In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Publications By Topic/Project

Browse FIPS, Special Publications, NISTIRs and ITL Bulletins by topic or project:

Security Concepts
General IT Security
Audit & Accountability
Authentication
Awareness & Training
Certification & Accreditation
Contingency Planning
Cryptography
Digital Signatures
Incident Response
Maintenance
Personal Identity Verification (PIV)
Planning
Privacy
Public Key Infrastructure (PKI)
Research
Risk Assessment
Security Automation
Services & Acquisition
Threats & Vulnerability Management
Usability
Technologies
Biometrics
Cloud Computing & Virtualization
Communications & Wireless
Mobile
Smart Cards
 
Applications
Cyber-Physical Systems / Smart Grid
Forensics
Healthcare
Internet of Things (IoT)
Public Safety
Supply Chain
Voting
 
Activities
Annual Reports
Conferences & Workshops

Note: Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.

Annual Reports
NumberDateTitle
SP 800-182July 2016Computer Security Division 2015 Annual Report
SP 800-182 FAQ
doi:10.6028/NIST.SP.800-182 [Direct Link]
SP 800-176August 2015 Computer Security Division 2014 Annual Report
SP 800-176 FAQ
doi:10.6028/NIST.SP.800-176 [Direct Link]
SP 800-170June 2014 Computer Security Division 2013 Annual Report
SP 800-170 FAQ
doi:10.6028/NIST.SP.800-170 [Direct Link]
SP 800-165July 2013 Computer Security Division 2012 Annual Report
SP 800-165 FAQ
doi:10.6028/NIST.SP.800-165 [Direct Link]
NISTIR 7816May 2012 Computer Security Division 2011 Annual Report
NISTIR 7816 FAQ
doi:10.6028/NIST.IR.7816 [Direct Link]
NISTIR 7751May 2011 Computer Security Division 2010 Annual Report
NISTIR 7751 FAQ
doi:10.6028/NIST.IR.7751 [Direct Link]
NISTIR 7653March 2010 Computer Security Division 2009 Annual Report
NISTIR 7653 FAQ
doi:10.6028/NIST.IR.7653 [Direct Link]
NISTIR 7536March 2009 Computer Security Division 2008 Annual Report
NISTIR 7536 FAQ
doi:10.6028/NIST.IR.7536 [Direct Link]
NISTIR 7442April 2008 Computer Security Division 2007 Annual Report
NISTIR 7442 FAQ
doi:10.6028/NIST.IR.7442 [Direct Link]
NISTIR 7399March 2007 Computer Security Division 2006 Annual Report
NISTIR 7399 FAQ
doi:10.6028/NIST.IR.7399 [Direct Link]
NISTIR 7285February 2006 Computer Security Division 2005 Annual Report
NISTIR 7285 FAQ
doi:10.6028/NIST.IR.7285 [Direct Link]
NISTIR 7219April 2005 Computer Security Division 2004 Annual Report
NISTIR 7219 FAQ
doi:10.6028/NIST.IR.7219 [Direct Link]
NISTIR 7111April 2004 Computer Security Division 2003 Annual Report
NISTIR 7111 FAQ
doi:10.6028/NIST.IR.7111 [Direct Link]
Back to Top
Audit & Accountability
NumberDateTitle
FIPS 200March 2006 Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199February 2004 Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link]
FIPS 140-2May 25, 2001 (Change Notice 2, 12/3/2002)Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link]
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Comments on FIPS 140-1 (Oct. 1998)
SP 800-190 
(Draft)
July 2017DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-171 Rev. 1December 2016Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-171r1 [Direct Link]
Specific Changes to the Security Requirements in SP 800-171
SP 800-171June 2015 (Updated 1/14/2016)Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 (including updates as of 01-14-2016) FAQ
doi:10.6028/NIST.SP.800-171 [Direct Link]
Press Release (06-19-2015)
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-115September 2008 Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link]
SP 800-115 (EPUB) FAQ
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-92September 2006 Guide to Computer Security Log Management
SP 800-92 FAQ
doi:10.6028/NIST.SP.800-92 [Direct Link]
SP 800-92 (EPUB) FAQ
SP 800-70 Rev. 4 
(Draft)
August 2017DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Announcement and Draft Publication
SP 800-68 Rev. 1October 2008 Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link]
Security Templates R1.2.1
NIST Windows Security Baseline Database Application v0.2.7
SP 800-55 Rev. 1July 2008 Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-53A Rev. 4December 2014 (Updated 12/18/2014)Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
Word version of SP 800-53A Rev. 4 (12-18-2014)
XML file for SP 800-53A Rev. 4 (06-16-2015)
Press Release
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-50October 2003 Building an Information Technology Security Awareness and Training Program
SP 800-50 FAQ
doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-41 Rev. 1September 2009 Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-37 Rev. 1February 2010 (Updated 6/5/2014)Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
SP 800-30 Rev. 1September 2012 Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link]
SP 800-30 Rev. 1 (EPUB) FAQ
Press Release
SP 800-18 Rev. 1February 2006 Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 800-16 Rev. 1 
(Draft)
March 2014 DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training
Announcement and Draft Publication
SP 800-16April 1998 Information Technology Security Training Requirements: a Role- and Performance-Based Model
SP 800-16 FAQ
doi:10.6028/NIST.SP.800-16 [Direct Link]
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
NISTIR 8085 
(Draft)
December 2015 DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication
NISTIR 8060April 2016 Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link]
Guideline Summary for NISTIR 8060
Schema Definition for NISTIR 8060
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 8011 Vol. 2June 2017Automation Support for Security Control Assessments: Hardware Asset Management
NISTIR 8011 Vol. 2 FAQ
doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1June 2017Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7987 Rev. 1October 2015 Policy Machine: Features, Architecture, and Specification
NISTIR 7987 Revision 1 FAQ
doi:10.6028/NIST.IR.7987r1 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7802September 2011 Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7698August 2011 Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698 FAQ
doi:10.6028/NIST.IR.7698 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7697August 2011 Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697 FAQ
doi:10.6028/NIST.IR.7697 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7696August 2011 Common Platform Enumeration: Name Matching Specification Version 2.3
NISTIR 7696 FAQ
doi:10.6028/NIST.IR.7696 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7695August 2011 Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695 FAQ
doi:10.6028/NIST.IR.7695 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7694June 2011 Specification for Asset Reporting Format 1.1
NISTIR 7694 FAQ
doi:10.6028/NIST.IR.7694 [Direct Link]
NISTIR 7693June 2011 Specification for Asset Identification 1.1
NISTIR 7693 FAQ
doi:10.6028/NIST.IR.7693 [Direct Link]
NISTIR 7692April 2011 Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link]
NISTIR 7682September 2011 Information System Security Best Practices for UOCAVA-Supporting Systems
NISTIR 7682 FAQ
doi:10.6028/NIST.IR.7682 [Direct Link]
NISTIR 7551December 2008 A Threat Analysis on UOCAVA Voting Systems
NISTIR 7551 FAQ
doi:10.6028/NIST.IR.7551 [Direct Link]
NISTIR 7358January 2007 Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358 FAQ
doi:10.6028/NIST.IR.7358 [Direct Link]
NISTIR 7316September 2006 Assessment of Access Control Systems
NISTIR 7316 FAQ
doi:10.6028/NIST.IR.7316 [Direct Link]
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
NISTIR 7275 Rev. 4March 2012Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4
NISTIR 7275 Rev. 4 (markup)
NISTIR 7275 Rev. 3January 2008 Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3 FAQ
doi:10.6028/NIST.IR.7275r3 [Direct Link]
NISTIR 7275January 2006 Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1
NISTIR 7275 FAQ
doi:10.6028/NIST.IR.7275 [Direct Link]
NISTIR 7188January 2005 Specification for the Extensible Configuration Checklist Description Format (XCCDF)
NISTIR 7188 FAQ
doi:10.6028/NIST.IR.7188 [Direct Link]
NISTIR 6981April 2003 Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link]
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinJuly 2016Improving Security and Software Management Through the Use of SWID Tags
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinDecember 2015Stopping Malware and Unauthorized Software through Application Whitelisting
ITL BulletinOctober 2015Protection of Controlled Unclassified Information
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinJanuary 2015Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL BulletinAugust 2014Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment
ITL BulletinOctober 2006Log Management: Using Computer and Network Records to Improve Information Security
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL BulletinJanuary 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL BulletinNovember 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL BulletinMarch 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
Whitepaper 
(Draft)
March 20, 2017DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication
Back to Top
Authentication
NumberDateTitle
FIPS 202August 2015 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
FIPS 202 FAQ
doi:10.6028/NIST.FIPS.202 [Direct Link]
Federal Register Notice
Press Release
Comments received on Draft FIPS 202
Draft FIPS 202 (May 2014)
FIPS 186-4July 2013 Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link]
Comments received on FIPS 186-4 (Dec. 2015)
Request for Comments on FIPS 186-4 (Oct. 2015)
Press Release (07-23-2013)
Proposed Change Notice for FIPS 186-3 (Apr. 2012)
Request for Comments on Proposed Change Notice (Apr. 2012)
FIPS 180-4August 2015 Secure Hash Standard (SHS)
FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ
doi:10.6028/NIST.FIPS.180-4 [Direct Link]
Federal Register Notice
Comments received on Draft FIPS 180-4 (Aug. 2014)
SP 800-185December 2016SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
SP 800-185 FAQ
doi:10.6028/NIST.SP.800-185 [Direct Link]
Comments Received on Draft SP 800-185
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-177September 2016Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link]
High Assurance Domains project
SP 800-175AAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link]
Comments Received from Final Draft
SP 800-175BAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link]
Comments Received from Final Draft
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-132December 2010 Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link]
SP 800-127September 2010 Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link]
SP 800-127 (EPUB) FAQ
Press Release
SP 800-121 Rev. 2May 2017Guide to Bluetooth Security
SP 800-121 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-120September 2009 Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link]
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-114 Rev. 1July 2016User's Guide to Telework and Bring Your Own Device (BYOD) Security
SP 800-114 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113July 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-102September 2009 Recommendation for Digital Signature Timeliness
SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link]
SP 800-89November 2006 Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-73-4May 2015 (Updated 2/8/2016)Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
SP 800-68 Rev. 1October 2008 Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link]
Security Templates R1.2.1
NIST Windows Security Baseline Database Application v0.2.7
SP 800-63AJune 2017Digital Identity Guidelines: Enrollment and Identity Proofing
SP 800-63A FAQ
doi:10.6028/NIST.SP.800-63a [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-63BJune 2017Digital Identity Guidelines: Authentication and Lifecycle Management
SP 800-63B FAQ
doi:10.6028/NIST.SP.800-63b [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-63CJune 2017Digital Identity Guidelines: Federation and Assertions
SP 800-63C FAQ
doi:10.6028/NIST.SP.800-63c [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-63-3June 2017Digital Identity Guidelines
SP 800-63-3 FAQ
doi:10.6028/NIST.SP.800-63-3 [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-57 Part 1 Rev. 4January 2016 Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2August 2005 Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link]
Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1January 2015 Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-46 Rev. 2July 2016Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-38A AddendumOctober 2010 Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A Addendum FAQ
doi:10.6028/NIST.SP.800-38A-Add [Direct Link]
SP 800-38ADecember 2001 Recommendation for Block Cipher Modes of Operation: Methods and Techniques
SP 800-38A FAQ
doi:10.6028/NIST.SP.800-38A [Direct Link]
SP 800-38BMay 2005 (Updated 10/6/2016)Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
SP 800-38B FAQ
doi:10.6028/NIST.SP.800-38B [Direct Link]
SP 800-38CMay 2004 (Updated 7/20/2007)Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (including updates as of 07-20-2007) FAQ
doi:10.6028/NIST.SP.800-38C [Direct Link]
SP 800-38DNovember 2007 Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D FAQ
doi:10.6028/NIST.SP.800-38D [Direct Link]
SP 800-38EJanuary 2010 Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E FAQ
doi:10.6028/NIST.SP.800-38E [Direct Link]
SP 800-38FDecember 2012 Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link]
SP 800-38GMarch 2016 Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-38G FAQ
doi:10.6028/NIST.SP.800-38G [Direct Link]
Press Release
