Introduce
NIST uses three NIST Special Publication subseries to publish computer/cyber/information security and guidelines, recommendations and reference materials:
SP500
Computer Systems Technology (January 1977-present):
A general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL), this page lists selected SP 500s related to NIST's computer security efforts. (Prior to the SP 800 subseries, NIST used the SP 500 subseries for computer security publications; see Archived NIST SPs for a list.)
| Number | Date | Title |
|---|---|---|
| SP 500-304 | June 2015 | Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information SP 500-304 doi:10.6028/NIST.SP.500-304 [Direct Link] |
| BioCTS homepage | ||
| SP 500-299 (Draft) | May 2013 | DRAFT NIST Cloud Computing Security Reference Architecture Announcement and Draft Publication |
SP800
Computer Security (December 1990-present):
NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials
(SP 800s are also searchable in the NIST Library Catalog);
| Number | Date | Title |
|---|---|---|
| SP 800-193 (Draft) | May 2017 | DRAFT Platform Firmware Resiliency Guidelines Announcement and Draft Publication |
| SP 800-192 | June 2017 | Verification and Test Methods for Access Control Policies/Models SP 800-192 doi:10.6028/NIST.SP.800-192 [Direct Link] |
| SP 800-190 (Draft) | April 2017 | DRAFT Application Container Security Guide Announcement and Draft Publication |
| SP 800-188 (Draft) | December 2016 | DRAFT De-Identifying Government Datasets (2nd Draft) Announcement and Draft Publication |
| SP 800-187 (Draft) | November 2016 | DRAFT Guide to LTE Security Announcement and Draft Publication |
| SP 800-185 | December 2016 | SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash SP 800-185 doi:10.6028/NIST.SP.800-185 [Direct Link] |
| Comments Received on Draft SP 800-185 | ||
| SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery SP 800-184 doi:10.6028/NIST.SP.800-184 [Direct Link] |
| Press Release (12-22-2016) | ||
| SP 800-183 | July 2016 | Networks of 'Things' SP 800-183 doi:10.6028/NIST.SP.800-183 [Direct Link] |
| Press Release | ||
| SP 800-182 | July 2016 | Computer Security Division 2015 Annual Report SP 800-182 doi:10.6028/NIST.SP.800-182 [Direct Link] |
| SP 800-181 (Draft) | November 2016 | DRAFT NICE Cybersecurity Workforce Framework (NCWF): National Initiative for Cybersecurity Education Announcement and Draft Publication |
| SP 800-180 (Draft) | February 2016 | DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines Announcement and Draft Publication |
| SP 800-179 | December 2016 | Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 doi:10.6028/NIST.SP.800-179 [Direct Link] |
| Supplemental Content (GitHub) | ||
| National Checklist Program | ||
| SP 800-178 | October 2016 | A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) SP 800-178 doi:10.6028/NIST.SP.800-178 [Direct Link] |
| SP 800-177 | September 2016 | Trustworthy Email SP 800-177 doi:10.6028/NIST.SP.800-177 [Direct Link] |
| High Assurance Domains project | ||
| SP 800-176 | August 2015 | Computer Security Division 2014 Annual Report SP 800-176 doi:10.6028/NIST.SP.800-176 [Direct Link] |
| SP 800-175A | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies SP 800-175A doi:10.6028/NIST.SP.800-175A [Direct Link] |
| Comments Received from Final Draft | ||
| SP 800-175B | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms SP 800-175B doi:10.6028/NIST.SP.800-175B [Direct Link] |
| Comments Received from Final Draft | ||
