In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.gov. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site

Search

Fulltext search of NIST's computer security publications:

Browse Publications

NIST Special Publications (SP)

We strongly encourage you to start using the publication information on the new CSRC:

NIST Special Publications (SPs)
SP 800s; SP 1800s; SP 500s

NIST uses three NIST Special Publication subseries to publish computer/cyber/information security and guidelines, recommendations and reference materials:

SP 800, Computer Security (December 1990-present):
NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials
(SP 800s are also searchable in the NIST Library Catalog);
SP 1800, NIST Cybersecurity Practice Guides (2015-present):
A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity;
SP 500, Computer Systems Technology (January 1977-present):
A general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL), this page lists selected SP 500s related to NIST's computer security efforts. (Prior to the SP 800 subseries, NIST used the SP 500 subseries for computer security publications; see Archived NIST SPs for a list.)

Note: Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.

SP 800s - Computer Security

Number	Date	Title
SP 800-193 (Draft)	May 2017	DRAFT Platform Firmware Resiliency Guidelines Announcement and Draft Publication
SP 800-192	June 2017	Verification and Test Methods for Access Control Policies/Models SP 800-192 ^FAQ doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-191 (Draft)	August 2017	DRAFT The NIST Definition of Fog Computing Announcement and Draft Publication
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-188 (Draft)	December 2016	DRAFT De-Identifying Government Datasets (2nd Draft) Announcement and Draft Publication
SP 800-187 (Draft)	November 2016	DRAFT Guide to LTE Security Announcement and Draft Publication
SP 800-185	December 2016	SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash SP 800-185 ^FAQ doi:10.6028/NIST.SP.800-185 [Direct Link]
		Comments Received on Draft SP 800-185
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-183	July 2016	Networks of 'Things' SP 800-183 ^FAQ doi:10.6028/NIST.SP.800-183 [Direct Link]
		Press Release
SP 800-182	July 2016	Computer Security Division 2015 Annual Report SP 800-182 ^FAQ doi:10.6028/NIST.SP.800-182 [Direct Link]
SP 800-181	August 2017	National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework SP 800-181 ^FAQ doi:10.6028/NIST.SP.800-181 [Direct Link]
		Reference Spreadsheet for NICE Framework
		NICE Framework homepage
SP 800-180 (Draft)	February 2016	DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines Announcement and Draft Publication
SP 800-179	December 2016	Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 ^FAQ doi:10.6028/NIST.SP.800-179 [Direct Link]
		Supplemental Content (GitHub)
		National Checklist Program
SP 800-178	October 2016	A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) SP 800-178 ^FAQ doi:10.6028/NIST.SP.800-178 [Direct Link]
SP 800-177	September 2016	Trustworthy Email SP 800-177 ^FAQ doi:10.6028/NIST.SP.800-177 [Direct Link]
		High Assurance Domains project
SP 800-176	August 2015	Computer Security Division 2014 Annual Report SP 800-176 ^FAQ doi:10.6028/NIST.SP.800-176 [Direct Link]
SP 800-175A	August 2016	Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies SP 800-175A ^FAQ doi:10.6028/NIST.SP.800-175A [Direct Link]
		Comments Received from Final Draft
SP 800-175B	August 2016	Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms SP 800-175B ^FAQ doi:10.6028/NIST.SP.800-175B [Direct Link]
		Comments Received from Final Draft
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-170	June 2014	Computer Security Division 2013 Annual Report SP 800-170 ^FAQ doi:10.6028/NIST.SP.800-170 [Direct Link]
SP 800-168	May 2014	Approximate Matching: Definition and Terminology SP 800-168 ^FAQ doi:10.6028/NIST.SP.800-168 [Direct Link]
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-166	June 2016	Derived PIV Application and Data Model Test Guidelines SP 800-166 ^FAQ doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-165	July 2013	Computer Security Division 2012 Annual Report SP 800-165 ^FAQ doi:10.6028/NIST.SP.800-165 [Direct Link]
SP 800-164 (Draft)	October 2012	DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices Announcement and Draft Publication
SP 800-163	January 2015	Vetting the Security of Mobile Applications SP 800-163 ^FAQ doi:10.6028/NIST.SP.800-163 [Direct Link]
		Press Release
SP 800-162	January 2014	Guide to Attribute Based Access Control (ABAC) Definition and Considerations SP 800-162 ^FAQ doi:10.6028/NIST.SP.800-162 [Direct Link]
		SP 800-162 (EPUB)^FAQ
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-157	December 2014	Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 ^FAQ doi:10.6028/NIST.SP.800-157 [Direct Link]
		Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156	May 2016	Representation of PIV Chain-of-Trust for Import and Export SP 800-156 ^FAQ doi:10.6028/NIST.SP.800-156 [Direct Link]
		XSD Schema File for SP 800-156 Chain of Trust
SP 800-155 (Draft)	December 2011	DRAFT BIOS Integrity Measurement Guidelines Announcement and Draft Publication
SP 800-154 (Draft)	March 2016	DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication
SP 800-153	February 2012	Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 ^FAQ doi:10.6028/NIST.SP.800-153 [Direct Link]
