In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

NIST Special Publications (SP)

We strongly encourage you to start using the publication information on the new CSRC:

NIST Special Publications (SPs)
SP 800s; SP 1800s; SP 500s

 

NIST uses three NIST Special Publication subseries to publish computer/cyber/information security and guidelines, recommendations and reference materials:

  • SP 800, Computer Security (December 1990-present):
    NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials
    (SP 800s are also searchable in the NIST Library Catalog);
     
  • SP 1800, NIST Cybersecurity Practice Guides (2015-present):
    A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity;
     
  • SP 500, Computer Systems Technology (January 1977-present):
    A general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL), this page lists selected SP 500s related to NIST's computer security efforts. (Prior to the SP 800 subseries, NIST used the SP 500 subseries for computer security publications; see Archived NIST SPs for a list.)
     

Note: Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.

SP 800s - Computer Security
NumberDateTitle
SP 800-193 
(Draft)		May 2017DRAFT Platform Firmware Resiliency Guidelines
Announcement and Draft Publication
SP 800-192June 2017Verification and Test Methods for Access Control Policies/Models
SP 800-192 FAQ
doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-191 
(Draft)		August 2017DRAFT The NIST Definition of Fog Computing
Announcement and Draft Publication
SP 800-190 
(Draft)		July 2017DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication
SP 800-188 
(Draft)		December 2016DRAFT De-Identifying Government Datasets (2nd Draft)
Announcement and Draft Publication
SP 800-187 
(Draft)		November 2016DRAFT Guide to LTE Security
Announcement and Draft Publication
SP 800-185December 2016SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
SP 800-185 FAQ
doi:10.6028/NIST.SP.800-185 [Direct Link]
Comments Received on Draft SP 800-185
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-183July 2016Networks of 'Things'
SP 800-183 FAQ
doi:10.6028/NIST.SP.800-183 [Direct Link]
Press Release
SP 800-182July 2016Computer Security Division 2015 Annual Report
SP 800-182 FAQ
doi:10.6028/NIST.SP.800-182 [Direct Link]
SP 800-181August 2017National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
SP 800-181 FAQ
doi:10.6028/NIST.SP.800-181 [Direct Link]
Reference Spreadsheet for NICE Framework
NICE Framework homepage
SP 800-180 
(Draft)		February 2016 DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines
Announcement and Draft Publication
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-178October 2016A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
SP 800-178 FAQ
doi:10.6028/NIST.SP.800-178 [Direct Link]
SP 800-177September 2016Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link]
High Assurance Domains project
SP 800-176August 2015 Computer Security Division 2014 Annual Report
SP 800-176 FAQ
doi:10.6028/NIST.SP.800-176 [Direct Link]
SP 800-175AAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link]
Comments Received from Final Draft
SP 800-175BAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link]
Comments Received from Final Draft
SP 800-171 Rev. 1December 2016Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-171r1 [Direct Link]
Specific Changes to the Security Requirements in SP 800-171
SP 800-171June 2015 (Updated 1/14/2016)Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 (including updates as of 01-14-2016) FAQ
doi:10.6028/NIST.SP.800-171 [Direct Link]
Press Release (06-19-2015)
SP 800-170June 2014 Computer Security Division 2013 Annual Report
SP 800-170 FAQ
doi:10.6028/NIST.SP.800-170 [Direct Link]
SP 800-168May 2014 Approximate Matching: Definition and Terminology
SP 800-168 FAQ
doi:10.6028/NIST.SP.800-168 [Direct Link]
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-165July 2013 Computer Security Division 2012 Annual Report
SP 800-165 FAQ
doi:10.6028/NIST.SP.800-165 [Direct Link]
SP 800-164 
(Draft)		October 2012 DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
Announcement and Draft Publication
SP 800-163January 2015 Vetting the Security of Mobile Applications
SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link]
Press Release
SP 800-162January 2014 Guide to Attribute Based Access Control (ABAC) Definition and Considerations
SP 800-162 FAQ
doi:10.6028/NIST.SP.800-162 [Direct Link]
SP 800-162 (EPUB) FAQ