| SP 800-171 Rev. 1 | December 2016 | Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 doi:10.6028/NIST.SP.800-171r1 [Direct Link] |
| Specific Changes to the Security Requirements in SP 800-171 | ||
| SP 800-171 | June 2015 (Updated 1/14/2016) | Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) doi:10.6028/NIST.SP.800-171 [Direct Link] |
| Press Release (06-19-2015) | ||
| SP 800-170 | June 2014 | Computer Security Division 2013 Annual Report SP 800-170 doi:10.6028/NIST.SP.800-170 [Direct Link] |
| SP 800-168 | May 2014 | Approximate Matching: Definition and Terminology SP 800-168 doi:10.6028/NIST.SP.800-168 [Direct Link] |
| SP 800-167 | October 2015 | Guide to Application Whitelisting SP 800-167 doi:10.6028/NIST.SP.800-167 [Direct Link] |
| Press Release | ||
| SP 800-166 | June 2016 | Derived PIV Application and Data Model Test Guidelines SP 800-166 doi:10.6028/NIST.SP.800-166 [Direct Link] |
| SP 800-165 | July 2013 | Computer Security Division 2012 Annual Report SP 800-165 doi:10.6028/NIST.SP.800-165 [Direct Link] |
| SP 800-164 (Draft) | October 2012 | DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices Announcement and Draft Publication |
| SP 800-163 | January 2015 | Vetting the Security of Mobile Applications SP 800-163 doi:10.6028/NIST.SP.800-163 [Direct Link] |
| Press Release | ||
| SP 800-162 | January 2014 | Guide to Attribute Based Access Control (ABAC) Definition and Considerations SP 800-162 doi:10.6028/NIST.SP.800-162 [Direct Link] |
| SP 800-162 (EPUB) FAQ | ||
| SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 doi:10.6028/NIST.SP.800-161 [Direct Link] |
| SP 800-160 | November 2016 | Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 doi:10.6028/NIST.SP.800-160 [Direct Link] |
| "Rethinking Cybersecurity from the Inside Out" (blog post) | ||
| SP 800-157 | December 2014 | Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 doi:10.6028/NIST.SP.800-157 [Direct Link] |
| Comments and resolutions on Draft SP 800-157 (Mar. 2014) | ||
| SP 800-156 | May 2016 | Representation of PIV Chain-of-Trust for Import and Export SP 800-156 doi:10.6028/NIST.SP.800-156 [Direct Link] |
| XSD Schema File for SP 800-156 Chain of Trust | ||
| SP 800-155 (Draft) | December 2011 | DRAFT BIOS Integrity Measurement Guidelines Announcement and Draft Publication |
| SP 800-154 (Draft) | March 2016 | DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication |
| SP 800-153 | February 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 doi:10.6028/NIST.SP.800-153 [Direct Link] |
| Press Release (Mar. 6, 2012) | ||
| SP 800-152 | October 2015 | A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS) SP 800-152 doi:10.6028/NIST.SP.800-152 [Direct Link] |
| Comments received on final (3rd) Draft (Dec. 2014) | ||
| Draft 3 (Dec. 2014) | ||
| Draft 2 (Jan. 2014) | ||
| Draft (Aug. 2012) | ||
| SP 800-150 | October 2016 | Guide to Cyber Threat Information Sharing SP 800-150 doi:10.6028/NIST.SP.800-150 [Direct Link] |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers SP 800-147B doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines SP 800-147 doi:10.6028/NIST.SP.800-147 [Direct Link] |
| Press Release | ||
| SP 800-146 | May 2012 | Cloud Computing Synopsis and Recommendations SP 800-146 doi:10.6028/NIST.SP.800-146 [Direct Link] |
| SP 800-146 (EPUB) FAQ | ||
| Press Release | ||
| SP 800-145 | September 2011 | The NIST Definition of Cloud Computing SP 800-145 doi:10.6028/NIST.SP.800-145 [Direct Link] |
| SP 800-145 (EPUB) FAQ | ||
| Press Release | ||