		Press Release (Mar. 6, 2012)
SP 800-152	October 2015	A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS) SP 800-152 ^FAQ doi:10.6028/NIST.SP.800-152 [Direct Link]
		Comments received on final (3rd) Draft (Dec. 2014)
		Draft 3 (Dec. 2014)
		Draft 2 (Jan. 2014)
		Draft (Aug. 2012)
SP 800-150	October 2016	Guide to Cyber Threat Information Sharing SP 800-150 ^FAQ doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-142	October 2010	Practical Combinatorial Testing SP 800-142 ^FAQ doi:10.6028/NIST.SP.800-142 [Direct Link]
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-135 Rev. 1	December 2011	Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-135r1 [Direct Link]
		Informative Note (09-19-2016)
SP 800-133	December 2012	Recommendation for Cryptographic Key Generation SP 800-133 ^FAQ doi:10.6028/NIST.SP.800-133 [Direct Link]
		SP 800-133 (EPUB)^FAQ
		Press Release
SP 800-132	December 2010	Recommendation for Password-Based Key Derivation: Part 1: Storage Applications SP 800-132 ^FAQ doi:10.6028/NIST.SP.800-132 [Direct Link]
SP 800-131A Rev. 1	November 2015	Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths SP 800-131A Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-131Ar1 [Direct Link]
		Comments and resolutions on Draft (July 2015)
SP 800-130	August 2013	A Framework for Designing Cryptographic Key Management Systems SP 800-130 ^FAQ doi:10.6028/NIST.SP.800-130 [Direct Link]
SP 800-128	August 2011	Guide for Security-Focused Configuration Management of Information Systems SP 800-128 ^FAQ doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-127	September 2010	Guide to Securing WiMAX Wireless Communications SP 800-127 ^FAQ doi:10.6028/NIST.SP.800-127 [Direct Link]
		SP 800-127 (EPUB)^FAQ
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-125B	March 2016	Secure Virtual Network Configuration for Virtual Machine (VM) Protection SP 800-125B ^FAQ doi:10.6028/NIST.SP.800-125B [Direct Link]
SP 800-125	January 2011	Guide to Security for Full Virtualization Technologies SP 800-125 ^FAQ doi:10.6028/NIST.SP.800-125 [Direct Link]
		Press Release
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-121 Rev. 2	May 2017	Guide to Bluetooth Security SP 800-121 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-120	September 2009	Recommendation for EAP Methods Used in Wireless Network Access Authentication SP 800-120 ^FAQ doi:10.6028/NIST.SP.800-120 [Direct Link]
SP 800-119	December 2010	Guidelines for the Secure Deployment of IPv6 SP 800-119 ^FAQ doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-115	September 2008	Technical Guide to Information Security Testing and Assessment SP 800-115 ^FAQ doi:10.6028/NIST.SP.800-115 [Direct Link]
		SP 800-115 (EPUB)^FAQ
SP 800-114 Rev. 1	July 2016	User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-108	October 2009	Recommendation for Key Derivation Using Pseudorandom Functions (Revised) SP 800-108 ^FAQ doi:10.6028/NIST.SP.800-108 [Direct Link]
		Comments received on Draft (Apr. 2008)
SP 800-107 Rev. 1	August 2012	Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106	February 2009	Randomized Hashing for Digital Signatures SP 800-106 ^FAQ doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-102	September 2009	Recommendation for Digital Signature Timeliness SP 800-102 ^FAQ doi:10.6028/NIST.SP.800-102 [Direct Link]
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-97	February 2007	Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97 ^FAQ doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-96	September 2006	PIV Card to Reader Interoperability Guidelines SP 800-96 ^FAQ doi:10.6028/NIST.SP.800-96 [Direct Link]
SP 800-95	August 2007	Guide to Secure Web Services SP 800-95 ^FAQ doi:10.6028/NIST.SP.800-95 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-92	September 2006	Guide to Computer Security Log Management SP 800-92 ^FAQ doi:10.6028/NIST.SP.800-92 [Direct Link]
		SP 800-92 (EPUB)^FAQ
SP 800-90A Rev. 1	June 2015	Recommendation for Random Number Generation Using Deterministic Random Bit Generators SP 800-90A Revision 1 ^FAQ doi:10.6028/NIST.SP.800-90Ar1 [Direct Link]
		Press Release
SP 800-90B (Draft)	January 2016	DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation Announcement and Draft Publication
SP 800-90C (Draft)	April 2016	DRAFT Recommendation for Random Bit Generator (RBG) Constructions Announcement and Draft Publication
SP 800-89	November 2006	Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89 ^FAQ doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-88 Rev. 1	December 2014	Guidelines for Media Sanitization SP 800-88 Revision 1 ^FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-87 Rev. 1	April 2008	Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-87r1 [Direct Link]
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-85A-4	April 2016	PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) SP 800-85A-4 ^FAQ doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 (Draft)	August 2014	DRAFT PIV Data Model Test Guidelines Announcement and Draft Publication
SP 800-85B	July 2006	PIV Data Model Test Guidelines SP 800-85B ^FAQ doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-84	September 2006	Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84 ^FAQ doi:10.6028/NIST.SP.800-84 [Direct Link]
		SP 800-84 (EPUB)^FAQ