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160November 2016Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link]
"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-155 
(Draft)		December 2011 DRAFT BIOS Integrity Measurement Guidelines
Announcement and Draft Publication
SP 800-154 
(Draft)		March 2016 DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication
SP 800-153February 2012 Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link]
Press Release (Mar. 6, 2012)
SP 800-152October 2015 A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)
SP 800-152 FAQ
doi:10.6028/NIST.SP.800-152 [Direct Link]
Comments received on final (3rd) Draft (Dec. 2014)
Draft 3 (Dec. 2014)
Draft 2 (Jan. 2014)
Draft (Aug. 2012)
SP 800-150October 2016Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-142October 2010 Practical Combinatorial Testing
SP 800-142 FAQ
doi:10.6028/NIST.SP.800-142 [Direct Link]
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-135 Rev. 1December 2011 Recommendation for Existing Application-Specific Key Derivation Functions
SP 800-135 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-135r1 [Direct Link]
Informative Note (09-19-2016)
SP 800-133December 2012Recommendation for Cryptographic Key Generation
SP 800-133 FAQ
doi:10.6028/NIST.SP.800-133 [Direct Link]
SP 800-133 (EPUB) FAQ
Press Release
SP 800-132December 2010 Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link]
SP 800-131A Rev. 1November 2015 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
SP 800-131A Rev. 1 FAQ
doi:10.6028/NIST.SP.800-131Ar1 [Direct Link]
Comments and resolutions on Draft (July 2015)
SP 800-130August 2013 A Framework for Designing Cryptographic Key Management Systems
SP 800-130 FAQ
doi:10.6028/NIST.SP.800-130 [Direct Link]
SP 800-128August 2011 Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-127September 2010 Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link]
SP 800-127 (EPUB) FAQ
Press Release
SP 800-126A 
(Draft)		July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)		July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A 
(Draft)		October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-125BMarch 2016 Secure Virtual Network Configuration for Virtual Machine (VM) Protection
SP 800-125B FAQ
doi:10.6028/NIST.SP.800-125B [Direct Link]
SP 800-125January 2011 Guide to Security for Full Virtualization Technologies
SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link]
Press Release
SP 800-124 Rev. 1June 2013 Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
Press Release
SP 800-123July 2008 Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link]
SP 800-123 (EPUB) FAQ
SP 800-122April 2010 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link]
SP 800-122 (EPUB) FAQ
SP 800-121 Rev. 2May 2017Guide to Bluetooth Security
SP 800-121 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-120September 2009 Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link]
SP 800-119December 2010 Guidelines for the Secure Deployment of IPv6
SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-117 Rev. 1 
(Draft)		January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-116 Rev. 1 
(Draft)		December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-115September 2008 Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link]
SP 800-115 (EPUB) FAQ
SP 800-114 Rev. 1July 2016User's Guide to Telework and Bring Your Own Device (BYOD) Security
SP 800-114 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113July 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111November 2007 Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-108October 2009 Recommendation for Key Derivation Using Pseudorandom Functions (Revised)
SP 800-108 FAQ
doi:10.6028/NIST.SP.800-108 [Direct Link]
Comments received on Draft (Apr. 2008)
SP 800-107 Rev. 1August 2012 Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106February 2009 Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-102September 2009 Recommendation for Digital Signature Timeliness
SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link]
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-100October 2006 (Updated 3/7/2007)Information Security Handbook: A Guide for Managers
SP 800-100 (including updates as of 03-07-2007) FAQ
doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-97February 2007 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP 800-97 FAQ
doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-96September 2006 PIV Card to Reader Interoperability Guidelines