| SP 800-144 | December 2011 | Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 doi:10.6028/NIST.SP.800-144 [Direct Link] |
| SP 800-144 (EPUB) FAQ | ||
| Press Release | ||
| SP 800-142 | October 2010 | Practical Combinatorial Testing SP 800-142 doi:10.6028/NIST.SP.800-142 [Direct Link] |
| SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 doi:10.6028/NIST.SP.800-137 [Direct Link] |
| Press Release | ||
| SP 800-135 Rev. 1 | December 2011 | Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1 doi:10.6028/NIST.SP.800-135r1 [Direct Link] |
| Informative Note (09-19-2016) | ||
| SP 800-133 | December 2012 | Recommendation for Cryptographic Key Generation SP 800-133 doi:10.6028/NIST.SP.800-133 [Direct Link] |
| SP 800-133 (EPUB) FAQ | ||
| Press Release | ||
| SP 800-132 | December 2010 | Recommendation for Password-Based Key Derivation: Part 1: Storage Applications SP 800-132 doi:10.6028/NIST.SP.800-132 [Direct Link] |
| SP 800-131A Rev. 1 | November 2015 | Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths SP 800-131A Rev. 1 doi:10.6028/NIST.SP.800-131Ar1 [Direct Link] |
| Comments and resolutions on Draft (July 2015) | ||
| SP 800-130 | August 2013 | A Framework for Designing Cryptographic Key Management Systems SP 800-130 doi:10.6028/NIST.SP.800-130 [Direct Link] |
| SP 800-128 | August 2011 | Guide for Security-Focused Configuration Management of Information Systems SP 800-128 doi:10.6028/NIST.SP.800-128 [Direct Link] |
| SP 800-127 | September 2010 | Guide to Securing WiMAX Wireless Communications SP 800-127 doi:10.6028/NIST.SP.800-127 [Direct Link] |
| SP 800-127 (EPUB) FAQ | ||
| Press Release | ||
| SP 800-126A (Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication |
| SP 800-126 Rev. 3 (Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| NIST Solicits Comments for SP 800-126 & SCAP | ||
| SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
| SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 doi:10.6028/NIST.SP.800-126 [Direct Link] |
| SP 800-125A (Draft) | October 20, 2014 | DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication |
| SP 800-125B | March 2016 | Secure Virtual Network Configuration for Virtual Machine (VM) Protection SP 800-125B doi:10.6028/NIST.SP.800-125B [Direct Link] |
| SP 800-125 | January 2011 | Guide to Security for Full Virtualization Technologies SP 800-125 doi:10.6028/NIST.SP.800-125 [Direct Link] |
| Press Release | ||
| SP 800-124 Rev. 1 | June 2013 | Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 doi:10.6028/NIST.SP.800-124r1 [Direct Link] |
| SP 800-124 Rev. 1 (EPUB) FAQ | ||
| Press Release | ||
| SP 800-123 | July 2008 | Guide to General Server Security SP 800-123 doi:10.6028/NIST.SP.800-123 [Direct Link] |
| SP 800-123 (EPUB) FAQ | ||
| SP 800-122 | April 2010 | Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 doi:10.6028/NIST.SP.800-122 [Direct Link] |
| SP 800-122 (EPUB) FAQ | ||
| SP 800-121 Rev. 2 | May 2017 | Guide to Bluetooth Security SP 800-121 Rev. 2 doi:10.6028/NIST.SP.800-121r2 [Direct Link] |
| SP 800-120 | September 2009 | Recommendation for EAP Methods Used in Wireless Network Access Authentication SP 800-120 doi:10.6028/NIST.SP.800-120 [Direct Link] |
| SP 800-119 | December 2010 | Guidelines for the Secure Deployment of IPv6 SP 800-119 doi:10.6028/NIST.SP.800-119 [Direct Link] |
| SP 800-117 Rev. 1 (Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication |
| SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 doi:10.6028/NIST.SP.800-117 [Direct Link] |