SP 800-32February 26, 2001 Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-25October 2000 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-17February 1998 Modes of Operation Validation System (MOVS): Requirements and Procedures
SP 800-17 FAQ
doi:10.6028/NIST.SP.800-17 [Direct Link]
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
SP 1800-3 
(Draft)
September 2015 DRAFT Attribute Based Access Control
Announcement and Draft Publication
NISTIR 8149 
(Draft)
October 2016DRAFT Developing Trust Frameworks to Support Identity Federations
Announcement and Draft Publication
NISTIR 8112 
(Draft)
August 2016DRAFT Attribute Metadata
Announcement and Draft Publication
NISTIR 8105April 2016 Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link]
Press Release
Comments received on Draft NISTIR 8105
NISTIR 8103September 2016Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps
NISTIR 8103 FAQ
doi:10.6028/NIST.IR.8103 [Direct Link]
NISTIR 8080July 2016Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link]
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8054April 2015 (Updated 9/20/2015)NSTIC Pilots: Catalyzing the Identity Ecosystem
NISTIR 8054 (including updates as of 09-20-2015) FAQ
doi:10.6028/NIST.IR.8054 [Direct Link]
NISTIR 8040April 2016 Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
NISTIR 8040 FAQ
doi:10.6028/NIST.IR.8040 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 8014March 2015 Considerations for Identity Management in Public Safety Mobile Networks
NISTIR 8014 FAQ
doi:10.6028/NIST.IR.8014 [Direct Link]
Press Release
NISTIR 7987 Rev. 1October 2015 Policy Machine: Features, Architecture, and Specification
NISTIR 7987 Revision 1 FAQ
doi:10.6028/NIST.IR.7987r1 [Direct Link]
NISTIR 7981 
(Draft)
March 2014 DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7849March 2014 A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7802September 2011 Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7601August 2010 Framework for Emergency Response Officials (ERO): Authentication and Authorization Infrastructure
NISTIR 7601 FAQ
doi:10.6028/NIST.IR.7601 [Direct Link]
NISTIR 7452November 2007 Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7290March 2006 Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
NISTIR 7290 FAQ
doi:10.6028/NIST.IR.7290 [Direct Link]
NISTIR 7206July 2005 Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link]
NISTIR 7200June 2005 Proximity Beacons and Mobile Device Authentication: an Overview and Implementation
NISTIR 7200 FAQ
doi:10.6028/NIST.IR.7200 [Direct Link]
NISTIR 7046August 2003 A Framework for Multi-mode Authentication: Overview and Implementation Guide
NISTIR 7046 FAQ
doi:10.6028/NIST.IR.7046 [Direct Link]
NISTIR 7030July 2003 Picture Password: A Visual Login Technique for Mobile Devices
NISTIR 7030 FAQ
doi:10.6028/NIST.IR.7030 [Direct Link]
NISTIR 6192July 9, 1998 A Revised Model for Role Based Access Control
NISTIR 6192 FAQ
doi:10.6028/NIST.IR.6192 [Direct Link]
Citation Page for NISTIR 6192
NISTIR 5820April 1, 1996 Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications
NISTIR 5820
ITL BulletinAugust 2017Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines
ITL BulletinJuly 2017Updated NIST Guidance for Bluetooth Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinOctober 2016Making Email Trustworthy
ITL BulletinAugust 2016NIST Updates Personal Identity Verification (PIV) Guidelines
ITL BulletinApril 2016New NIST Security Standard Can Protect Credit Cards, Health Information
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinDecember 2015Stopping Malware and Unauthorized Software through Application Whitelisting
ITL BulletinSeptember 2015Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection
ITL BulletinMay 2015Authentication Considerations for Public Safety Mobile Networks
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinAugust 2014Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
Whitepaper 
(Draft)
April 28, 2017DRAFT [Project Description] Securing Property Management Systems: Cybersecurity for the Hospitality Sector
Announcement and Draft Publication
WhitepaperMarch 2017[Project Description] Capabilities Assessment for Securing Manufacturing Industrial Control Systems
Project Description
Project Homepage
Whitepaper 
(Draft)
September 2016DRAFT [Project Description] Authentication for Law Enforcement Vehicle Systems
Announcement and Draft Publication
WhitepaperNovember 2016[Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders
Project Description (Final)
Project Homepage
Whitepaper 
(Draft)
June 2016 DRAFT [Concept Paper] Identity and Access Management for Smart Home Devices
Announcement and Draft Publication
Whitepaper 
(Draft)
May 9, 2016 DRAFT [Project Description] Securing Non-Credit Card, Sensitive Consumer Data: Consumer Data Security for the Retail Sector
Announcement and Draft Publication
WhitepaperSeptember 2016[Project Description] Multifactor Authentication for e-Commerce: Online Authentication for the Retail Sector
Project Description (Final)
Project Homepage
WhitepaperApril 21, 2016 Best Practices for Privileged User PIV Authentication
Best Practices Paper
Building-Block V.2April 1, 2015 [Project Description] Attribute Based Access Control
Project Description
Project homepage
Conference-ProceedingsMay 30 - June 1, 2016inf-TESLA: Multicast Delayed Authentication for Streaming Sensor Data in Electric Power Systems
Preprint FAQ
doi:10.1007/978-3-319-33630-5_3 [Direct Link]
Back to Top
Awareness & Training
NumberDateTitle
SP 800-190 
(Draft)
July 2017DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-181August 2017National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
SP 800-181 FAQ
doi:10.6028/NIST.SP.800-181 [Direct Link]
Reference Spreadsheet for NICE Framework
NICE Framework homepage
SP 800-171 Rev. 1December 2016Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-171r1 [Direct Link]
Specific Changes to the Security Requirements in SP 800-171
SP 800-171June 2015 (Updated 1/14/2016)Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 (including updates as of 01-14-2016) FAQ
doi:10.6028/NIST.SP.800-171 [Direct Link]
Press Release (06-19-2015)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-66 Rev. 1October 2008 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-50October 2003 Building an Information Technology Security Awareness and Training Program
SP 800-50 FAQ
doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-16 Rev. 1 
(Draft)
March 2014 DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training
Announcement and Draft Publication
SP 800-16April 1998 Information Technology Security Training Requirements: a Role- and Performance-Based Model
SP 800-16 FAQ
doi:10.6028/NIST.SP.800-16 [Direct Link]
NISTIR 8053October 2015 De-Identification of Personal Information
NISTIR 8053 FAQ
doi:10.6028/NIST.IR.8053 [Direct Link]
NISTIR 7621 Rev. 1November 2016Small Business Information Security: the Fundamentals
NISTIR 7621 Rev. 1 FAQ
doi:10.6028/NIST.IR.7621r1 [Direct Link]
Press Release
"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7359January 2007 Information Security Guide for Government Executives
NISTIR 7359 FAQ
doi:10.6028/NIST.IR.7359 [Direct Link]
Booklet
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
ITL BulletinMarch 2017Fundamentals of Small Business Information Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinOctober 2015Protection of Controlled Unclassified Information
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinMay 2014Small and Medium-Size Business Information Security Outreach Program
ITL BulletinNovember 2006Guide to Securing Computers Using Windows XP Home Edition
ITL BulletinOctober 2003Information Technology Security Awareness, Training, Education, and Certification
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
Back to Top
Biometrics
NumberDateTitle
FIPS 201-2August 2013 Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
Revised Draft (July 2012)
Draft FIPS 201-2 (March 2011)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-76-2July 2013 Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73-4May 2015 (Updated 2/8/2016)Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
SP 500-304June 2015 Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information
SP 500-304 FAQ
doi:10.6028/NIST.SP.500-304 [Direct Link]
BioCTS homepage
NISTIR 8103September 2016Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps
NISTIR 8103 FAQ
doi:10.6028/NIST.IR.8103 [Direct Link]
NISTIR 8080July 2016Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link]
NISTIR 8053October 2015 De-Identification of Personal Information
NISTIR 8053 FAQ
doi:10.6028/NIST.IR.8053 [Direct Link]
NISTIR 8014March 2015 Considerations for Identity Management in Public Safety Mobile Networks
NISTIR 8014 FAQ
doi:10.6028/NIST.IR.8014 [Direct Link]
Press Release
NISTIR 7957August 2013 Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2011 NIEM XML Encoded Transactions
NISTIR 7957 FAQ
doi:10.6028/NIST.IR.7957 [Direct Link]
NISTIR 7933May 2013 Requirements and Conformance Test Assertions for ANSI/NIST-ITL 1-2011 Record Type 18 - DNA Record
NISTIR 7933 FAQ
doi:10.6028/NIST.IR.7933 [Direct Link]
NISTIR 7771February 2011 Conformance Test Architecture for Biometric Data Interchange Formats - Version Beta 2.0
NISTIR 7771 FAQ
doi:10.6028/NIST.IR.7771 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7452November 2007 Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7290March 2006 Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
NISTIR 7290 FAQ
doi:10.6028/NIST.IR.7290 [Direct Link]
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
NISTIR 7206July 2005 Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link]
NISTIR 7056March 2004 Card Technology Developments and Gap Analysis Interagency Report
NISTIR 7056 FAQ
doi:10.6028/NIST.IR.7056 [Direct Link]
NISTIR 6887 2003 EditionJuly 16, 2003 Government Smart Card Interoperability Specification, Version 2.1
NISTIR 6887 FAQ
doi:10.6028/NIST.IR.6887e2003 [Direct Link]
NISTIR 6529-AApril 5, 2004Common Biometric Exchange Formats Framework (CBEFF)
NISTIR 6529A FAQ
doi:10.6028/NIST.IR.6529-a [Direct Link]
ITL BulletinAugust 2016NIST Updates Personal Identity Verification (PIV) Guidelines
ITL BulletinMay 2015Authentication Considerations for Public Safety Mobile Networks
ITL BulletinOctober 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL BulletinJanuary 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
WhitepaperNovember 2016[Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders
Project Description (Final)
Project Homepage
Back to Top
Certification & Accreditation (C&A)
NumberDateTitle
FIPS 200March 2006 Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199February 2004 Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-128August 2011 Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-115September 2008 Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link]
SP 800-115 (EPUB) FAQ
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-84September 2006 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link]
SP 800-84 (EPUB) FAQ
SP 800-60 Vol. 2 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
SP 800-60 Vol. 2, Rev. 1: Appendices FAQ
doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-60 Vol. 1 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-59August 2003 Guideline for Identifying an Information System as a National Security System
SP 800-59 FAQ
doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-55 Rev. 1July 2008 Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-53A Rev. 4December 2014 (Updated 12/18/2014)Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
Word version of SP 800-53A Rev. 4 (12-18-2014)
XML file for SP 800-53A Rev. 4 (06-16-2015)
Press Release
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-47August 2002 Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link]
SP 800-37 Rev. 1February 2010 (Updated 6/5/2014)Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
SP 800-34 Rev. 1May 2010 (Updated 11/11/2010)Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link]
Business Impact Analysis (BIA) Template
Contingency Planning: Low Impact System Template
Contingency Planning: Moderate Impact System Template
Contingency Planning: High Impact System Template
SP 800-30 Rev. 1September 2012 Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link]
SP 800-30 Rev. 1 (EPUB) FAQ
Press Release
SP 800-23August 2000 Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-23 FAQ
doi:10.6028/NIST.SP.800-23 [Direct Link]
SP 800-18 Rev. 1February 2006 Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 1800-5 
(Draft)
October 2015 DRAFT IT Asset Management: Financial Services
Announcement and Draft Publication
NISTIR 8011 Vol. 1June 2017Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7802September 2011 Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7692April 2011 Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link]
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinJanuary 2015Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL BulletinNovember 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL BulletinMarch 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
ITL BulletinFebruary 2003Secure Interconnections for Information Technology Systems
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
Whitepaper6/3/2014Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management
Paper
Back to Top
Cloud Computing & Virtualization
NumberDateTitle
SP 800-191 
(Draft)
August 2017DRAFT The NIST Definition of Fog Computing
Announcement and Draft Publication
SP 800-190 
(Draft)
July 2017DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication
SP 800-180 
(Draft)
February 2016 DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines
Announcement and Draft Publication
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-125A 
(Draft)