SP 800-96 FAQ
doi:10.6028/NIST.SP.800-96 [Direct Link]
SP 800-95August 2007 Guide to Secure Web Services
SP 800-95 FAQ
doi:10.6028/NIST.SP.800-95 [Direct Link]
SP 800-94 Rev. 1 
(Draft)		July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-92September 2006 Guide to Computer Security Log Management
SP 800-92 FAQ
doi:10.6028/NIST.SP.800-92 [Direct Link]
SP 800-92 (EPUB) FAQ
SP 800-90A Rev. 1June 2015 Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP 800-90A Revision 1 FAQ
doi:10.6028/NIST.SP.800-90Ar1 [Direct Link]
Press Release
SP 800-90B 
(Draft)		January 2016 DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation
Announcement and Draft Publication
SP 800-90C 
(Draft)		April 2016 DRAFT Recommendation for Random Bit Generator (RBG) Constructions
Announcement and Draft Publication
SP 800-89November 2006 Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-87 Rev. 1April 2008 Codes for Identification of Federal and Federally-Assisted Organizations
SP 800-87 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-87r1 [Direct Link]
SP 800-86August 2006 Guide to Integrating Forensic Techniques into Incident Response
SP 800-86 FAQ
doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-85A-4April 2016 PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
SP 800-85A-4 FAQ
doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 
(Draft)		August 2014 DRAFT PIV Data Model Test Guidelines
Announcement and Draft Publication
SP 800-85BJuly 2006 PIV Data Model Test Guidelines
SP 800-85B FAQ
doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-84September 2006 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link]
SP 800-84 (EPUB) FAQ
SP 800-83 Rev. 1July 2013 Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-82 Rev. 2May 2015 Guide to Industrial Control Systems (ICS) Security
SP 800-82 Revision 2 FAQ
doi:10.6028/NIST.SP.800-82r2 [Direct Link]
Press Release
SP 800-81-2September 2013 Secure Domain Name System (DNS) Deployment Guide
SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-79-2July 2015 Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
SP 800-79-2 FAQ
doi:10.6028/NIST.SP.800-79-2 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-77December 2005 Guide to IPsec VPNs
SP 800-77 FAQ
doi:10.6028/NIST.SP.800-77 [Direct Link]
SP 800-76-2July 2013 Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73-4May 2015 (Updated 2/8/2016)Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
SP 800-72November 2004 Guidelines on PDA Forensics
SP 800-72 FAQ
doi:10.6028/NIST.SP.800-72 [Direct Link]
SP 800-70 Rev. 4 
(Draft)		August 2017DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Announcement and Draft Publication
SP 800-70 Rev. 3November 2015 (Updated 12/8/2016)National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-70r3 [Direct Link]
National Checklist Program
SP 800-69September 2006 Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
SP 800-69 FAQ
doi:10.6028/NIST.SP.800-69 [Direct Link]
SP 800-68 Rev. 1October 2008 Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link]
Security Templates R1.2.1
NIST Windows Security Baseline Database Application v0.2.7
SP 800-67 Rev. 2 
(Draft)		July 2017DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
Announcement and Draft Publication
SP 800-67 Rev. 1January 2012 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
SP 800-67 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-67r1 [Direct Link]
SP 800-66 Rev. 1October 2008 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-65January 2005 Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65 FAQ
doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-64 Rev. 2October 2008 Security Considerations in the System Development Life Cycle
SP 800-64 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-64r2 [Direct Link]
SP 800-63AJune 2017Digital Identity Guidelines: Enrollment and Identity Proofing
SP 800-63A FAQ
doi:10.6028/NIST.SP.800-63a [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-63BJune 2017Digital Identity Guidelines: Authentication and Lifecycle Management
SP 800-63B FAQ
doi:10.6028/NIST.SP.800-63b [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-63CJune 2017Digital Identity Guidelines: Federation and Assertions
SP 800-63C FAQ
doi:10.6028/NIST.SP.800-63c [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-63-3June 2017Digital Identity Guidelines
SP 800-63-3 FAQ