| SP 800-116 Rev. 1 (Draft) | December 2015 | DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication |
| SP 800-116 | November 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 doi:10.6028/NIST.SP.800-116 [Direct Link] |
| SP 800-115 | September 2008 | Technical Guide to Information Security Testing and Assessment SP 800-115 doi:10.6028/NIST.SP.800-115 [Direct Link] |
| SP 800-115 (EPUB) FAQ | ||
| SP 800-114 Rev. 1 | July 2016 | User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 doi:10.6028/NIST.SP.800-114r1 [Direct Link] |
| SP 800-113 | July 2008 | Guide to SSL VPNs SP 800-113 doi:10.6028/NIST.SP.800-113 [Direct Link] |
| SP 800-111 | November 2007 | Guide to Storage Encryption Technologies for End User Devices SP 800-111 doi:10.6028/NIST.SP.800-111 [Direct Link] |
| SP 800-108 | October 2009 | Recommendation for Key Derivation Using Pseudorandom Functions (Revised) SP 800-108 doi:10.6028/NIST.SP.800-108 [Direct Link] |
| Comments received on Draft (Apr. 2008) | ||
| SP 800-107 Rev. 1 | August 2012 | Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 doi:10.6028/NIST.SP.800-107r1 [Direct Link] |
| SP 800-106 | February 2009 | Randomized Hashing for Digital Signatures SP 800-106 doi:10.6028/NIST.SP.800-106 [Direct Link] |
| SP 800-102 | September 2009 | Recommendation for Digital Signature Timeliness SP 800-102 doi:10.6028/NIST.SP.800-102 [Direct Link] |
| SP 800-101 Rev. 1 | May 2014 | Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 doi:10.6028/NIST.SP.800-101r1 [Direct Link] |
| SP 800-100 | October 2006 (Updated 3/7/2007) | Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) doi:10.6028/NIST.SP.800-100 [Direct Link] |
| SP 800-98 | April 2007 | Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 doi:10.6028/NIST.SP.800-98 [Direct Link] |
| SP 800-97 | February 2007 | Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97 doi:10.6028/NIST.SP.800-97 [Direct Link] |
| SP 800-96 | September 2006 | PIV Card to Reader Interoperability Guidelines SP 800-96 doi:10.6028/NIST.SP.800-96 [Direct Link] |
| SP 800-95 | August 2007 | Guide to Secure Web Services SP 800-95 doi:10.6028/NIST.SP.800-95 [Direct Link] |
| SP 800-94 Rev. 1 (Draft) | July 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication |
| SP 800-94 | February 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 doi:10.6028/NIST.SP.800-94 [Direct Link] |
| SP 800-92 | September 2006 | Guide to Computer Security Log Management SP 800-92 doi:10.6028/NIST.SP.800-92 [Direct Link] |
| SP 800-92 (EPUB) FAQ | ||
| SP 800-90A Rev. 1 | June 2015 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators SP 800-90A Revision 1 doi:10.6028/NIST.SP.800-90Ar1 [Direct Link] |
| Press Release | ||
| SP 800-90B (Draft) | January 2016 | DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation Announcement and Draft Publication |
| SP 800-90C (Draft) | April 2016 | DRAFT Recommendation for Random Bit Generator (RBG) Constructions Announcement and Draft Publication |
| SP 800-89 | November 2006 | Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89 doi:10.6028/NIST.SP.800-89 [Direct Link] |
| SP 800-88 Rev. 1 | December 2014 | Guidelines for Media Sanitization SP 800-88 Revision 1 doi:10.6028/NIST.SP.800-88r1 [Direct Link] |
| SP 800-87 Rev. 1 | April 2008 | Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev. 1 doi:10.6028/NIST.SP.800-87r1 [Direct Link] |
| SP 800-86 | August 2006 | Guide to Integrating Forensic Techniques into Incident Response SP 800-86 doi:10.6028/NIST.SP.800-86 [Direct Link] |