October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-125BMarch 2016 Secure Virtual Network Configuration for Virtual Machine (VM) Protection
SP 800-125B FAQ
doi:10.6028/NIST.SP.800-125B [Direct Link]
SP 800-125January 2011 Guide to Security for Full Virtualization Technologies
SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link]
Press Release
SP 1800-4 
(Draft)
November 2015 DRAFT Mobile Device Security: Cloud and Hybrid Builds
Announcement and Draft Publication
SP 500-299 
(Draft)
May 2013 DRAFT NIST Cloud Computing Security Reference Architecture
Announcement and Draft Publication
NISTIR 8176 
(Draft)
August 2017DRAFT Security Assurance Challenges for Container Deployment
Announcement and Draft Publication
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8006 
(Draft)
June 2014 DRAFT NIST Cloud Computing Forensic Science Challenges
Announcement and Draft Publication
NISTIR 7987 Rev. 1October 2015 Policy Machine: Features, Architecture, and Specification
NISTIR 7987 Revision 1 FAQ
doi:10.6028/NIST.IR.7987r1 [Direct Link]
NISTIR 7956September 2013 Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link]
NISTIR 7904December 2015 Trusted Geolocation in the Cloud: Proof of Concept Implementation
NISTIR 7904 FAQ
doi:10.6028/NIST.IR.7904 [Direct Link]
ITL BulletinJune 2016Extending Network Security into Virtualized Infrastructure
ITL BulletinFebruary 2016Implementing Trusted Geolocation Services in the Cloud
ITL BulletinAugust 2014Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment
ITL BulletinJune 2012Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations
ITL BulletinMarch 2012Guidelines for Improving Security and Privacy in Public Cloud Computing
ITL BulletinApril 2011Full Virtualization Technologies: Guidelines for Secure Implementation and Management
Journal-ArticleMarch-April 2016Using a Capability Oriented Methodology to Build Your Cloud Ecosystem
Preprint FAQ
doi:10.1109/MCC.2016.38 [Direct Link]
Journal-ArticleJanuary-February 2016Learning Internet of Things Security "Hands-On"
Preprint FAQ
doi:10.1109/MSP.2016.4 [Direct Link]
Journal-ArticleSeptember 2016Entropy as a Service: Unlocking Cryptography's Full Potential
Preprint FAQ
doi:10.1109/MC.2016.275 [Direct Link]
Conference-ProceedingsMarch 20-24, 2016Analysis of Virtual Networking Options for Securing Virtual Machines
Paper
Back to Top
Communications & Wireless
NumberDateTitle
FIPS 140-2May 25, 2001 (Change Notice 2, 12/3/2002)Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link]
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Comments on FIPS 140-1 (Oct. 1998)
SP 800-187 
(Draft)
November 2016DRAFT Guide to LTE Security
Announcement and Draft Publication
SP 800-177September 2016Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link]
High Assurance Domains project
SP 800-164 
(Draft)
October 2012 DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
Announcement and Draft Publication
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-153February 2012 Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link]
Press Release (Mar. 6, 2012)
SP 800-127September 2010 Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link]
SP 800-127 (EPUB) FAQ
Press Release
SP 800-124 Rev. 1June 2013 Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
Press Release
SP 800-121 Rev. 2May 2017Guide to Bluetooth Security
SP 800-121 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-120September 2009 Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link]
SP 800-119December 2010 Guidelines for the Secure Deployment of IPv6
SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-115September 2008 Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link]
SP 800-115 (EPUB) FAQ
SP 800-114 Rev. 1July 2016User's Guide to Telework and Bring Your Own Device (BYOD) Security
SP 800-114 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113July 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-97February 2007 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP 800-97 FAQ
doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-81-2September 2013 Secure Domain Name System (DNS) Deployment Guide
SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-77December 2005 Guide to IPsec VPNs
SP 800-77 FAQ
doi:10.6028/NIST.SP.800-77 [Direct Link]
SP 800-58January 2005 Security Considerations for Voice Over IP Systems
SP 800-58 FAQ
doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-52 Rev. 1April 2014 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
Press Release
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-46 Rev. 2July 2016Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2February 2007 Guidelines on Electronic Mail Security
SP 800-45 Version 2 FAQ
doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-41 Rev. 1September 2009 Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-24April 2001 PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
SP 800-24 FAQ
doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 8144 
(Draft)
September 2016DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue
Announcement and Draft Publication
NISTIR 8136January 2017An Overview of Mobile Application Vetting Services for Public Safety
NISTIR 8136 FAQ
doi:10.6028/NIST.IR.8136 [Direct Link]
NISTIR 8135May 2016 Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report
NISTIR 8135 FAQ
doi:10.6028/NIST.IR.8135 [Direct Link]
NISTIR 8080July 2016Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link]
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 8018January 2015 Public Safety Mobile Application Security Requirements Workshop Summary
NISTIR 8018 FAQ
doi:10.6028/NIST.IR.8018 [Direct Link]
NISTIR 8014March 2015 Considerations for Identity Management in Public Safety Mobile Networks
NISTIR 8014 FAQ
doi:10.6028/NIST.IR.8014 [Direct Link]
Press Release
NISTIR 7981 
(Draft)
March 2014 DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NISTIR 7770February 2011 Security Considerations for Remote Electronic UOCAVA Voting
NISTIR 7770 FAQ
doi:10.6028/NIST.IR.7770 [Direct Link]
NISTIR 7711September 2011 Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters
NISTIR 7711 FAQ
doi:10.6028/NIST.IR.7711 [Direct Link]
NISTIR 7617October 2009 Mobile Forensic Reference Materials: a Methodology and Reification
NISTIR 7617 FAQ
doi:10.6028/NIST.IR.7617 [Direct Link]
NISTIR 7516August 2008 Forensic Filtering of Cell Phone Protocols
NISTIR 7516 FAQ
doi:10.6028/NIST.IR.7516 [Direct Link]
NISTIR 7452November 2007 Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7387March 2007 Cell Phone Forensic Tools: an Overview and Analysis Update
NISTIR 7387 FAQ
doi:10.6028/NIST.IR.7387 [Direct Link]
NISTIR 7206July 2005 Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link]
NISTIR 7046August 2003 A Framework for Multi-mode Authentication: Overview and Implementation Guide
NISTIR 7046 FAQ
doi:10.6028/NIST.IR.7046 [Direct Link]
ITL BulletinJuly 2017Updated NIST Guidance for Bluetooth Security
ITL BulletinOctober 2016Making Email Trustworthy
ITL BulletinMay 2015Authentication Considerations for Public Safety Mobile Networks
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinApril 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
ITL BulletinJuly 2007Border Gateway Protocol (BGP) Security
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinMay 2007Securing Radio Frequency Identification (RFID) Systems
ITL BulletinMarch 2007Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL BulletinApril 2006Protecting Sensitive Information Transmitted in Public Networks
ITL BulletinOctober 2004Securing Voice Over Internet Protocol (IP) Networks
WhitepaperNovember 2016[Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders
Project Description (Final)
Project Homepage
Building-BlockMarch 4, 2016[Project Description] Domain Name System-Based Security for Electronic Mail
Project Description
Project homepage
Use-CaseDecember 2015[Project Description] Wireless Medical Infusion Pumps: Medical Device Security
Project description
Project homepage
Conference-PaperMay 10-12, 2016Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry
Preprint
Back to Top
Conferences & Workshops
NumberDateTitle
NISTIR 8135May 2016 Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report
NISTIR 8135 FAQ
doi:10.6028/NIST.IR.8135 [Direct Link]
NISTIR 8103September 2016Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps
NISTIR 8103 FAQ
doi:10.6028/NIST.IR.8103 [Direct Link]
NISTIR 8050 
(Draft)
April 2, 2015 DRAFT Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy: Summary and Next Steps
Announcement and Draft Publication
NISTIR 8041April 2015 Proceedings of the Cybersecurity for Direct Digital Manufacturing (DDM) Symposium
NISTIR 8041 FAQ
doi:10.6028/NIST.IR.8041 [Direct Link]
NISTIR 8018January 2015 Public Safety Mobile Application Security Requirements Workshop Summary
NISTIR 8018 FAQ
doi:10.6028/NIST.IR.8018 [Direct Link]
NISTIR 7916February 2013 Proceedings of the Cybersecurity in Cyber-Physical Systems Workshop, April 23-24, 2012
NISTIR 7916 FAQ
doi:10.6028/NIST.IR.7916 [Direct Link]
NISTIR 7665January 2010 Proceedings of the Privilege Management Workshop, September 1-3, 2009
NISTIR 7665 FAQ
doi:10.6028/NIST.IR.7665 [Direct Link]
NISTIR 7657March 2010 A Report on the Privilege (Access) Management Workshop
NISTIR 7657 FAQ
doi:10.6028/NIST.IR.7657 [Direct Link]
NISTIR 7609January 2010 Cryptographic Key Management Workshop Summary -- June 8-9, 2009
NISTIR 7609 FAQ
doi:10.6028/NIST.IR.7609 [Direct Link]
NISTIR 7427September 2007 6th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427 FAQ
doi:10.6028/NIST.IR.7427 [Direct Link]
NISTIR 7313July 2006 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link]
NISTIR 7224August 2005 4th Annual PKI R&D Workshop "Multiple Paths to Trust" Proceedings
NISTIR 7224 FAQ
doi:10.6028/NIST.IR.7224 [Direct Link]
NISTIR 7085April 2004 2nd Annual PKI Research Workshop Proceedings
NISTIR 7085 FAQ
doi:10.6028/NIST.IR.7085 [Direct Link]
NISTIR 7059November 2003 1st Annual PKI Research Workshop Proceedings
Proceedings from Dartmouth (August 2002)
NISTIR 5472March 1994 A Head Start on Assurance: Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness, March 21-23, 1994
NISTIR 5472
Back to Top
Contingency Planning
NumberDateTitle
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-84September 2006 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link]
SP 800-84 (EPUB) FAQ
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-46 Rev. 2July 2016Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-34 Rev. 1May 2010 (Updated 11/11/2010)Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link]
Business Impact Analysis (BIA) Template
Contingency Planning: Low Impact System Template
Contingency Planning: Moderate Impact System Template
Contingency Planning: High Impact System Template
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinFebruary 2014Framework for Improving Critical Infrastructure Cybersecurity
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinApril 2002Techniques for System and Data Recovery
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
Whitepaper 
(Draft)
March 20, 2017DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication
WhitepaperMay 2016 [Project Description] Data Integrity: Recovering from a destructive malware attack
Project Description
Data Integrity homepage
Back to Top
Cryptography
NumberDateTitle
FIPS 202August 2015 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
FIPS 202 FAQ
doi:10.6028/NIST.FIPS.202 [Direct Link]
Federal Register Notice
Press Release
Comments received on Draft FIPS 202
Draft FIPS 202 (May 2014)
FIPS 198-1July 2008 The Keyed-Hash Message Authentication Code (HMAC)
FIPS 198-1 FAQ
doi:10.6028/NIST.FIPS.198-1 [Direct Link]
FIPS 197November 2001 Advanced Encryption Standard (AES)
FIPS 197 FAQ
doi:10.6028/NIST.FIPS.197 [Direct Link]
Comments received on Draft FIPS 197
FIPS 186-4July 2013 Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link]
Comments received on FIPS 186-4 (Dec. 2015)
Request for Comments on FIPS 186-4 (Oct. 2015)
Press Release (07-23-2013)
Proposed Change Notice for FIPS 186-3 (Apr. 2012)
Request for Comments on Proposed Change Notice (Apr. 2012)
FIPS 180-4August 2015 Secure Hash Standard (SHS)
FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ
doi:10.6028/NIST.FIPS.180-4 [Direct Link]
Federal Register Notice
Comments received on Draft FIPS 180-4 (Aug. 2014)
FIPS 140-2May 25, 2001 (Change Notice 2, 12/3/2002)Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link]
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Comments on FIPS 140-1 (Oct. 1998)
SP 800-185December 2016SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
SP 800-185 FAQ
doi:10.6028/NIST.SP.800-185 [Direct Link]
Comments Received on Draft SP 800-185
SP 800-175AAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link]
Comments Received from Final Draft
SP 800-175BAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link]
Comments Received from Final Draft
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-152October 2015 A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)
SP 800-152 FAQ
doi:10.6028/NIST.SP.800-152 [Direct Link]
Comments received on final (3rd) Draft (Dec. 2014)
Draft 3 (Dec. 2014)
Draft 2 (Jan. 2014)
Draft (Aug. 2012)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-135 Rev. 1December 2011 Recommendation for Existing Application-Specific Key Derivation Functions
SP 800-135 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-135r1 [Direct Link]
Informative Note (09-19-2016)
SP 800-133December 2012Recommendation for Cryptographic Key Generation
SP 800-133 FAQ
doi:10.6028/NIST.SP.800-133 [Direct Link]
SP 800-133 (EPUB) FAQ
Press Release
SP 800-132December 2010 Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link]
SP 800-131A Rev. 1November 2015 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
SP 800-131A Rev. 1 FAQ
doi:10.6028/NIST.SP.800-131Ar1 [Direct Link]