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-82 Rev. 2	May 2015	Guide to Industrial Control Systems (ICS) Security SP 800-82 Revision 2 ^FAQ doi:10.6028/NIST.SP.800-82r2 [Direct Link]
		Press Release
SP 800-81-2	September 2013	Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 ^FAQ doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-79-2	July 2015	Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) SP 800-79-2 ^FAQ doi:10.6028/NIST.SP.800-79-2 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-77	December 2005	Guide to IPsec VPNs SP 800-77 ^FAQ doi:10.6028/NIST.SP.800-77 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73-4	May 2015 (Updated 2/8/2016)	Interfaces for Personal Identity Verification SP 800-73-4 (including updates as of 02-08-2016) ^FAQ doi:10.6028/NIST.SP.800-73-4 [Direct Link]
		Press Release (06-16-2015)
SP 800-72	November 2004	Guidelines on PDA Forensics SP 800-72 ^FAQ doi:10.6028/NIST.SP.800-72 [Direct Link]
SP 800-70 Rev. 4 (Draft)	August 2017	DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers Announcement and Draft Publication
SP 800-70 Rev. 3	November 2015 (Updated 12/8/2016)	National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-70r3 [Direct Link]
		National Checklist Program
SP 800-69	September 2006	Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist SP 800-69 ^FAQ doi:10.6028/NIST.SP.800-69 [Direct Link]
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
		Security Templates R1.2.1
		NIST Windows Security Baseline Database Application v0.2.7
SP 800-67 Rev. 2 (Draft)	July 2017	DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Announcement and Draft Publication
SP 800-67 Rev. 1	January 2012	Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP 800-67 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-67r1 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-65	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 ^FAQ doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-64 Rev. 2	October 2008	Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-64r2 [Direct Link]
SP 800-63A	June 2017	Digital Identity Guidelines: Enrollment and Identity Proofing SP 800-63A ^FAQ doi:10.6028/NIST.SP.800-63a [Direct Link]
		FAQ
		SP 800-63-3 (GitHub)
SP 800-63B	June 2017	Digital Identity Guidelines: Authentication and Lifecycle Management SP 800-63B ^FAQ doi:10.6028/NIST.SP.800-63b [Direct Link]
		FAQ
		SP 800-63-3 (GitHub)
SP 800-63C	June 2017	Digital Identity Guidelines: Federation and Assertions SP 800-63C ^FAQ doi:10.6028/NIST.SP.800-63c [Direct Link]
		FAQ
		SP 800-63-3 (GitHub)
SP 800-63-3	June 2017	Digital Identity Guidelines SP 800-63-3 ^FAQ doi:10.6028/NIST.SP.800-63-3 [Direct Link]
		FAQ
		SP 800-63-3 (GitHub)
SP 800-61 Rev. 2	August 2012	Computer Security Incident Handling Guide SP 800-61 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-61r2 [Direct Link]
		Press Release
SP 800-60 Vol. 2 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices SP 800-60 Vol. 2, Rev. 1: Appendices ^FAQ doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol. 1 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-59	August 2003	Guideline for Identifying an Information System as a National Security System SP 800-59 ^FAQ doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-58	January 2005	Security Considerations for Voice Over IP Systems SP 800-58 ^FAQ doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-57 Part 1 Rev. 4	January 2016	Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 ^FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
		Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2	August 2005	Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 ^FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link]
		Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1	January 2015	Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 ^FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-56A Rev. 3 (Draft)	August 2017	DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Announcement and Draft Publication
SP 800-56A Rev. 2	May 2013	Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography SP 800-56A Revision 2 ^FAQ doi:10.6028/NIST.SP.800-56Ar2 [Direct Link]
		Comments received on Draft (Aug. 2012)
SP 800-56B Rev. 1	September 2014	Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography SP 800-56B Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-56Br1 [Direct Link]
SP 800-56C Rev. 1 (Draft)	August 2017	DRAFT Recommendation for Key Derivation through Extraction-then-Expansion Announcement and Draft Publication
SP 800-56C	November 2011	Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56C ^FAQ doi:10.6028/NIST.SP.800-56C [Direct Link]
SP 800-55 Rev. 1	July 2008	Performance Measurement Guide for Information Security SP 800-55 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53A Rev. 4	December 2014 (Updated 12/18/2014)	Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans SP 800-53A Revision 4 ^FAQ doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
		Word version of SP 800-53A Rev. 4 (12-18-2014)
		XML file for SP 800-53A Rev. 4 (06-16-2015)
		Press Release
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
SP 800-52 Rev. 1	April 2014	Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations SP 800-52 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-52r1 [Direct Link]
		Press Release