doi:10.6028/NIST.SP.800-63-3 [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-61 Rev. 2August 2012 Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
Press Release
SP 800-60 Vol. 2 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
SP 800-60 Vol. 2, Rev. 1: Appendices FAQ
doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-60 Vol. 1 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-59August 2003 Guideline for Identifying an Information System as a National Security System
SP 800-59 FAQ
doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-58January 2005 Security Considerations for Voice Over IP Systems
SP 800-58 FAQ
doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-57 Part 1 Rev. 4January 2016 Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2August 2005 Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link]
Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1January 2015 Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-56A Rev. 3 
(Draft)		August 2017DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
Announcement and Draft Publication
SP 800-56A Rev. 2May 2013 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
SP 800-56A Revision 2 FAQ
doi:10.6028/NIST.SP.800-56Ar2 [Direct Link]
Comments received on Draft (Aug. 2012)
SP 800-56B Rev. 1September 2014 Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography
SP 800-56B Rev. 1 FAQ
doi:10.6028/NIST.SP.800-56Br1 [Direct Link]
SP 800-56C Rev. 1 
(Draft)		August 2017DRAFT Recommendation for Key Derivation through Extraction-then-Expansion
Announcement and Draft Publication
SP 800-56CNovember 2011 Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C FAQ
doi:10.6028/NIST.SP.800-56C [Direct Link]
SP 800-55 Rev. 1July 2008 Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53A Rev. 4December 2014 (Updated 12/18/2014)Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
Word version of SP 800-53A Rev. 4 (12-18-2014)
XML file for SP 800-53A Rev. 4 (06-16-2015)
Press Release
SP 800-53 Rev. 5 
(Draft)		August 2017DRAFT Security and Privacy Controls for Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
SP 800-52 Rev. 1April 2014 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
Press Release
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-50October 2003 Building an Information Technology Security Awareness and Training Program
SP 800-50 FAQ
doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-49November 2002 Federal S/MIME V3 Client Profile
SP 800-49 FAQ
doi:10.6028/NIST.SP.800-49 [Direct Link]
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-47August 2002 Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link]
SP 800-46 Rev. 2July 2016Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2February 2007 Guidelines on Electronic Mail Security
SP 800-45 Version 2 FAQ
doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-43November 2002 Systems Administration Guidance for Securing Windows 2000 Professional System
SP 800-43 FAQ
doi:10.6028/NIST.SP.800-43 [Direct Link]
Security Templates R1.2.3
SP 800-41 Rev. 1September 2009 Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-40 Rev. 3July 2013 Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
Press Release
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-38A AddendumOctober 2010 Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A Addendum FAQ
doi:10.6028/NIST.SP.800-38A-Add [Direct Link]
SP 800-38ADecember 2001 Recommendation for Block Cipher Modes of Operation: Methods and Techniques
SP 800-38A FAQ
doi:10.6028/NIST.SP.800-38A [Direct Link]
SP 800-38BMay 2005 (Updated 10/6/2016)Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
SP 800-38B FAQ
doi:10.6028/NIST.SP.800-38B [Direct Link]
SP 800-38CMay 2004 (Updated 7/20/2007)Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (including updates as of 07-20-2007) FAQ
doi:10.6028/NIST.SP.800-38C [Direct Link]
SP 800-38DNovember 2007 Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D FAQ
doi:10.6028/NIST.SP.800-38D [Direct Link]
SP 800-38EJanuary 2010 Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E FAQ
doi:10.6028/NIST.SP.800-38E [Direct Link]
SP 800-38FDecember 2012 Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link]
SP 800-38GMarch 2016 Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-38G FAQ
doi:10.6028/NIST.SP.800-38G [Direct Link]
Press Release
SP 800-37 Rev. 1February 2010 (Updated 6/5/2014)Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
SP 800-36October 2003 Guide to Selecting Information Technology Security Products