Comments and resolutions on Draft (July 2015)
SP 800-130August 2013 A Framework for Designing Cryptographic Key Management Systems
SP 800-130 FAQ
doi:10.6028/NIST.SP.800-130 [Direct Link]
SP 800-127September 2010 Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link]
SP 800-127 (EPUB) FAQ
Press Release
SP 800-120September 2009 Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link]
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-113July 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111November 2007 Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-108October 2009 Recommendation for Key Derivation Using Pseudorandom Functions (Revised)
SP 800-108 FAQ
doi:10.6028/NIST.SP.800-108 [Direct Link]
Comments received on Draft (Apr. 2008)
SP 800-107 Rev. 1August 2012 Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106February 2009 Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-102September 2009 Recommendation for Digital Signature Timeliness
SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link]
SP 800-90A Rev. 1June 2015 Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP 800-90A Revision 1 FAQ
doi:10.6028/NIST.SP.800-90Ar1 [Direct Link]
Press Release
SP 800-90B 
(Draft)
January 2016 DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation
Announcement and Draft Publication
SP 800-90C 
(Draft)
April 2016 DRAFT Recommendation for Random Bit Generator (RBG) Constructions
Announcement and Draft Publication
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-73-4May 2015 (Updated 2/8/2016)Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
SP 800-67 Rev. 2 
(Draft)
July 2017DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
Announcement and Draft Publication
SP 800-67 Rev. 1January 2012 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
SP 800-67 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-67r1 [Direct Link]
SP 800-57 Part 1 Rev. 4January 2016 Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2August 2005 Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link]
Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1January 2015 Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-56A Rev. 3 
(Draft)
August 2017DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
Announcement and Draft Publication
SP 800-56A Rev. 2May 2013 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
SP 800-56A Revision 2 FAQ
doi:10.6028/NIST.SP.800-56Ar2 [Direct Link]
Comments received on Draft (Aug. 2012)
SP 800-56B Rev. 1September 2014 Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography
SP 800-56B Rev. 1 FAQ
doi:10.6028/NIST.SP.800-56Br1 [Direct Link]
SP 800-56C Rev. 1 
(Draft)
August 2017DRAFT Recommendation for Key Derivation through Extraction-then-Expansion
Announcement and Draft Publication
SP 800-56CNovember 2011 Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C FAQ
doi:10.6028/NIST.SP.800-56C [Direct Link]
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-52 Rev. 1April 2014 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
Press Release
SP 800-49November 2002 Federal S/MIME V3 Client Profile
SP 800-49 FAQ
doi:10.6028/NIST.SP.800-49 [Direct Link]
SP 800-38A AddendumOctober 2010 Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A Addendum FAQ
doi:10.6028/NIST.SP.800-38A-Add [Direct Link]
SP 800-38ADecember 2001 Recommendation for Block Cipher Modes of Operation: Methods and Techniques
SP 800-38A FAQ
doi:10.6028/NIST.SP.800-38A [Direct Link]
SP 800-38BMay 2005 (Updated 10/6/2016)Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
SP 800-38B FAQ
doi:10.6028/NIST.SP.800-38B [Direct Link]
SP 800-38CMay 2004 (Updated 7/20/2007)Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (including updates as of 07-20-2007) FAQ
doi:10.6028/NIST.SP.800-38C [Direct Link]
SP 800-38DNovember 2007 Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D FAQ
doi:10.6028/NIST.SP.800-38D [Direct Link]
SP 800-38EJanuary 2010 Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E FAQ
doi:10.6028/NIST.SP.800-38E [Direct Link]
SP 800-38FDecember 2012 Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link]
SP 800-38GMarch 2016 Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-38G FAQ
doi:10.6028/NIST.SP.800-38G [Direct Link]
Press Release
SP 800-32February 26, 2001 Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-25October 2000 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-22 Rev. 1aApril 2010 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
SP 800-22 Rev. 1a FAQ
doi:10.6028/NIST.SP.800-22r1a [Direct Link]
SP 800-20October 1999 (Updated 3/1/2012)Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures
SP 800-20 (including updates as of 03-2012) FAQ
doi:10.6028/NIST.SP.800-20 [Direct Link]
SP 800-17February 1998 Modes of Operation Validation System (MOVS): Requirements and Procedures
SP 800-17 FAQ
doi:10.6028/NIST.SP.800-17 [Direct Link]
SP 800-15January 1998 MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link]
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 8139 
(Draft)
February 2017DRAFT Identifying Uniformity with Entropy and Divergence
Announcement and Draft Publication
NISTIR 8114March 2017Report on Lightweight Cryptography
NISTIR 8114 FAQ
doi:10.6028/NIST.IR.8114 [Direct Link]
Comments received on Draft (Aug. 2016)
NISTIR 8105April 2016 Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link]
Press Release
Comments received on Draft NISTIR 8105
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7977March 2016 NIST Cryptographic Standards and Guidelines Development Process
NISTIR 7977 FAQ
doi:10.6028/NIST.IR.7977 [Direct Link]
Press Release
Summary of Second Draft Comments (released Jan. 2016)
Comments received on Second Draft (Jan. 2015)
Second Draft NISTIR 7977 (Jan. 2015)
Summary of First Draft Comments
Comments received on First Draft (Feb. 2014)
First Draft NISTIR 7977 (Feb. 2014)
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7956September 2013 Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link]
NISTIR 7924 
(Draft)
May 2014 DRAFT Reference Certificate Policy (2nd Draft)
Announcement and Draft Publication
NISTIR 7896November 2012 Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7896 FAQ
doi:10.6028/NIST.IR.7896 [Direct Link]
NISTIR 7849March 2014 A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7802September 2011 Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7764February 2011 Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7764 FAQ
doi:10.6028/NIST.IR.7764 [Direct Link]
NISTIR 7676June 2010 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 FAQ
doi:10.6028/NIST.IR.7676 [Direct Link]
NISTIR 7620September 2009 Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7620 FAQ
doi:10.6028/NIST.IR.7620 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7609January 2010 Cryptographic Key Management Workshop Summary -- June 8-9, 2009
NISTIR 7609 FAQ
doi:10.6028/NIST.IR.7609 [Direct Link]
NISTIR 7452November 2007 Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7206July 2005 Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link]
NISTIR 7046August 2003 A Framework for Multi-mode Authentication: Overview and Implementation Guide
NISTIR 7046 FAQ
doi:10.6028/NIST.IR.7046 [Direct Link]
NISTIR 6977May 2003 Vulnerabilities in Quantum Key Distribution Protocols
NISTIR 6977
NISTIR 6483April 2000 Randomness Testing of the Advanced Encryption Standard Finalist Candidates
NISTIR 6483
NISTIR 6390September 1999 Randomness Testing of the Advanced Encryption Standard Candidate Algorithms
NISTIR 6390
ITL BulletinJune 2017Toward Standardizing Lightweight Cryptography
ITL BulletinApril 2016New NIST Security Standard Can Protect Credit Cards, Health Information
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinDecember 2015Stopping Malware and Unauthorized Software through Application Whitelisting
ITL BulletinSeptember 2015Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection
ITL BulletinAugust 2015Recommendation for Random Number Generation Using Deterministic Random Bit Generators
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinNovember 2014Cryptographic Module Validation Program (CMVP)
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinApril 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
ITL BulletinMarch 2014Attribute Based Access Control (ABAC) Definition and Considerations
ITL BulletinJanuary 2014A Profile of the Key Management Framework for the Federal Government
ITL BulletinDecember 2012Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information
Whitepaper 
(Draft)
April 26, 2017DRAFT Profiles for the Lightweight Cryptography Standardization Process
Announcement and Draft Publication
WhitepaperMay 12, 2016User's Guide to Running the Draft NIST SP 800-90B Entropy Estimation Suite
Paper
GitHub site
Building-BlockMarch 4, 2016[Project Description] Domain Name System-Based Security for Electronic Mail
Project Description
Project homepage
Journal-ArticleSeptember 2016Entropy as a Service: Unlocking Cryptography's Full Potential
Preprint FAQ
doi:10.1109/MC.2016.275 [Direct Link]
Conference-PaperMay 10-12, 2016Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry
Preprint
Back to Top
Cyber-Physical Systems & Smart Grid
NumberDateTitle
SP 800-183July 2016Networks of 'Things'
SP 800-183 FAQ
doi:10.6028/NIST.SP.800-183 [Direct Link]
Press Release
SP 800-82 Rev. 2May 2015 Guide to Industrial Control Systems (ICS) Security
SP 800-82 Revision 2 FAQ
doi:10.6028/NIST.SP.800-82r2 [Direct Link]
Press Release
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
SP 1800-7 
(Draft)
February 2017DRAFT Situational Awareness for Electric Utilities
Announcement and Draft Publication
SP 1800-2 
(Draft)
August 2015 DRAFT Identity and Access Management for Electric Utilities
Announcement and Draft Publication
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 7916February 2013 Proceedings of the Cybersecurity in Cyber-Physical Systems Workshop, April 23-24, 2012
NISTIR 7916 FAQ
doi:10.6028/NIST.IR.7916 [Direct Link]
NISTIR 7823March 2015 Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
NISTIR 7823 FAQ
doi:10.6028/NIST.IR.7823 [Direct Link]
NISTIR 7628 Rev. 1September 2014 Guidelines for Smart Grid Cybersecurity
NISTIR 7628 Rev. 1, (Volumes 1-3) FAQ
doi:10.6028/NIST.IR.7628r1 [Direct Link]
NIST Project: Cybersecurity for Smart Grid Systems
ITL BulletinSeptember 2016Demystifying the Internet of Things
ITL BulletinNovember 2015Tailoring Security Controls for Industrial Control Systems
ITL BulletinSeptember 2014Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity
ITL BulletinAugust 2011Protecting Industrial Control Systems – Key Components of Our Nation's Critical Infrastructures
Whitepaper 
(Draft)
March 20, 2017DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication
WhitepaperMarch 2017[Project Description] Capabilities Assessment for Securing Manufacturing Industrial Control Systems
Project Description
Whitepaper 
(Draft)
March 20, 2017DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication
WhitepaperMarch 2017[Project Description] Capabilities Assessment for Securing Manufacturing Industrial Control Systems
Project Homepage
Whitepaper 
(Draft)
June 2016 DRAFT [Concept Paper] Identity and Access Management for Smart Home Devices
Announcement and Draft Publication
Use-CaseDecember 2015[Project Description] Wireless Medical Infusion Pumps: Medical Device Security
Project description
Project homepage
Journal-ArticleJanuary-February 2016Learning Internet of Things Security "Hands-On"
Preprint FAQ
doi:10.1109/MSP.2016.4 [Direct Link]
Conference-ProceedingsMay 30 - June 1, 2016inf-TESLA: Multicast Delayed Authentication for Streaming Sensor Data in Electric Power Systems
Preprint FAQ
doi:10.1007/978-3-319-33630-5_3 [Direct Link]
Back to Top
Digital Signatures
NumberDateTitle
FIPS 202August 2015 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
FIPS 202 FAQ
doi:10.6028/NIST.FIPS.202 [Direct Link]
Federal Register Notice
Press Release
Comments received on Draft FIPS 202
Draft FIPS 202 (May 2014)
FIPS 186-4July 2013 Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link]
Comments received on FIPS 186-4 (Dec. 2015)
Request for Comments on FIPS 186-4 (Oct. 2015)
Press Release (07-23-2013)
Proposed Change Notice for FIPS 186-3 (Apr. 2012)
Request for Comments on Proposed Change Notice (Apr. 2012)
FIPS 180-4August 2015 Secure Hash Standard (SHS)
FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ
doi:10.6028/NIST.FIPS.180-4 [Direct Link]
Federal Register Notice
Comments received on Draft FIPS 180-4 (Aug. 2014)
FIPS 140-2May 25, 2001 (Change Notice 2, 12/3/2002)Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link]
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Comments on FIPS 140-1 (Oct. 1998)
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-175AAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link]
Comments Received from Final Draft
SP 800-175BAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link]
Comments Received from Final Draft
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-107 Rev. 1August 2012 Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106February 2009 Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-102September 2009 Recommendation for Digital Signature Timeliness
SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link]
SP 800-89November 2006 Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-57 Part 1 Rev. 4January 2016 Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2August 2005 Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link]
Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1January 2015 Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-49November 2002 Federal S/MIME V3 Client Profile
SP 800-49 FAQ
doi:10.6028/NIST.SP.800-49 [Direct Link]
