST.SP.800-82r2 [Direct Link] |
|
|
Press Release |
SP 800-81-2 |
September 2013 |
Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link] |
SP 800-79-2 |
July 2015 |
Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) SP 800-79-2 FAQ
doi:10.6028/NIST.SP.800-79-2 [Direct Link] |
SP 800-78-4 |
May 2015 |
Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
SP 800-77 |
December 2005 |
Guide to IPsec VPNs SP 800-77 FAQ
doi:10.6028/NIST.SP.800-77 [Direct Link] |
SP 800-76-2 |
July 2013 |
Biometric Specifications for Personal Identity Verification SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link] |
SP 800-73-4 |
May 2015 (Updated 2/8/2016) |
Interfaces for Personal Identity Verification SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link] |
|
|
Press Release (06-16-2015) |
SP 800-72 |
November 2004 |
Guidelines on PDA Forensics SP 800-72 FAQ
doi:10.6028/NIST.SP.800-72 [Direct Link] |
SP 800-70 Rev. 4
(Draft) |
August 2017 |
DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers Announcement and Draft Publication |
SP 800-70 Rev. 3 |
November 2015 (Updated 12/8/2016) |
National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-70r3 [Direct Link] |
|
|
National Checklist Program |
SP 800-69 |
September 2006 |
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist SP 800-69 FAQ
doi:10.6028/NIST.SP.800-69 [Direct Link] |
SP 800-68 Rev. 1 |
October 2008 |
Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link] |
|
|
Security Templates R1.2.1 |
|
|
NIST Windows Security Baseline Database Application v0.2.7 |
SP 800-67 Rev. 2
(Draft) |
July 2017 |
DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Announcement and Draft Publication |
SP 800-67 Rev. 1 |
January 2012 |
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP 800-67 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-67r1 [Direct Link] |
SP 800-66 Rev. 1 |
October 2008 |
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-66r1 [Direct Link] |
SP 800-65 |
January 2005 |
Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 FAQ
doi:10.6028/NIST.SP.800-65 [Direct Link] |
SP 800-64 Rev. 2 |
October 2008 |
Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-64r2 [Direct Link] |
SP 800-63A |
June 2017 |
Digital Identity Guidelines: Enrollment and Identity Proofing SP 800-63A FAQ
doi:10.6028/NIST.SP.800-63a [Direct Link] |
|
|
FAQ |
|
|
SP 800-63-3 (GitHub) |
SP 800-63B |
June 2017 |
Digital Identity Guidelines: Authentication and Lifecycle Management SP 800-63B FAQ
doi:10.6028/NIST.SP.800-63b [Direct Link] |
|
|
FAQ |
|
|
SP 800-63-3 (GitHub) |
SP 800-63C |
June 2017 |
Digital Identity Guidelines: Federation and Assertions SP 800-63C FAQ
doi:10.6028/NIST.SP.800-63c [Direct Link] |
|
|
FAQ |
|
|
SP 800-63-3 (GitHub) |
SP 800-63-3 |
June 2017 |
Digital Identity Guidelines SP 800-63-3 FAQ
doi:10.6028/NIST.SP.800-63-3 [Direct Link] |
|
|
FAQ |
|
|
SP 800-63-3 (GitHub) |
SP 800-61 Rev. 2 |
August 2012 |
Computer Security Incident Handling Guide SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link] |
|
|
Press Release |
SP 800-60 Vol. 2 Rev. 1 |
August 2008 |
Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices SP 800-60 Vol. 2, Rev. 1: Appendices FAQ
doi:10.6028/NIST.SP.800-60v2r1 [Direct Link] |
SP 800-60 Vol. 1 Rev. 1 |
August 2008 |
Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol. 1 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link] |
SP 800-59 |
August 2003 |
Guideline for Identifying an Information System as a National Security System SP 800-59 FAQ
doi:10.6028/NIST.SP.800-59 [Direct Link] |
SP 800-58 |
January 2005 |
Security Considerations for Voice Over IP Systems SP 800-58 FAQ
doi:10.6028/NIST.SP.800-58 [Direct Link] |
SP 800-57 Part 1 Rev. 4 |
January 2016 |
Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link] |
|
|
Comments and resolutions for SP 800-57 Part 1, Rev. 4 |
SP 800-57 Part 2 |
August 2005 |
Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link] |
|
|
Comments received on Draft (Apr. 2005) |
SP 800-57 Part 3 Rev. 1 |
January 2015 |
Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link] |
SP 800-56A Rev. 3
(Draft) |
August 2017 |
DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Announcement and Draft Publication |
SP 800-56A Rev. 2 |
May 2013 |
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography SP 800-56A Revision 2 FAQ
doi:10.6028/NIST.SP.800-56Ar2 [Direct Link] |
|
|
Comments received on Draft (Aug. 2012) |
SP 800-56B Rev. 1 |
September 2014 |
Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography SP 800-56B Rev. 1 FAQ
doi:10.6028/NIST.SP.800-56Br1 [Direct Link] |
SP 800-56C Rev. 1
(Draft) |
August 2017 |
DRAFT Recommendation for Key Derivation through Extraction-then-Expansion Announcement and Draft Publication |
SP 800-56C |
November 2011 |
Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56C FAQ
doi:10.6028/NIST.SP.800-56C [Direct Link] |
SP 800-55 Rev. 1 |
July 2008 |
Performance Measurement Guide for Information Security SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link] |
SP 800-54 |
July 2007 |
Border Gateway Protocol Security SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link] |
SP 800-53A Rev. 4 |
December 2014 (Updated 12/18/2014) |
Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link] |
|
|
Word version of SP 800-53A Rev. 4 (12-18-2014) |
|
|
XML file for SP 800-53A Rev. 4 (06-16-2015) |
|
|
Press Release |
SP 800-53 Rev. 5
(Draft) |
August 2017 |
DRAFT Security and Privacy Controls for Information Systems and Organizations Announcement and Draft Publication |
SP 800-53 Rev. 4 |
April 2013 (Updated 1/22/2015) |
Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
|
|
Word version of SP 800-53 Rev. 4 (01-22-2015) |
|
|
XML file for SP 800-53 Rev. 4 (01-15-2014) |
|
|
Summary of NIST SP 800-53 Revision 4 |
|
|
Press Release (04-30-2013) |
SP 800-52 Rev. 1 |
April 2014 |
Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link] |
|
|
Press Release |
SP 800-51 Rev. 1 |
February 2011 |
Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
|
|
Press Release |
SP 800-50 |
October 2003 |
Building an Information Technology Security Awareness and Training Program SP 800-50 FAQ
doi:10.6028/NIST.SP.800-50 [Direct Link] |
SP 800-49 |
November 2002 |
Federal S/MIME V3 Client Profile SP 800-49 FAQ
doi:10.6028/NIST.SP.800-49 [Direct Link] |
SP 800-48 Rev. 1 |
July 2008 |
Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
SP 800-47 |
August 2002 |
Security Guide for Interconnecting Information Technology Systems SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link] |
SP 800-46 Rev. 2 |
July 2016 |
Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link] |
SP 800-45 Version 2 |
February 2007 |
Guidelines on Electronic Mail Security SP 800-45 Version 2 FAQ
doi:10.6028/NIST.SP.800-45ver2 [Direct Link] |
SP 800-44 Version 2 |
September 2007 |
Guidelines on Securing Public Web Servers SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
SP 800-43 |
November 2002 |
Systems Administration Guidance for Securing Windows 2000 Professional System SP 800-43 FAQ
doi:10.6028/NIST.SP.800-43 [Direct Link] |
|
|
Security Templates R1.2.3 |
SP 800-41 Rev. 1 |
September 2009 |
Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link] |
SP 800-40 Rev. 3 |
July 2013 |
Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link] |
|
|
Press Release |
SP 800-39 |
March 2011 |
Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link] |
|
|
Press Release |
SP 800-38A Addendum |
October 2010 |
Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode SP 800-38A Addendum FAQ
doi:10.6028/NIST.SP.800-38A-Add [Direct Link] |
SP 800-38A |
December 2001 |
Recommendation for Block Cipher Modes of Operation: Methods and Techniques SP 800-38A FAQ
doi:10.6028/NIST.SP.800-38A [Direct Link] |
SP 800-38B |
May 2005 (Updated 10/6/2016) |
Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication SP 800-38B FAQ
doi:10.6028/NIST.SP.800-38B [Direct Link] |
SP 800-38C |
May 2004 (Updated 7/20/2007) |
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality SP 800-38C (including updates as of 07-20-2007) FAQ
doi:10.6028/NIST.SP.800-38C [Direct Link] |
SP 800-38D |
November 2007 |
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC SP 800-38D FAQ
doi:10.6028/NIST.SP.800-38D [Direct Link] |
SP 800-38E |
January 2010 |
Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices SP 800-38E FAQ