| SP 800-85A-4 | April 2016 | PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) SP 800-85A-4 doi:10.6028/NIST.SP.800-85A-4 [Direct Link] |
| SP 800-85B-4 (Draft) | August 2014 | DRAFT PIV Data Model Test Guidelines Announcement and Draft Publication |
| SP 800-85B | July 2006 | PIV Data Model Test Guidelines SP 800-85B doi:10.6028/NIST.SP.800-85B [Direct Link] |
| SP 800-84 | September 2006 | Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84 doi:10.6028/NIST.SP.800-84 [Direct Link] |
| SP 800-84 (EPUB) FAQ | ||
| SP 800-83 Rev. 1 | July 2013 | Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 doi:10.6028/NIST.SP.800-83r1 [Direct Link] |
| SP 800-82 Rev. 2 | May 2015 | Guide to Industrial Control Systems (ICS) Security SP 800-82 Revision 2 doi:10.6028/NIST.SP.800-82r2 [Direct Link] |
| Press Release | ||
| SP 800-81-2 | September 2013 | Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 doi:10.6028/NIST.SP.800-81-2 [Direct Link] |
| SP 800-79-2 | July 2015 | Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) SP 800-79-2 doi:10.6028/NIST.SP.800-79-2 [Direct Link] |
| SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
| SP 800-77 | December 2005 | Guide to IPsec VPNs SP 800-77 doi:10.6028/NIST.SP.800-77 [Direct Link] |
| SP 800-76-2 | July 2013 | Biometric Specifications for Personal Identity Verification SP 800-76-2 doi:10.6028/NIST.SP.800-76-2 [Direct Link] |
| SP 800-73-4 | May 2015 (Updated 2/8/2016) | Interfaces for Personal Identity Verification SP 800-73-4 (including updates as of 02-08-2016) doi:10.6028/NIST.SP.800-73-4 [Direct Link] |
| Press Release (06-16-2015) | ||
| SP 800-72 | November 2004 | Guidelines on PDA Forensics SP 800-72 doi:10.6028/NIST.SP.800-72 [Direct Link] |
| SP 800-70 Rev. 3 | November 2015 (Updated 12/8/2016) | National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 doi:10.6028/NIST.SP.800-70r3 [Direct Link] |
| National Checklist Program | ||
| SP 800-69 | September 2006 | Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist SP 800-69 doi:10.6028/NIST.SP.800-69 [Direct Link] |
| SP 800-68 Rev. 1 | October 2008 | Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 doi:10.6028/NIST.SP.800-68r1 [Direct Link] |
| SP 800-67 Rev. 1 | January 2012 | Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP 800-67 Rev. 1 doi:10.6028/NIST.SP.800-67r1 [Direct Link] |
| SP 800-66 Rev. 1 | October 2008 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 doi:10.6028/NIST.SP.800-66r1 [Direct Link] |
| SP 800-65 | January 2005 | Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 doi:10.6028/NIST.SP.800-65 [Direct Link] |
| SP 800-64 Rev. 2 | October 2008 | Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2 doi:10.6028/NIST.SP.800-64r2 [Direct Link] |
| SP 800-63A | June 2017 | Digital Identity Guidelines: Enrollment and Identity Proofing SP 800-63A doi:10.6028/NIST.SP.800-63a [Direct Link] |
| SP 800-63-3 (GitHub) | ||
| SP 800-63B | June 2017 | Digital Identity Guidelines: Authentication and Lifecycle Management SP 800-63B doi:10.6028/NIST.SP.800-63b [Direct Link] |
| SP 800-63-3 (GitHub) | ||
| SP 800-63C | June 2017 | Digital Identity Guidelines: Federation and Assertions SP 800-63C doi:10.6028/NIST.SP.800-63c [Direct Link] |
| SP 800-63-3 (GitHub) | ||
| SP 800-63-3 | June 2017 | Digital Identity Guidelines SP 800-63-3 doi:10.6028/NIST.SP.800-63-3 [Direct Link] |
| SP 800-63-3 (GitHub) | ||
| SP 800-61 Rev. 2 | August 2012 | Computer Security Incident Handling Guide SP 800-61 Rev. 2 doi:10.6028/NIST.SP.800-61r2 [Direct Link] |
| Press Release | ||