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-50	October 2003	Building an Information Technology Security Awareness and Training Program SP 800-50 ^FAQ doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-49	November 2002	Federal S/MIME V3 Client Profile SP 800-49 ^FAQ doi:10.6028/NIST.SP.800-49 [Direct Link]
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-47	August 2002	Security Guide for Interconnecting Information Technology Systems SP 800-47 ^FAQ doi:10.6028/NIST.SP.800-47 [Direct Link]
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-43	November 2002	Systems Administration Guidance for Securing Windows 2000 Professional System SP 800-43 ^FAQ doi:10.6028/NIST.SP.800-43 [Direct Link]
		Security Templates R1.2.3
SP 800-41 Rev. 1	September 2009	Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-40 Rev. 3	July 2013	Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link]
		Press Release
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 800-38A Addendum	October 2010	Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode SP 800-38A Addendum ^FAQ doi:10.6028/NIST.SP.800-38A-Add [Direct Link]
SP 800-38A	December 2001	Recommendation for Block Cipher Modes of Operation: Methods and Techniques SP 800-38A ^FAQ doi:10.6028/NIST.SP.800-38A [Direct Link]
SP 800-38B	May 2005 (Updated 10/6/2016)	Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication SP 800-38B ^FAQ doi:10.6028/NIST.SP.800-38B [Direct Link]
SP 800-38C	May 2004 (Updated 7/20/2007)	Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality SP 800-38C (including updates as of 07-20-2007) ^FAQ doi:10.6028/NIST.SP.800-38C [Direct Link]
SP 800-38D	November 2007	Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC SP 800-38D ^FAQ doi:10.6028/NIST.SP.800-38D [Direct Link]
SP 800-38E	January 2010	Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices SP 800-38E ^FAQ doi:10.6028/NIST.SP.800-38E [Direct Link]
SP 800-38F	December 2012	Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping SP 800-38F ^FAQ doi:10.6028/NIST.SP.800-38F [Direct Link]
SP 800-38G	March 2016	Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption SP 800-38G ^FAQ doi:10.6028/NIST.SP.800-38G [Direct Link]
		Press Release
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-35	October 2003	Guide to Information Technology Security Services SP 800-35 ^FAQ doi:10.6028/NIST.SP.800-35 [Direct Link]
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
SP 800-33	December 2001	Underlying Technical Models for Information Technology Security SP 800-33 ^FAQ doi:10.6028/NIST.SP.800-33 [Direct Link]
SP 800-32	February 26, 2001	Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32 ^FAQ doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-30 Rev. 1	September 2012	Guide for Conducting Risk Assessments SP 800-30 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-30r1 [Direct Link]
		SP 800-30 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-29	June 2001	A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 SP 800-29 ^FAQ doi:10.6028/NIST.SP.800-29 [Direct Link]
SP 800-28 Version 2	March 2008	Guidelines on Active Content and Mobile Code SP 800-28 Version 2 ^FAQ doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-27 Rev. A	June 2004	Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A SP 800-27 Rev. A ^FAQ doi:10.6028/NIST.SP.800-27rA [Direct Link]
SP 800-25	October 2000	Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 ^FAQ doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-24	April 2001	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 ^FAQ doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-23	August 2000	Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products SP 800-23 ^FAQ doi:10.6028/NIST.SP.800-23 [Direct Link]
SP 800-22 Rev. 1a	April 2010	A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications SP 800-22 Rev. 1a ^FAQ doi:10.6028/NIST.SP.800-22r1a [Direct Link]
SP 800-20	October 1999 (Updated 3/1/2012)	Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures SP 800-20 (including updates as of 03-2012) ^FAQ doi:10.6028/NIST.SP.800-20 [Direct Link]
SP 800-19	October 1999	Mobile Agent Security SP 800-19 ^FAQ doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-18 Rev. 1	February 2006	Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 800-17	February 1998	Modes of Operation Validation System (MOVS): Requirements and Procedures SP 800-17 ^FAQ doi:10.6028/NIST.SP.800-17 [Direct Link]
SP 800-16 Rev. 1 (Draft)	March 2014	DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training Announcement and Draft Publication
SP 800-16	April 1998	Information Technology Security Training Requirements: a Role- and Performance-Based Model SP 800-16 ^FAQ doi:10.6028/NIST.SP.800-16 [Direct Link]
SP 800-15	January 1998	MISPC Minimum Interoperability Specification for PKI Components, Version 1 SP 800-15 ^FAQ doi:10.6028/NIST.SP.800-15 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 800-13	October 1995	Telecommunications Security Guidelines for Telecommunications Management Network SP 800-13 ^FAQ doi:10.6028/NIST.SP.800-13 [Direct Link]
SP 800-12 Rev. 1	June 2017	An Introduction to Information Security SP 800-12 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-12r1 [Direct Link]
SP 800-1	December 1990	Bibliography of Selected Computer Security Publications, January 1980 - October 1989 SP 800-1 ^FAQ doi:10.6028/NIST.SP.800-1 [Direct Link]