SP 800-32February 26, 2001 Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-25October 2000 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-15January 1998 MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link]
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 8105April 2016 Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link]
Press Release
Comments received on Draft NISTIR 8105
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 7896November 2012 Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7896 FAQ
doi:10.6028/NIST.IR.7896 [Direct Link]
NISTIR 7802September 2011 Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7764February 2011 Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7764 FAQ
doi:10.6028/NIST.IR.7764 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7313July 2006 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link]
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinSeptember 2015Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
Back to Top
Forensics
NumberDateTitle
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-168May 2014 Approximate Matching: Definition and Terminology
SP 800-168 FAQ
doi:10.6028/NIST.SP.800-168 [Direct Link]
SP 800-150October 2016Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-86August 2006 Guide to Integrating Forensic Techniques into Incident Response
SP 800-86 FAQ
doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-72November 2004 Guidelines on PDA Forensics
SP 800-72 FAQ
doi:10.6028/NIST.SP.800-72 [Direct Link]
NISTIR 8006 
(Draft)
June 2014 DRAFT NIST Cloud Computing Forensic Science Challenges
Announcement and Draft Publication
NISTIR 7933May 2013 Requirements and Conformance Test Assertions for ANSI/NIST-ITL 1-2011 Record Type 18 - DNA Record
NISTIR 7933 FAQ
doi:10.6028/NIST.IR.7933 [Direct Link]
NISTIR 7658February 2010 Guide to SIMfill Use and Development
NISTIR 7658 FAQ
doi:10.6028/NIST.IR.7658 [Direct Link]
NISTIR 7617October 2009 Mobile Forensic Reference Materials: a Methodology and Reification
NISTIR 7617 FAQ
doi:10.6028/NIST.IR.7617 [Direct Link]
NISTIR 7559June 2010 Forensics Web Services (FWS)
NISTIR 7559 FAQ
doi:10.6028/NIST.IR.7559 [Direct Link]
NISTIR 7516August 2008 Forensic Filtering of Cell Phone Protocols
NISTIR 7516 FAQ
doi:10.6028/NIST.IR.7516 [Direct Link]
NISTIR 7387March 2007 Cell Phone Forensic Tools: an Overview and Analysis Update
NISTIR 7387 FAQ
doi:10.6028/NIST.IR.7387 [Direct Link]
NISTIR 7250October 2005 Cell Phone Forensic Tools: an Overview and Analysis
NISTIR 7250 FAQ
doi:10.6028/NIST.IR.7250 [Direct Link]
NISTIR 7100August 2004 PDA Forensic Tools: an Overview and Analysis
NISTIR 7100 FAQ
doi:10.6028/NIST.IR.7100 [Direct Link]
ITL BulletinMay 2017Cyber-Threat Intelligence and Information Sharing
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinJune 2014ITL Forensic Science Program
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
ITL BulletinSeptember 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
Conference-ProceedingsJanuary 4-6, 2016A Probabilistic Network Forensics Model for Evidence Analysis
Preprint FAQ
doi:10.1007/978-3-319-46279-0_10 [Direct Link]
Conference-ProceedingsOctober 12-15, 2015A Logic Based Network Forensics Model for Evidence Analysis [poster]
Paper FAQ
doi:10.1145/2810103.2810106 [Direct Link]
Back to Top
General IT Security
NumberDateTitle
FIPS 200March 2006 Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-192June 2017Verification and Test Methods for Access Control Policies/Models
SP 800-192 FAQ
doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-177September 2016Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link]
High Assurance Domains project
SP 800-160November 2016Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link]
"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-153February 2012 Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link]
Press Release (Mar. 6, 2012)
SP 800-150October 2016Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-142October 2010 Practical Combinatorial Testing
SP 800-142 FAQ
doi:10.6028/NIST.SP.800-142 [Direct Link]
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-132December 2010 Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link]
SP 800-128August 2011 Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-123July 2008 Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link]
SP 800-123 (EPUB) FAQ
SP 800-120September 2009 Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link]
SP 800-119December 2010 Guidelines for the Secure Deployment of IPv6
SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-111November 2007 Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-108October 2009 Recommendation for Key Derivation Using Pseudorandom Functions (Revised)
SP 800-108 FAQ
doi:10.6028/NIST.SP.800-108 [Direct Link]
Comments received on Draft (Apr. 2008)
SP 800-100October 2006 (Updated 3/7/2007)Information Security Handbook: A Guide for Managers
SP 800-100 (including updates as of 03-07-2007) FAQ
doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-95August 2007 Guide to Secure Web Services
SP 800-95 FAQ
doi:10.6028/NIST.SP.800-95 [Direct Link]
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-64 Rev. 2October 2008 Security Considerations in the System Development Life Cycle
SP 800-64 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-64r2 [Direct Link]
SP 800-56CNovember 2011 Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C FAQ
doi:10.6028/NIST.SP.800-56C [Direct Link]
SP 800-52 Rev. 1April 2014 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
Press Release
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-47August 2002 Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link]
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-33December 2001 Underlying Technical Models for Information Technology Security
SP 800-33 FAQ
doi:10.6028/NIST.SP.800-33 [Direct Link]
SP 800-27 Rev. AJune 2004 Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A
SP 800-27 Rev. A FAQ
doi:10.6028/NIST.SP.800-27rA [Direct Link]
SP 800-14September 1996 Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-14 FAQ
doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 800-12 Rev. 1June 2017An Introduction to Information Security
SP 800-12 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-12r1 [Direct Link]
SP 800-1December 1990 Bibliography of Selected Computer Security Publications, January 1980 - October 1989
SP 800-1 FAQ
doi:10.6028/NIST.SP.800-1 [Direct Link]
NISTIR 8170 
(Draft)
May 2017DRAFT The Cybersecurity Framework: Implementation Guidance for Federal Agencies
Announcement and Draft Publication
NISTIR 8074 Vol. 2December 2015 Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 2 FAQ
doi:10.6028/NIST.IR.8074v2 [Direct Link]
NISTIR 8074 Vol. 1December 2015 Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 1 FAQ
doi:10.6028/NIST.IR.8074v1 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7946April 2014 CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link]
NISTIR 7864July 2012 The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities
NISTIR 7864 FAQ
doi:10.6028/NIST.IR.7864 [Direct Link]
Press Release
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7581September 2009 System and Network Security Acronyms and Abbreviations
NISTIR 7581 FAQ
doi:10.6028/NIST.IR.7581 [Direct Link]
NISTIR 7564April 2009 Directions in Security Metrics Research
NISTIR 7564 FAQ
doi:10.6028/NIST.IR.7564 [Direct Link]
NISTIR 7559June 2010 Forensics Web Services (FWS)
NISTIR 7559 FAQ
doi:10.6028/NIST.IR.7559 [Direct Link]
NISTIR 7435August 2007 The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems
NISTIR 7435 FAQ
doi:10.6028/NIST.IR.7435 [Direct Link]
NISTIR 7359January 2007 Information Security Guide for Government Executives
NISTIR 7359 FAQ
doi:10.6028/NIST.IR.7359 [Direct Link]
Booklet
NISTIR 7358January 2007 Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358 FAQ
doi:10.6028/NIST.IR.7358 [Direct Link]
NISTIR 7298 Rev. 2May 2013 Glossary of Key Information Security Terms
NISTIR 7298 Rev. 2 FAQ
doi:10.6028/NIST.IR.7298r2 [Direct Link]
NISTIR 4545April 1991 Computer Security: Selected Articles
NISTIR 4545
ITL BulletinMay 2017Cyber-Threat Intelligence and Information Sharing
ITL BulletinOctober 2016Making Email Trustworthy
ITL BulletinDecember 2013The National Vulnerability Database (NVD): Overview
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinJuly 2014Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL BulletinMay 2014Small and Medium-Size Business Information Security Outreach Program
ITL BulletinApril 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
ITL BulletinFebruary 2014Framework for Improving Critical Infrastructure Cybersecurity
ITL BulletinJune 2013ITL Updated Glossary Of Key Information Security Terms
ITL BulletinOctober 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL BulletinNovember 2006Guide to Securing Computers Using Windows XP Home Edition
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL BulletinSeptember 2004Information Security Within the System Development Life Cycle (SDLC)
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
Whitepaper 
(Draft)
April 28, 2017DRAFT [Project Description] Securing Property Management Systems: Cybersecurity for the Hospitality Sector
Announcement and Draft Publication
WhitepaperMarch 2017Baldrige Cybersecurity Excellence Builder: Key questions for improving your organization's cybersecurity performance
Baldridge Cybersecurity Excellence Builder v1.0
WhitepaperAugust 23, 2012The Role of the National Institute of Standards and Technology in Mobile Security
The Role of NIST in Mobile Security
Whitepaper2/19/2014Summary of NIST SP 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations
Paper
WhitepaperMarch 2017Baldrige Cybersecurity Excellence Builder: Key questions for improving your organization's cybersecurity performance
BCEB Categories 1–7 Questions and Notes Only
BCEB Self-Analysis Worksheet
Baldrige Cybersecurity Initiative Homepage (and FAQs)
Building-BlockSeptember 16, 2015[Project Description] Software Asset Management: Continuous Monitoring
Project Description
Project homepage
Journal-ArticleMay 2016Insights on Formal Methods of Cybersecurity
Preprint FAQ
doi:10.1109/MC.2016.131 [Direct Link]
Conference-ProceedingsJune 10-14, 2016Estimating t-Way Fault Profile Evolution During Testing
Preprint FAQ
doi:10.1109/COMPSAC.2016.110 [Direct Link]
Back to Top
Healthcare
NumberDateTitle
SP 800-66 Rev. 1October 2008 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
SP 1800-1 
(Draft)
July 2015 DRAFT Securing Electronic Health Records on Mobile Devices
Announcement and Draft Publication
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 7497September 2010 Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link]
NISTIR 5820April 1, 1996 Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications
NISTIR 5820
ITL BulletinApril 2016New NIST Security Standard Can Protect Credit Cards, Health Information
ITL BulletinNovember 2010The Exchange of Health Information: Designing a Security Architecture to Provide Information Security and Privacy
Use-CaseDecember 2015[Project Description] Wireless Medical Infusion Pumps: Medical Device Security
Project description
Project homepage
Journal-ArticleNovember/December 2016Caring: An Undiscovered Super “Ility” of Smart Healthcare
Preprint FAQ
doi:10.1109/MS.2016.136 [Direct Link]
Back to Top
Historical Archives
NumberDateTitle
SP 800-29June 2001 A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
SP 800-29 FAQ
doi:10.6028/NIST.SP.800-29 [Direct Link]
SP 800-13October 1995 Telecommunications Security Guidelines for Telecommunications Management Network
SP 800-13 FAQ
doi:10.6028/NIST.SP.800-13 [Direct Link]
SP 800-1December 1990 Bibliography of Selected Computer Security Publications, January 1980 - October 1989
SP 800-1 FAQ
doi:10.6028/NIST.SP.800-1 [Direct Link]
NISTIR 6390September 1999 Randomness Testing of the Advanced Encryption Standard Candidate Algorithms
NISTIR 6390
NISTIR 5495September 1994 Computer Security Training & Awareness Course Compendium
NISTIR 5495
NISTIR 5472March 1994 A Head Start on Assurance: Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness, March 21-23, 1994
NISTIR 5472
NISTIR 5308December 1993 General Procedures for Registering Computer Security Objects
NISTIR 5308
NISTIR 5153March 1993 Minimum Security Requirements for Multi-User Operating Systems
NISTIR 5153
NISTIR 4976November 1992 Assessing Federal and Commercial Information Security Needs
NISTIR 4976
NISTIR 4939October 1992 Threat Assessment of Malicious Code and External Attacks
NISTIR 4939 (TXT)
NISTIR 4749December 1991 Sample Statement of Work for Federal Computer Security Services: For use In-House or Contracting Out
NISTIR 4749
NISTIR 4734February 1992 Foundations of a Security Policy for Use of the National Research and Educational Network
NISTIR 4734
NISTIR 4545April 1991 Computer Security: Selected Articles
NISTIR 4545
NISTIR 4228January 1990 Prototyping SP4: a Secure Data Network System Transport Protocol Interoperability Demonstration Project
NISTIR 4228
Back to Top
Incident Response
NumberDateTitle
SP 800-190 
(Draft)
July 2017DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-150October 2016Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-86August 2006 Guide to Integrating Forensic Techniques into Incident Response
SP 800-86 FAQ
doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-84September 2006 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link]
SP 800-84 (EPUB) FAQ
SP 800-83 Rev. 1July 2013 Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-61 Rev. 2August 2012 Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
Press Release
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-40 Rev. 3July 2013 Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
Press Release
SP 800-34 Rev. 1May 2010 (Updated 11/11/2010)Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link]