| SP 800-60 Vol. 2 Rev. 1 | August 2008 | Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices SP 800-60 Vol. 2, Rev. 1: Appendices doi:10.6028/NIST.SP.800-60v2r1 [Direct Link] |
| SP 800-60 Vol. 1 Rev. 1 | August 2008 | Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol. 1 Rev. 1 doi:10.6028/NIST.SP.800-60v1r1 [Direct Link] |
| SP 800-59 | August 2003 | Guideline for Identifying an Information System as a National Security System SP 800-59 doi:10.6028/NIST.SP.800-59 [Direct Link] |
| SP 800-58 | January 2005 | Security Considerations for Voice Over IP Systems SP 800-58 doi:10.6028/NIST.SP.800-58 [Direct Link] |
| SP 800-57 Part 1 Rev. 4 | January 2016 | Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link] |
| Comments and resolutions for SP 800-57 Part 1, Rev. 4 | ||
| SP 800-57 Part 2 | August 2005 | Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 doi:10.6028/NIST.SP.800-57p2 [Direct Link] |
| Comments received on Draft (Apr. 2005) | ||
| SP 800-57 Part 3 Rev. 1 | January 2015 | Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link] |
| SP 800-56A Rev. 2 | May 2013 | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography SP 800-56A Revision 2 doi:10.6028/NIST.SP.800-56Ar2 [Direct Link] |
| Comments received on Draft (Aug. 2012) | ||
| SP 800-56B Rev. 1 | September 2014 | Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography SP 800-56B Rev. 1 doi:10.6028/NIST.SP.800-56Br1 [Direct Link] |
| SP 800-56C | November 2011 | Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56C doi:10.6028/NIST.SP.800-56C [Direct Link] |
| SP 800-55 Rev. 1 | July 2008 | Performance Measurement Guide for Information Security SP 800-55 Rev. 1 doi:10.6028/NIST.SP.800-55r1 [Direct Link] |
| SP 800-54 | July 2007 | Border Gateway Protocol Security SP 800-54 doi:10.6028/NIST.SP.800-54 [Direct Link] |
| SP 800-53A Rev. 4 | December 2014 (Updated 12/18/2014) | Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans SP 800-53A Revision 4 doi:10.6028/NIST.SP.800-53Ar4 [Direct Link] |
| Word version of SP 800-53A Rev. 4 (12-18-2014) | ||
| XML file for SP 800-53A Rev. 4 (06-16-2015) | ||
| Press Release | ||
| SP 800-53 Rev. 5 (Draft) | February 23, 2016 | DRAFT PRE-DRAFT Call for Comments: Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| Word version of SP 800-53 Rev. 4 (01-22-2015) | ||
| XML file for SP 800-53 Rev. 4 (01-15-2014) | ||
| Summary of NIST SP 800-53 Revision 4 | ||
| Press Release (04-30-2013) | ||
| Pre-Draft Call for Comments for SP 800-53 Rev. 5 | ||
| SP 800-52 Rev. 1 | April 2014 | Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations SP 800-52 Rev. 1 doi:10.6028/NIST.SP.800-52r1 [Direct Link] |
| Press Release | ||
| SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| Press Release | ||
| SP 800-50 | October 2003 | Building an Information Technology Security Awareness and Training Program SP 800-50 doi:10.6028/NIST.SP.800-50 [Direct Link] |
| SP 800-49 | November 2002 | Federal S/MIME V3 Client Profile SP 800-49 doi:10.6028/NIST.SP.800-49 [Direct Link] |
| SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
| SP 800-47 | August 2002 | Security Guide for Interconnecting Information Technology Systems SP 800-47 doi:10.6028/NIST.SP.800-47 [Direct Link] |
| SP 800-46 Rev. 2 | July 2016 | Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 doi:10.6028/NIST.SP.800-46r2 [Direct Link] |
| SP 800-45 Version 2 | February 2007 | Guidelines on Electronic Mail Security SP 800-45 Version 2 doi:10.6028/NIST.SP.800-45ver2 [Direct Link] |