SP 1800s - NIST Cybersecurity Practice Guides

Number	Date	Title
SP 1800-8 (Draft)	May 2017	DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations Announcement and Draft Publication
SP 1800-7 (Draft)	February 2017	DRAFT Situational Awareness for Electric Utilities Announcement and Draft Publication
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
SP 1800-5 (Draft)	October 2015	DRAFT IT Asset Management: Financial Services Announcement and Draft Publication
SP 1800-4 (Draft)	November 2015	DRAFT Mobile Device Security: Cloud and Hybrid Builds Announcement and Draft Publication
SP 1800-3 (Draft)	September 2015	DRAFT Attribute Based Access Control Announcement and Draft Publication
SP 1800-2 (Draft)	August 2015	DRAFT Identity and Access Management for Electric Utilities Announcement and Draft Publication
SP 1800-1 (Draft)	July 2015	DRAFT Securing Electronic Health Records on Mobile Devices Announcement and Draft Publication

SP 500s - Computer Systems Technology

Number	Date	Title
SP 500-304	June 2015	Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information SP 500-304 ^FAQ doi:10.6028/NIST.SP.500-304 [Direct Link]
		BioCTS homepage
SP 500-299 (Draft)	May 2013	DRAFT NIST Cloud Computing Security Reference Architecture Announcement and Draft Publication

Aug	SEP	Nov
	12
2016	2017	2018

NIST, Computer Security Resource Center

Search

Browse Publications

NEW Publications

By Technical Series

By Category

Historical Papers and Archives

NIST Special Publications (SP)