SP 800-36 FAQ
doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-35October 2003 Guide to Information Technology Security Services
SP 800-35 FAQ
doi:10.6028/NIST.SP.800-35 [Direct Link]
SP 800-34 Rev. 1May 2010 (Updated 11/11/2010)Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link]
Business Impact Analysis (BIA) Template
Contingency Planning: Low Impact System Template
Contingency Planning: Moderate Impact System Template
Contingency Planning: High Impact System Template
SP 800-33December 2001 Underlying Technical Models for Information Technology Security
SP 800-33 FAQ
doi:10.6028/NIST.SP.800-33 [Direct Link]
SP 800-32February 26, 2001 Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-30 Rev. 1September 2012 Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link]
SP 800-30 Rev. 1 (EPUB) FAQ
Press Release
SP 800-29June 2001 A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
SP 800-29 FAQ
doi:10.6028/NIST.SP.800-29 [Direct Link]
SP 800-28 Version 2March 2008 Guidelines on Active Content and Mobile Code
SP 800-28 Version 2 FAQ
doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-27 Rev. AJune 2004 Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A
SP 800-27 Rev. A FAQ
doi:10.6028/NIST.SP.800-27rA [Direct Link]
SP 800-25October 2000 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-24April 2001 PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
SP 800-24 FAQ
doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-23August 2000 Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-23 FAQ
doi:10.6028/NIST.SP.800-23 [Direct Link]
SP 800-22 Rev. 1aApril 2010 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
SP 800-22 Rev. 1a FAQ
doi:10.6028/NIST.SP.800-22r1a [Direct Link]
SP 800-20October 1999 (Updated 3/1/2012)Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures
SP 800-20 (including updates as of 03-2012) FAQ
doi:10.6028/NIST.SP.800-20 [Direct Link]
SP 800-19October 1999 Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-18 Rev. 1February 2006 Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 800-17February 1998 Modes of Operation Validation System (MOVS): Requirements and Procedures
SP 800-17 FAQ
doi:10.6028/NIST.SP.800-17 [Direct Link]
SP 800-16 Rev. 1 
(Draft)		March 2014 DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training
Announcement and Draft Publication
SP 800-16April 1998 Information Technology Security Training Requirements: a Role- and Performance-Based Model
SP 800-16 FAQ
doi:10.6028/NIST.SP.800-16 [Direct Link]
SP 800-15January 1998 MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link]
SP 800-14September 1996 Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-14 FAQ
doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 800-13October 1995 Telecommunications Security Guidelines for Telecommunications Management Network
SP 800-13 FAQ
doi:10.6028/NIST.SP.800-13 [Direct Link]
SP 800-12 Rev. 1June 2017An Introduction to Information Security
SP 800-12 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-12r1 [Direct Link]
SP 800-1December 1990 Bibliography of Selected Computer Security Publications, January 1980 - October 1989
SP 800-1 FAQ
doi:10.6028/NIST.SP.800-1 [Direct Link]
Back to Top
SP 1800s - NIST Cybersecurity Practice Guides
NumberDateTitle
SP 1800-8 
(Draft)		May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
SP 1800-7 
(Draft)		February 2017DRAFT Situational Awareness for Electric Utilities
Announcement and Draft Publication
SP 1800-6 
(Draft)		November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
SP 1800-5 
(Draft)		October 2015 DRAFT IT Asset Management: Financial Services
Announcement and Draft Publication
SP 1800-4 
(Draft)		November 2015 DRAFT Mobile Device Security: Cloud and Hybrid Builds
Announcement and Draft Publication
SP 1800-3 
(Draft)		September 2015 DRAFT Attribute Based Access Control
Announcement and Draft Publication
SP 1800-2 
(Draft)		August 2015 DRAFT Identity and Access Management for Electric Utilities
Announcement and Draft Publication
SP 1800-1 
(Draft)		July 2015 DRAFT Securing Electronic Health Records on Mobile Devices
Announcement and Draft Publication
Back to Top
SP 500s - Computer Systems Technology
NumberDateTitle
SP 500-304June 2015 Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information
SP 500-304 FAQ
doi:10.6028/NIST.SP.500-304 [Direct Link]
BioCTS homepage
SP 500-299 
(Draft)		May 2013 DRAFT NIST Cloud Computing Security Reference Architecture
Announcement and Draft Publication