Business Impact Analysis (BIA) Template
Contingency Planning: Low Impact System Template
Contingency Planning: Moderate Impact System Template
Contingency Planning: High Impact System Template
SP 1800-7 
(Draft)
February 2017DRAFT Situational Awareness for Electric Utilities
Announcement and Draft Publication
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
SP 1800-5 
(Draft)
October 2015 DRAFT IT Asset Management: Financial Services
Announcement and Draft Publication
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7387March 2007 Cell Phone Forensic Tools: an Overview and Analysis Update
NISTIR 7387 FAQ
doi:10.6028/NIST.IR.7387 [Direct Link]
NISTIR 7250October 2005 Cell Phone Forensic Tools: an Overview and Analysis
NISTIR 7250 FAQ
doi:10.6028/NIST.IR.7250 [Direct Link]
NISTIR 7100August 2004 PDA Forensic Tools: an Overview and Analysis
NISTIR 7100 FAQ
doi:10.6028/NIST.IR.7100 [Direct Link]
NISTIR 6981April 2003 Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link]
NISTIR 6416October 1999 Applying Mobile Agents to Intrusion Detection and Response
NISTIR 6416
ITL BulletinMay 2017Cyber-Threat Intelligence and Information Sharing
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinJune 2015Increasing Visibility and Control of Your ICT Supply Chains
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinFebruary 2014Framework for Improving Critical Infrastructure Cybersecurity
ITL BulletinSeptember 2013ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL BulletinAugust 2013ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL BulletinSeptember 2012Revised Guide Helps Organizations Handle Security Related Incidents
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinSeptember 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL BulletinFebruary 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL BulletinApril 2002Techniques for System and Data Recovery
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
WhitepaperMay 2016 [Project Description] Data Integrity: Recovering from a destructive malware attack
Project Description
Data Integrity homepage
Back to Top
Internet of Things (IoT)
NumberDateTitle
SP 800-183July 2016Networks of 'Things'
SP 800-183 FAQ
doi:10.6028/NIST.SP.800-183 [Direct Link]
Press Release
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
ITL BulletinSeptember 2016Demystifying the Internet of Things
Whitepaper 
(Draft)
June 2016 DRAFT [Concept Paper] Identity and Access Management for Smart Home Devices
Announcement and Draft Publication
Journal-ArticleJanuary-February 2016Learning Internet of Things Security "Hands-On"
Preprint FAQ
doi:10.1109/MSP.2016.4 [Direct Link]
Journal-ArticleNovember/December 2016Caring: An Undiscovered Super “Ility” of Smart Healthcare
Preprint FAQ
doi:10.1109/MS.2016.136 [Direct Link]
Back to Top
Maintenance
NumberDateTitle
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-171 Rev. 1December 2016Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-171r1 [Direct Link]
Specific Changes to the Security Requirements in SP 800-171
SP 800-171June 2015 (Updated 1/14/2016)Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 (including updates as of 01-14-2016) FAQ
doi:10.6028/NIST.SP.800-171 [Direct Link]
Press Release (06-19-2015)
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-155 
(Draft)
December 2011 DRAFT BIOS Integrity Measurement Guidelines
Announcement and Draft Publication
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-128August 2011 Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-123July 2008 Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link]
SP 800-123 (EPUB) FAQ
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-84September 2006 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link]
SP 800-84 (EPUB) FAQ
SP 800-83 Rev. 1July 2013 Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-69September 2006 Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
SP 800-69 FAQ
doi:10.6028/NIST.SP.800-69 [Direct Link]
SP 800-68 Rev. 1October 2008 Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link]
Security Templates R1.2.1
NIST Windows Security Baseline Database Application v0.2.7
SP 800-61 Rev. 2August 2012 Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
Press Release
SP 800-55 Rev. 1July 2008 Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-43November 2002 Systems Administration Guidance for Securing Windows 2000 Professional System
SP 800-43 FAQ
doi:10.6028/NIST.SP.800-43 [Direct Link]
Security Templates R1.2.3
SP 800-40 Rev. 3July 2013 Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
Press Release
SP 800-24April 2001 PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
SP 800-24 FAQ
doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7823March 2015 Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
NISTIR 7823 FAQ
doi:10.6028/NIST.IR.7823 [Direct Link]
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
NISTIR 7275 Rev. 4March 2012Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4
NISTIR 7275 Rev. 4 (markup)
NISTIR 7275 Rev. 3January 2008 Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3 FAQ
doi:10.6028/NIST.IR.7275r3 [Direct Link]
NISTIR 7275January 2006 Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1
NISTIR 7275 FAQ
doi:10.6028/NIST.IR.7275 [Direct Link]
NISTIR 7188January 2005 Specification for the Extensible Configuration Checklist Description Format (XCCDF)
NISTIR 7188 FAQ
doi:10.6028/NIST.IR.7188 [Direct Link]
NISTIR 6985April 2003 COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP) Version 1.0
NISTIR 6985 FAQ
doi:10.6028/nist.ir.6985 [Direct Link]
NISTIR 6462December 1999 CSPP - Guidance for COTS Security Protection Profiles (Formerly: CS2 - Protection Profile Guidance for Near-Term COTS) Version 1.0
NISTIR 6462
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinDecember 2013The National Vulnerability Database (NVD): Overview
ITL BulletinOctober 2015Protection of Controlled Unclassified Information
ITL BulletinJune 2015Increasing Visibility and Control of Your ICT Supply Chains
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinFebruary 2014Framework for Improving Critical Infrastructure Cybersecurity
ITL BulletinSeptember 2013ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL BulletinAugust 2013ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL BulletinOctober 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinNovember 2006Guide to Securing Computers Using Windows XP Home Edition
ITL BulletinAugust 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL BulletinFebruary 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL BulletinOctober 2004Securing Voice Over Internet Protocol (IP) Networks
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
Back to Top
Mobile
NumberDateTitle
SP 800-187 
(Draft)
November 2016DRAFT Guide to LTE Security
Announcement and Draft Publication
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-164 
(Draft)
October 2012 DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
Announcement and Draft Publication
SP 800-163January 2015 Vetting the Security of Mobile Applications
SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link]
Press Release
SP 800-124 Rev. 1June 2013 Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
Press Release
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-72November 2004 Guidelines on PDA Forensics
SP 800-72 FAQ
doi:10.6028/NIST.SP.800-72 [Direct Link]
SP 800-28 Version 2March 2008 Guidelines on Active Content and Mobile Code
SP 800-28 Version 2 FAQ
doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-19October 1999 Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
SP 1800-4 
(Draft)
November 2015 DRAFT Mobile Device Security: Cloud and Hybrid Builds
Announcement and Draft Publication
SP 1800-1 
(Draft)
July 2015 DRAFT Securing Electronic Health Records on Mobile Devices
Announcement and Draft Publication
NISTIR 8144 
(Draft)
September 2016DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue
Announcement and Draft Publication
NISTIR 8136January 2017An Overview of Mobile Application Vetting Services for Public Safety
NISTIR 8136 FAQ
doi:10.6028/NIST.IR.8136 [Direct Link]
NISTIR 8135May 2016 Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report
NISTIR 8135 FAQ
doi:10.6028/NIST.IR.8135 [Direct Link]
NISTIR 8080July 2016Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link]
NISTIR 8040April 2016 Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
NISTIR 8040 FAQ
doi:10.6028/NIST.IR.8040 [Direct Link]
NISTIR 8018January 2015 Public Safety Mobile Application Security Requirements Workshop Summary
NISTIR 8018 FAQ
doi:10.6028/NIST.IR.8018 [Direct Link]
NISTIR 8014March 2015 Considerations for Identity Management in Public Safety Mobile Networks
NISTIR 8014 FAQ
doi:10.6028/NIST.IR.8014 [Direct Link]
Press Release
NISTIR 7981 
(Draft)
March 2014 DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NISTIR 7617October 2009 Mobile Forensic Reference Materials: a Methodology and Reification
NISTIR 7617 FAQ
doi:10.6028/NIST.IR.7617 [Direct Link]
NISTIR 7516August 2008 Forensic Filtering of Cell Phone Protocols
NISTIR 7516 FAQ
doi:10.6028/NIST.IR.7516 [Direct Link]
NISTIR 7290March 2006 Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
NISTIR 7290 FAQ
doi:10.6028/NIST.IR.7290 [Direct Link]
NISTIR 7206July 2005 Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link]
NISTIR 7200June 2005 Proximity Beacons and Mobile Device Authentication: an Overview and Implementation
NISTIR 7200 FAQ
doi:10.6028/NIST.IR.7200 [Direct Link]
NISTIR 7030July 2003 Picture Password: A Visual Login Technique for Mobile Devices
NISTIR 7030 FAQ
doi:10.6028/NIST.IR.7030 [Direct Link]
NISTIR 6981April 2003 Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link]
NISTIR 6416October 1999 Applying Mobile Agents to Intrusion Detection and Response
NISTIR 6416
ITL BulletinAugust 2016NIST Updates Personal Identity Verification (PIV) Guidelines
ITL BulletinMay 2015Authentication Considerations for Public Safety Mobile Networks
ITL BulletinMarch 2015Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL BulletinJuly 2013ITL Issues Guidelines for Managing the Security of Mobile Devices
ITL BulletinApril 2008Using Active Content and Mobile Code and Safeguarding the Security of Information Technology Systems
WhitepaperNovember 2016[Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders
Project Description (Final)
Project Homepage
WhitepaperAugust 23, 2012The Role of the National Institute of Standards and Technology in Mobile Security
The Role of NIST in Mobile Security
Building-Block V.2September 12, 2014 [Project Description] Mobile Device Security for Enterprises
Project Description
Project homepage
Back to Top
Personal Identity Verification (PIV)
NumberDateTitle
FIPS 201-2August 2013 Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
Revised Draft (July 2012)
Draft FIPS 201-2 (March 2011)
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-96September 2006 PIV Card to Reader Interoperability Guidelines
SP 800-96 FAQ
doi:10.6028/NIST.SP.800-96 [Direct Link]
SP 800-85A-4April 2016 PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
SP 800-85A-4 FAQ
doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 
(Draft)
August 2014 DRAFT PIV Data Model Test Guidelines
Announcement and Draft Publication
SP 800-85BJuly 2006 PIV Data Model Test Guidelines
SP 800-85B FAQ
doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-79-2July 2015 Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
SP 800-79-2 FAQ
doi:10.6028/NIST.SP.800-79-2 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-76-2July 2013 Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73-4May 2015 (Updated 2/8/2016)Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8014March 2015 Considerations for Identity Management in Public Safety Mobile Networks
NISTIR 8014 FAQ
doi:10.6028/NIST.IR.8014 [Direct Link]
Press Release
NISTIR 7981 
(Draft)
March 2014 DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NISTIR 7863June 2015 Cardholder Authentication for the PIV Digital Signature Key
NISTIR 7863 FAQ
doi:10.6028/NIST.IR.7863 [Direct Link]
NISTIR 7849March 2014 A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7676June 2010 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 FAQ
doi:10.6028/NIST.IR.7676 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7452November 2007 Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7337August 2006 Personal Identity Verification Demonstration Summary
NISTIR 7337 FAQ
doi:10.6028/NIST.IR.7337 [Direct Link]
NISTIR 7313July 2006 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link]
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
ITL BulletinAugust 2016NIST Updates Personal Identity Verification (PIV) Guidelines
ITL BulletinJuly 2015Improved Security and Mobility Through Updated Interfaces for PIV Cards
ITL BulletinMay 2015Authentication Considerations for Public Safety Mobile Networks
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL BulletinFebruary 2009Using Personal Identity Verification (Piv) Credentials in Physical Access Control Systems (PACS)
ITL BulletinJanuary 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
WhitepaperApril 21, 2016 Best Practices for Privileged User PIV Authentication
Best Practices Paper
Back to Top
PKI
NumberDateTitle
FIPS 140-2May 25, 2001 (Change Notice 2, 12/3/2002)Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link]
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Comments on FIPS 140-1 (Oct. 1998)
SP 800-175AAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link]
Comments Received from Final Draft
SP 800-175BAugust 2016Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link]
Comments Received from Final Draft
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-89November 2006 Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-73-4May 2015 (Updated 2/8/2016)Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