doi:10.6028/NIST.SP.800-38E [Direct Link] |
SP 800-38F |
December 2012 |
Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link] |
SP 800-38G |
March 2016 |
Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption SP 800-38G FAQ
doi:10.6028/NIST.SP.800-38G [Direct Link] |
|
|
Press Release |
SP 800-37 Rev. 1 |
February 2010 (Updated 6/5/2014) |
Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link] |
|
|
Supplemental Guidance on Ongoing Authorization, (June 2014) |
|
|
Press Release |
SP 800-36 |
October 2003 |
Guide to Selecting Information Technology Security Products SP 800-36 FAQ
doi:10.6028/NIST.SP.800-36 [Direct Link] |
SP 800-35 |
October 2003 |
Guide to Information Technology Security Services SP 800-35 FAQ
doi:10.6028/NIST.SP.800-35 [Direct Link] |
SP 800-34 Rev. 1 |
May 2010 (Updated 11/11/2010) |
Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link] |
|
|
Business Impact Analysis (BIA) Template |
|
|
Contingency Planning: Low Impact System Template |
|
|
Contingency Planning: Moderate Impact System Template |
|
|
Contingency Planning: High Impact System Template |
SP 800-33 |
December 2001 |
Underlying Technical Models for Information Technology Security SP 800-33 FAQ
doi:10.6028/NIST.SP.800-33 [Direct Link] |
SP 800-32 |
February 26, 2001 |
Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link] |
SP 800-30 Rev. 1 |
September 2012 |
Guide for Conducting Risk Assessments SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link] |
|
|
SP 800-30 Rev. 1 (EPUB) FAQ |
|
|
Press Release |
SP 800-29 |
June 2001 |
A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 SP 800-29 FAQ
doi:10.6028/NIST.SP.800-29 [Direct Link] |
SP 800-28 Version 2 |
March 2008 |
Guidelines on Active Content and Mobile Code SP 800-28 Version 2 FAQ
doi:10.6028/NIST.SP.800-28ver2 [Direct Link] |
SP 800-27 Rev. A |
June 2004 |
Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A SP 800-27 Rev. A FAQ
doi:10.6028/NIST.SP.800-27rA [Direct Link] |
SP 800-25 |
October 2000 |
Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link] |
SP 800-24 |
April 2001 |
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 FAQ
doi:10.6028/NIST.SP.800-24 [Direct Link] |
SP 800-23 |
August 2000 |
Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products SP 800-23 FAQ
doi:10.6028/NIST.SP.800-23 [Direct Link] |
SP 800-22 Rev. 1a |
April 2010 |
A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications SP 800-22 Rev. 1a FAQ
doi:10.6028/NIST.SP.800-22r1a [Direct Link] |
SP 800-20 |
October 1999 (Updated 3/1/2012) |
Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures SP 800-20 (including updates as of 03-2012) FAQ
doi:10.6028/NIST.SP.800-20 [Direct Link] |
SP 800-19 |
October 1999 |
Mobile Agent Security SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link] |
SP 800-18 Rev. 1 |
February 2006 |
Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link] |
SP 800-17 |
February 1998 |
Modes of Operation Validation System (MOVS): Requirements and Procedures SP 800-17 FAQ
doi:10.6028/NIST.SP.800-17 [Direct Link] |
SP 800-16 Rev. 1
(Draft) |
March 2014 |
DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training Announcement and Draft Publication |
SP 800-16 |
April 1998 |
Information Technology Security Training Requirements: a Role- and Performance-Based Model SP 800-16 FAQ
doi:10.6028/NIST.SP.800-16 [Direct Link] |
SP 800-15 |
January 1998 |
MISPC Minimum Interoperability Specification for PKI Components, Version 1 SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link] |
SP 800-14 |
September 1996 |
Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 FAQ
doi:10.6028/NIST.SP.800-14 [Direct Link] |
SP 800-13 |
October 1995 |
Telecommunications Security Guidelines for Telecommunications Management Network SP 800-13 FAQ
doi:10.6028/NIST.SP.800-13 [Direct Link] |
SP 800-12 Rev. 1 |
June 2017 |
An Introduction to Information Security SP 800-12 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-12r1 [Direct Link] |
SP 800-1 |
December 1990 |
Bibliography of Selected Computer Security Publications, January 1980 - October 1989 SP 800-1 FAQ
doi:10.6028/NIST.SP.800-1 [Direct Link] |