| SP 800-44 Version 2 | September 2007 | Guidelines on Securing Public Web Servers SP 800-44 Version 2 doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
| SP 800-43 | November 2002 | Systems Administration Guidance for Securing Windows 2000 Professional System SP 800-43 doi:10.6028/NIST.SP.800-43 [Direct Link] |
| SP 800-41 Rev. 1 | September 2009 | Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 doi:10.6028/NIST.SP.800-41r1 [Direct Link] |
| SP 800-40 Rev. 3 | July 2013 | Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 doi:10.6028/NIST.SP.800-40r3 [Direct Link] |
| Press Release | ||
| SP 800-39 | March 2011 | Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 doi:10.6028/NIST.SP.800-39 [Direct Link] |
| Press Release | ||
| SP 800-38A Addendum | October 2010 | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode SP 800-38A Addendum doi:10.6028/NIST.SP.800-38A-Add [Direct Link] |
| SP 800-38A | December 2001 | Recommendation for Block Cipher Modes of Operation: Methods and Techniques SP 800-38A doi:10.6028/NIST.SP.800-38A [Direct Link] |
| SP 800-38B | May 2005 (Updated 10/6/2016) | Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication SP 800-38B doi:10.6028/NIST.SP.800-38B [Direct Link] |
| SP 800-38C | May 2004 (Updated 7/20/2007) | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality SP 800-38C (including updates as of 07-20-2007) doi:10.6028/NIST.SP.800-38C [Direct Link] |
| SP 800-38D | November 2007 | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC SP 800-38D doi:10.6028/NIST.SP.800-38D [Direct Link] |
| SP 800-38E | January 2010 | Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices SP 800-38E doi:10.6028/NIST.SP.800-38E [Direct Link] |
| SP 800-38F | December 2012 | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping SP 800-38F doi:10.6028/NIST.SP.800-38F [Direct Link] |
| SP 800-38G | March 2016 | Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption SP 800-38G doi:10.6028/NIST.SP.800-38G [Direct Link] |
| Press Release | ||
| SP 800-37 Rev. 1 | February 2010 (Updated 6/5/2014) | Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) doi:10.6028/NIST.SP.800-37r1 [Direct Link] |
| Supplemental Guidance on Ongoing Authorization, (June 2014) | ||
| Press Release | ||
| SP 800-36 | October 2003 | Guide to Selecting Information Technology Security Products SP 800-36 doi:10.6028/NIST.SP.800-36 [Direct Link] |
| SP 800-35 | October 2003 | Guide to Information Technology Security Services SP 800-35 doi:10.6028/NIST.SP.800-35 [Direct Link] |
| SP 800-34 Rev. 1 | May 2010 (Updated 11/11/2010) | Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) doi:10.6028/NIST.SP.800-34r1 [Direct Link] |
| Business Impact Analysis (BIA) Template | ||
| Contingency Planning: Low Impact System Template | ||
| Contingency Planning: Moderate Impact System Template | ||
| Contingency Planning: High Impact System Template | ||
| SP 800-33 | December 2001 | Underlying Technical Models for Information Technology Security SP 800-33 doi:10.6028/NIST.SP.800-33 [Direct Link] |
| SP 800-32 | February 26, 2001 | Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32 doi:10.6028/NIST.SP.800-32 [Direct Link] |
| SP 800-30 Rev. 1 | September 2012 | Guide for Conducting Risk Assessments SP 800-30 Rev. 1 doi:10.6028/NIST.SP.800-30r1 [Direct Link] |
| SP 800-30 Rev. 1 (EPUB) FAQ | ||
| Press Release | ||
| SP 800-29 | June 2001 | A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 SP 800-29 doi:10.6028/NIST.SP.800-29 [Direct Link] |