SP 800-57 Part 1 Rev. 4January 2016 Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2August 2005 Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link]
Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1January 2015 Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-52 Rev. 1April 2014 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
Press Release
SP 800-32February 26, 2001 Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-25October 2000 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-15January 1998 MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link]
SP 1800-8 
(Draft)
May 2017DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 8105April 2016 Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link]
Press Release
Comments received on Draft NISTIR 8105
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 7981 
(Draft)
March 2014 DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7956September 2013 Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link]
NISTIR 7924 
(Draft)
May 2014 DRAFT Reference Certificate Policy (2nd Draft)
Announcement and Draft Publication
NISTIR 7849March 2014 A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7676June 2010 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 FAQ
doi:10.6028/NIST.IR.7676 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7609January 2010 Cryptographic Key Management Workshop Summary -- June 8-9, 2009
NISTIR 7609 FAQ
doi:10.6028/NIST.IR.7609 [Direct Link]
NISTIR 7452November 2007 Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7427September 2007 6th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427 FAQ
doi:10.6028/NIST.IR.7427 [Direct Link]
NISTIR 7313July 2006 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link]
NISTIR 7224August 2005 4th Annual PKI R&D Workshop "Multiple Paths to Trust" Proceedings
NISTIR 7224 FAQ
doi:10.6028/NIST.IR.7224 [Direct Link]
NISTIR 7085April 2004 2nd Annual PKI Research Workshop Proceedings
NISTIR 7085 FAQ
doi:10.6028/NIST.IR.7085 [Direct Link]
NISTIR 7059November 2003 1st Annual PKI Research Workshop Proceedings
Proceedings from Dartmouth (August 2002)
ITL BulletinAugust 2016NIST Updates Personal Identity Verification (PIV) Guidelines
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinApril 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
Back to Top
Planning
NumberDateTitle
FIPS 200March 2006 Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199February 2004 Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link]
FIPS 140-2May 25, 2001 (Change Notice 2, 12/3/2002)Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link]
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Comments on FIPS 140-1 (Oct. 1998)
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-163January 2015 Vetting the Security of Mobile Applications
SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link]
Press Release
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160November 2016Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link]
"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-153February 2012 Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link]
Press Release (Mar. 6, 2012)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-125A 
(Draft)
October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-125January 2011 Guide to Security for Full Virtualization Technologies
SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link]
Press Release
SP 800-124 Rev. 1June 2013 Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
Press Release
SP 800-123July 2008 Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link]
SP 800-123 (EPUB) FAQ
SP 800-122April 2010 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link]
SP 800-122 (EPUB) FAQ
SP 800-119December 2010 Guidelines for the Secure Deployment of IPv6
SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-113July 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-95August 2007 Guide to Secure Web Services
SP 800-95 FAQ
doi:10.6028/NIST.SP.800-95 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-81-2September 2013 Secure Domain Name System (DNS) Deployment Guide
SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-65January 2005 Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65 FAQ
doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-57 Part 1 Rev. 4January 2016 Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2August 2005 Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link]
Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1January 2015 Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-55 Rev. 1July 2008 Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-47August 2002 Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link]
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-43November 2002 Systems Administration Guidance for Securing Windows 2000 Professional System
SP 800-43 FAQ
doi:10.6028/NIST.SP.800-43 [Direct Link]
Security Templates R1.2.3
SP 800-41 Rev. 1September 2009 Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-37 Rev. 1February 2010 (Updated 6/5/2014)Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
SP 800-36October 2003 Guide to Selecting Information Technology Security Products
SP 800-36 FAQ
doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-35October 2003 Guide to Information Technology Security Services
SP 800-35 FAQ
doi:10.6028/NIST.SP.800-35 [Direct Link]
SP 800-33December 2001 Underlying Technical Models for Information Technology Security
SP 800-33 FAQ
doi:10.6028/NIST.SP.800-33 [Direct Link]
SP 800-32February 26, 2001 Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-30 Rev. 1September 2012 Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link]
SP 800-30 Rev. 1 (EPUB) FAQ
Press Release
SP 800-27 Rev. AJune 2004 Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A
SP 800-27 Rev. A FAQ
doi:10.6028/NIST.SP.800-27rA [Direct Link]
SP 800-25October 2000 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-19October 1999 Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-18 Rev. 1February 2006 Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link]
NISTIR 8085 
(Draft)
December 2015 DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication
NISTIR 8074 Vol. 2December 2015 Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 2 FAQ
doi:10.6028/NIST.IR.8074v2 [Direct Link]
NISTIR 8074 Vol. 1December 2015 Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 1 FAQ
doi:10.6028/NIST.IR.8074v1 [Direct Link]
NISTIR 8060April 2016 Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link]
Guideline Summary for NISTIR 8060
Schema Definition for NISTIR 8060
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7981 
(Draft)
March 2014 DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7621 Rev. 1November 2016Small Business Information Security: the Fundamentals
NISTIR 7621 Rev. 1 FAQ
doi:10.6028/NIST.IR.7621r1 [Direct Link]
Press Release
"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7497September 2010 Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link]
NISTIR 7359January 2007 Information Security Guide for Government Executives
NISTIR 7359 FAQ
doi:10.6028/NIST.IR.7359 [Direct Link]
Booklet
NISTIR 7358January 2007 Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358 FAQ
doi:10.6028/NIST.IR.7358 [Direct Link]
NISTIR 7316September 2006 Assessment of Access Control Systems
NISTIR 7316 FAQ
doi:10.6028/NIST.IR.7316 [Direct Link]
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
NISTIR 6985April 2003 COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP) Version 1.0
NISTIR 6985 FAQ
doi:10.6028/nist.ir.6985 [Direct Link]
NISTIR 6981April 2003 Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link]
NISTIR 6887 2003 EditionJuly 16, 2003 Government Smart Card Interoperability Specification, Version 2.1
NISTIR 6887 FAQ
doi:10.6028/NIST.IR.6887e2003 [Direct Link]
NISTIR 6462December 1999 CSPP - Guidance for COTS Security Protection Profiles (Formerly: CS2 - Protection Profile Guidance for Near-Term COTS) Version 1.0
NISTIR 6462
ITL BulletinMarch 2017Fundamentals of Small Business Information Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinDecember 2016Rethinking Security Through Systems Security Engineering
ITL BulletinJuly 2016Improving Security and Software Management Through the Use of SWID Tags
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinDecember 2015Stopping Malware and Unauthorized Software through Application Whitelisting
ITL BulletinJune 2015Increasing Visibility and Control of Your ICT Supply Chains
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinMarch 2015Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinMay 2014Small and Medium-Size Business Information Security Outreach Program
ITL BulletinFebruary 2014Framework for Improving Critical Infrastructure Cybersecurity
ITL BulletinOctober 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL BulletinJuly 2007Border Gateway Protocol (BGP) Security
ITL BulletinMay 2007Securing Radio Frequency Identification (RFID) Systems
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
ITL BulletinNovember 2006Guide to Securing Computers Using Windows XP Home Edition
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL BulletinFebruary 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL BulletinJanuary 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL BulletinJanuary 2005Integrating IT Security into the Capital Planning and Investment Control Process
ITL BulletinNovember 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL BulletinJune 2004Information Technology Security Services: How to Select, Implement, and Manage
ITL BulletinApril 2004Selecting Information Technology Security Products
ITL BulletinMarch 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
ITL BulletinFebruary 2003Secure Interconnections for Information Technology Systems
Whitepaper 
(Draft)
March 20, 2017DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication
Back to Top
Privacy
NumberDateTitle
SP 800-188 
(Draft)
December 2016DRAFT De-Identifying Government Datasets (2nd Draft)
Announcement and Draft Publication
SP 800-177September 2016Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link]
High Assurance Domains project
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-122April 2010 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link]
SP 800-122 (EPUB) FAQ
SP 800-63AJune 2017Digital Identity Guidelines: Enrollment and Identity Proofing
SP 800-63A FAQ
doi:10.6028/NIST.SP.800-63a [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-63-3June 2017Digital Identity Guidelines
SP 800-63-3 FAQ
doi:10.6028/NIST.SP.800-63-3 [Direct Link]
FAQ
SP 800-63-3 (GitHub)
SP 800-53A Rev. 4December 2014 (Updated 12/18/2014)Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
Word version of SP 800-53A Rev. 4 (12-18-2014)
XML file for SP 800-53A Rev. 4 (06-16-2015)
Press Release
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
SP 1800-2 
(Draft)
August 2015 DRAFT Identity and Access Management for Electric Utilities
Announcement and Draft Publication
NISTIR 8062January 2017An Introduction to Privacy Engineering and Risk Management in Federal Systems
NISTIR 8062 FAQ
doi:10.6028/NIST.IR.8062 [Direct Link]
"Making Privacy Concrete (three words not usually found together)" (blog post)
NISTIR 8054April 2015 (Updated 9/20/2015)NSTIC Pilots: Catalyzing the Identity Ecosystem
NISTIR 8054 (including updates as of 09-20-2015) FAQ
doi:10.6028/NIST.IR.8054 [Direct Link]
NISTIR 8053October 2015 De-Identification of Personal Information
NISTIR 8053 FAQ
doi:10.6028/NIST.IR.8053 [Direct Link]
NISTIR 8050 
(Draft)
April 2, 2015 DRAFT Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy: Summary and Next Steps
Announcement and Draft Publication
NISTIR 7628 Rev. 1September 2014 Guidelines for Smart Grid Cybersecurity
NISTIR 7628 Rev. 1, (Volumes 1-3) FAQ
doi:10.6028/NIST.IR.7628r1 [Direct Link]
NIST Project: Cybersecurity for Smart Grid Systems
ITL BulletinAugust 2017Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines
ITL BulletinApril 2017Building the Bridge Between Privacy and Cybersecurity for Federal Systems
ITL BulletinOctober 2016Making Email Trustworthy
ITL BulletinJanuary 2015Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL BulletinMay 2013ITL Publishes Security And Privacy Controls For Federal Agencies
ITL BulletinMarch 2012Guidelines for Improving Security and Privacy in Public Cloud Computing
ITL BulletinNovember 2010The Exchange of Health Information: Designing a Security Architecture to Provide Information Security and Privacy
Building-BlockMarch 4, 2016[Project Description] Domain Name System-Based Security for Electronic Mail
Project Description
Project homepage
Journal-ArticleJanuary-February 2016Learning Internet of Things Security "Hands-On"
Preprint FAQ
doi:10.1109/MSP.2016.4 [Direct Link]
Back to Top
Public Safety
NumberDateTitle
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8136January 2017An Overview of Mobile Application Vetting Services for Public Safety
NISTIR 8136 FAQ
doi:10.6028/NIST.IR.8136 [Direct Link]
NISTIR 8135May 2016 Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report
NISTIR 8135 FAQ
doi:10.6028/NIST.IR.8135 [Direct Link]
NISTIR 8080July 2016Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link]
NISTIR 8018January 2015 Public Safety Mobile Application Security Requirements Workshop Summary
NISTIR 8018 FAQ
doi:10.6028/NIST.IR.8018 [Direct Link]
NISTIR 8014March 2015 Considerations for Identity Management in Public Safety Mobile Networks
NISTIR 8014 FAQ
doi:10.6028/NIST.IR.8014 [Direct Link]
Press Release
NISTIR 7601August 2010 Framework for Emergency Response Officials (ERO): Authentication and Authorization Infrastructure
NISTIR 7601 FAQ
doi:10.6028/NIST.IR.7601 [Direct Link]