| SP 800-28 Version 2 | March 2008 | Guidelines on Active Content and Mobile Code SP 800-28 Version 2 doi:10.6028/NIST.SP.800-28ver2 [Direct Link] |
| SP 800-27 Rev. A | June 2004 | Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A SP 800-27 Rev. A doi:10.6028/NIST.SP.800-27rA [Direct Link] |
| SP 800-25 | October 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 doi:10.6028/NIST.SP.800-25 [Direct Link] |
| SP 800-24 | April 2001 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 doi:10.6028/NIST.SP.800-24 [Direct Link] |
| SP 800-23 | August 2000 | Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products SP 800-23 doi:10.6028/NIST.SP.800-23 [Direct Link] |
| SP 800-22 Rev. 1a | April 2010 | A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications SP 800-22 Rev. 1a doi:10.6028/NIST.SP.800-22r1a [Direct Link] |
| SP 800-20 | October 1999 (Updated 3/1/2012) | Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures SP 800-20 (including updates as of 03-2012) doi:10.6028/NIST.SP.800-20 [Direct Link] |
| SP 800-19 | October 1999 | Mobile Agent Security SP 800-19 doi:10.6028/NIST.SP.800-19 [Direct Link] |
| SP 800-18 Rev. 1 | February 2006 | Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev. 1 doi:10.6028/NIST.SP.800-18r1 [Direct Link] |
| SP 800-17 | February 1998 | Modes of Operation Validation System (MOVS): Requirements and Procedures SP 800-17 doi:10.6028/NIST.SP.800-17 [Direct Link] |
| SP 800-16 Rev. 1 (Draft) | March 2014 | DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training Announcement and Draft Publication |
| SP 800-16 | April 1998 | Information Technology Security Training Requirements: a Role- and Performance-Based Model SP 800-16 doi:10.6028/NIST.SP.800-16 [Direct Link] |
| SP 800-15 | January 1998 | MISPC Minimum Interoperability Specification for PKI Components, Version 1 SP 800-15 doi:10.6028/NIST.SP.800-15 [Direct Link] |
| SP 800-14 | September 1996 | Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 doi:10.6028/NIST.SP.800-14 [Direct Link] |
| SP 800-13 | October 1995 | Telecommunications Security Guidelines for Telecommunications Management Network SP 800-13 doi:10.6028/NIST.SP.800-13 [Direct Link] |
| SP 800-12 Rev. 1 | June 2017 | An Introduction to Information Security SP 800-12 Rev. 1 doi:10.6028/NIST.SP.800-12r1 [Direct Link] |
| SP 800-1 | December 1990 | Bibliography of Selected Computer Security Publications, January 1980 - October 1989 SP 800-1 doi:10.6028/NIST.SP.800-1 [Direct Link] |
SP1800
NIST Cybersecurity Practice Guides (2015-present):
A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity;
| Number | Date | Title |
|---|---|---|
| SP 1800-8 (Draft) | May 2017 | DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations Announcement and Draft Publication |
| SP 1800-7 (Draft) | February 2017 | DRAFT Situational Awareness for Electric Utilities Announcement and Draft Publication |
| SP 1800-6 (Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication |
| SP 1800-5 (Draft) | October 2015 | DRAFT IT Asset Management: Financial Services Announcement and Draft Publication |
| SP 1800-4 (Draft) | November 2015 | DRAFT Mobile Device Security: Cloud and Hybrid Builds Announcement and Draft Publication |
| SP 1800-3 (Draft) | September 2015 | DRAFT Attribute Based Access Control Announcement and Draft Publication |
| SP 1800-2 (Draft) | August 2015 | DRAFT Identity and Access Management for Electric Utilities Announcement and Draft Publication |
| SP 1800-1 (Draft) | July 2015 | DRAFT Securing Electronic Health Records on Mobile Devices Announcement and Draft Publication |