ITL BulletinMay 2015Authentication Considerations for Public Safety Mobile Networks
Whitepaper 
(Draft)
September 2016DRAFT [Project Description] Authentication for Law Enforcement Vehicle Systems
Announcement and Draft Publication
WhitepaperNovember 2016[Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders
Project Description (Final)
Project Homepage
Back to Top
Research
NumberDateTitle
SP 800-192June 2017Verification and Test Methods for Access Control Policies/Models
SP 800-192 FAQ
doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-183July 2016Networks of 'Things'
SP 800-183 FAQ
doi:10.6028/NIST.SP.800-183 [Direct Link]
Press Release
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-178October 2016A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
SP 800-178 FAQ
doi:10.6028/NIST.SP.800-178 [Direct Link]
SP 800-162January 2014 Guide to Attribute Based Access Control (ABAC) Definition and Considerations
SP 800-162 FAQ
doi:10.6028/NIST.SP.800-162 [Direct Link]
SP 800-162 (EPUB) FAQ
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-142October 2010 Practical Combinatorial Testing
SP 800-142 FAQ
doi:10.6028/NIST.SP.800-142 [Direct Link]
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-95August 2007 Guide to Secure Web Services
SP 800-95 FAQ
doi:10.6028/NIST.SP.800-95 [Direct Link]
NISTIR 8139 
(Draft)
February 2017DRAFT Identifying Uniformity with Entropy and Divergence
Announcement and Draft Publication
NISTIR 8114March 2017Report on Lightweight Cryptography
NISTIR 8114 FAQ
doi:10.6028/NIST.IR.8114 [Direct Link]
Comments received on Draft (Aug. 2016)
NISTIR 8105April 2016 Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link]
Press Release
Comments received on Draft NISTIR 8105
NISTIR 8080July 2016Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link]
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8041April 2015 Proceedings of the Cybersecurity for Direct Digital Manufacturing (DDM) Symposium
NISTIR 8041 FAQ
doi:10.6028/NIST.IR.8041 [Direct Link]
NISTIR 8040April 2016 Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
NISTIR 8040 FAQ
doi:10.6028/NIST.IR.8040 [Direct Link]
NISTIR 7904December 2015 Trusted Geolocation in the Cloud: Proof of Concept Implementation
NISTIR 7904 FAQ
doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7773November 2010 An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events
NISTIR 7773 FAQ
doi:10.6028/NIST.IR.7773 [Direct Link]
NISTIR 7771February 2011 Conformance Test Architecture for Biometric Data Interchange Formats - Version Beta 2.0
NISTIR 7771 FAQ
doi:10.6028/NIST.IR.7771 [Direct Link]
NISTIR 7658February 2010 Guide to SIMfill Use and Development
NISTIR 7658 FAQ
doi:10.6028/NIST.IR.7658 [Direct Link]
NISTIR 7617October 2009 Mobile Forensic Reference Materials: a Methodology and Reification
NISTIR 7617 FAQ
doi:10.6028/NIST.IR.7617 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7564April 2009 Directions in Security Metrics Research
NISTIR 7564 FAQ
doi:10.6028/NIST.IR.7564 [Direct Link]
NISTIR 7559June 2010 Forensics Web Services (FWS)
NISTIR 7559 FAQ
doi:10.6028/NIST.IR.7559 [Direct Link]
NISTIR 7539December 2009 Symmetric Key Injection onto Smart Cards
NISTIR 7539 FAQ
doi:10.6028/NIST.IR.7539 [Direct Link]
NISTIR 7516August 2008 Forensic Filtering of Cell Phone Protocols
NISTIR 7516 FAQ
doi:10.6028/NIST.IR.7516 [Direct Link]
NISTIR 7497September 2010 Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link]
NISTIR 7427September 2007 6th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427 FAQ
doi:10.6028/NIST.IR.7427 [Direct Link]
NISTIR 7387March 2007 Cell Phone Forensic Tools: an Overview and Analysis Update
NISTIR 7387 FAQ
doi:10.6028/NIST.IR.7387 [Direct Link]
NISTIR 7313July 2006 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link]
NISTIR 7224August 2005 4th Annual PKI R&D Workshop "Multiple Paths to Trust" Proceedings
NISTIR 7224 FAQ
doi:10.6028/NIST.IR.7224 [Direct Link]
NISTIR 7200June 2005 Proximity Beacons and Mobile Device Authentication: an Overview and Implementation
NISTIR 7200 FAQ
doi:10.6028/NIST.IR.7200 [Direct Link]
NISTIR 7056March 2004 Card Technology Developments and Gap Analysis Interagency Report
NISTIR 7056 FAQ
doi:10.6028/NIST.IR.7056 [Direct Link]
NISTIR 7007July 11, 2003 An Overview of Issues in Testing Intrusion Detection Systems
NISTIR 7007 FAQ
doi:10.6028/NIST.IR.7007 [Direct Link]
NISTIR 6977May 2003 Vulnerabilities in Quantum Key Distribution Protocols
NISTIR 6977
ITL BulletinJune 2017Toward Standardizing Lightweight Cryptography
ITL BulletinNovember 2016Exploring the Next Generation of Access Control Methodologies
ITL BulletinSeptember 2016Demystifying the Internet of Things
ITL BulletinMay 2016Combinatorial Testing for Cybersecurity and Reliability
ITL BulletinFebruary 2016Implementing Trusted Geolocation Services in the Cloud
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinMarch 2014Attribute Based Access Control (ABAC) Definition and Considerations
ITL BulletinJune 2007Forensic Techniques for Cell Phones
Conference-ProceedingsJanuary 4-6, 2016A Probabilistic Network Forensics Model for Evidence Analysis
Preprint FAQ
doi:10.1007/978-3-319-46279-0_10 [Direct Link]
Conference-ProceedingsApril 11-15, 2016Pseudo-Exhaustive Testing of Attribute Based Access Control Rules
Preprint FAQ
doi:10.1109/ICSTW.2016.35 [Direct Link]
Back to Top
Risk Assessment
NumberDateTitle
FIPS 199February 2004 Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160November 2016Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link]
"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-154 
(Draft)
March 2016 DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication
SP 800-153February 2012 Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link]
Press Release (Mar. 6, 2012)
SP 800-150October 2016Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-128August 2011 Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125January 2011 Guide to Security for Full Virtualization Technologies
SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link]
Press Release
SP 800-122April 2010 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link]
SP 800-122 (EPUB) FAQ
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-115September 2008 Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link]
SP 800-115 (EPUB) FAQ
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-84September 2006 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link]
SP 800-84 (EPUB) FAQ
SP 800-82 Rev. 2May 2015 Guide to Industrial Control Systems (ICS) Security
SP 800-82 Revision 2 FAQ
doi:10.6028/NIST.SP.800-82r2 [Direct Link]
Press Release
SP 800-61 Rev. 2August 2012 Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
Press Release
SP 800-60 Vol. 2 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
SP 800-60 Vol. 2, Rev. 1: Appendices FAQ
doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-60 Vol. 1 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-47August 2002 Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link]
SP 800-40 Rev. 3July 2013 Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
Press Release
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-37 Rev. 1February 2010 (Updated 6/5/2014)Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
SP 800-30 Rev. 1September 2012 Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link]
SP 800-30 Rev. 1 (EPUB) FAQ
Press Release
SP 800-28 Version 2March 2008 Guidelines on Active Content and Mobile Code
SP 800-28 Version 2 FAQ
doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-23August 2000 Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-23 FAQ
doi:10.6028/NIST.SP.800-23 [Direct Link]
SP 800-19October 1999 Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 1800-5 
(Draft)
October 2015 DRAFT IT Asset Management: Financial Services
Announcement and Draft Publication
SP 1800-2 
(Draft)
August 2015 DRAFT Identity and Access Management for Electric Utilities
Announcement and Draft Publication
SP 1800-1 
(Draft)
July 2015 DRAFT Securing Electronic Health Records on Mobile Devices
Announcement and Draft Publication
NISTIR 8170 
(Draft)
May 2017DRAFT The Cybersecurity Framework: Implementation Guidance for Federal Agencies
Announcement and Draft Publication
NISTIR 8144 
(Draft)
September 2016DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue
Announcement and Draft Publication
NISTIR 8136January 2017An Overview of Mobile Application Vetting Services for Public Safety
NISTIR 8136 FAQ
doi:10.6028/NIST.IR.8136 [Direct Link]
NISTIR 8135May 2016 Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report
NISTIR 8135 FAQ
doi:10.6028/NIST.IR.8135 [Direct Link]
NISTIR 8062January 2017An Introduction to Privacy Engineering and Risk Management in Federal Systems
NISTIR 8062 FAQ
doi:10.6028/NIST.IR.8062 [Direct Link]
"Making Privacy Concrete (three words not usually found together)" (blog post)
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 8018January 2015 Public Safety Mobile Application Security Requirements Workshop Summary
NISTIR 8018 FAQ
doi:10.6028/NIST.IR.8018 [Direct Link]
NISTIR 8011 Vol. 2June 2017Automation Support for Security Control Assessments: Hardware Asset Management
NISTIR 8011 Vol. 2 FAQ
doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1June 2017Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7864July 2012 The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities
NISTIR 7864 FAQ
doi:10.6028/NIST.IR.7864 [Direct Link]
Press Release
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7692April 2011 Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link]
NISTIR 7628 Rev. 1September 2014 Guidelines for Smart Grid Cybersecurity
NISTIR 7628 Rev. 1, (Volumes 1-3) FAQ
doi:10.6028/NIST.IR.7628r1 [Direct Link]
NIST Project: Cybersecurity for Smart Grid Systems
NISTIR 7564April 2009 Directions in Security Metrics Research
NISTIR 7564 FAQ
doi:10.6028/NIST.IR.7564 [Direct Link]
NISTIR 7551December 2008 A Threat Analysis on UOCAVA Voting Systems
NISTIR 7551 FAQ
doi:10.6028/NIST.IR.7551 [Direct Link]
NISTIR 7502December 2010 The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
NISTIR 7502 FAQ
doi:10.6028/NIST.IR.7502 [Direct Link]
NISTIR 7497September 2010 Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link]
NISTIR 7316September 2006 Assessment of Access Control Systems
NISTIR 7316 FAQ
doi:10.6028/NIST.IR.7316 [Direct Link]
NISTIR 6981April 2003 Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link]
ITL BulletinMay 2017Cyber-Threat Intelligence and Information Sharing
ITL BulletinApril 2017Building the Bridge Between Privacy and Cybersecurity for Federal Systems
ITL BulletinDecember 2016Rethinking Security Through Systems Security Engineering
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinDecember 2015Stopping Malware and Unauthorized Software through Application Whitelisting
ITL BulletinNovember 2015Tailoring Security Controls for Industrial Control Systems
ITL BulletinJune 2015Increasing Visibility and Control of Your ICT Supply Chains
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinSeptember 2014Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity
ITL BulletinFebruary 2014Framework for Improving Critical Infrastructure Cybersecurity
ITL BulletinAugust 2013ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL BulletinAugust 2011Protecting Industrial Control Systems – Key Components of Our Nation's Critical Infrastructures
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinFebruary 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL BulletinNovember 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL BulletinMarch 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
ITL BulletinFebruary 2003Secure Interconnections for Information Technology Systems
Whitepaper 
(Draft)
March 20, 2017DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication
Whitepaper6/3/2014Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management
Paper
Journal-ArticleMarch-April 2016Using a Capability Oriented Methodology to Build Your Cloud Ecosystem
Preprint FAQ
doi:10.1109/MCC.2016.38 [Direct Link]
Back to Top
Security Automation
NumberDateTitle
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-163January 2015 Vetting the Security of Mobile Applications
SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link]
Press Release
SP 800-150October 2016Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-128August 2011 Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-70 Rev. 4 
(Draft)
August 2017DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Announcement and Draft Publication
SP 800-70 Rev. 3November 2015 (Updated 12/8/2016)National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-70r3 [Direct Link]
National Checklist Program
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 8176 
(Draft)
August 2017DRAFT Security Assurance Challenges for Container Deployment
Announcement and Draft Publication
NISTIR 8139 
(Draft)
February 2017DRAFT Identifying Uniformity with Entropy and Divergence
Announcement and Draft Publication
NISTIR 8138 
(Draft)
September 2016DRAFT Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities
Announcement and Draft Publication
NISTIR 8085 
(Draft)
December 2015 DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication
NISTIR 8060April 2016 Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link]
Guideline Summary for NISTIR 8060
Schema Definition for NISTIR 8060
NISTIR 8058 
(Draft)
May 1, 2015 DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content
Announcement and Draft Publication
NISTIR 8011 Vol. 2June 2017Automation Support for Security Control Assessments: Hardware Asset Management
NISTIR 8011 Vol. 2 FAQ
doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1June 2017Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7987 Rev. 1October 2015 Policy Machine: Features, Architecture, and Specification
NISTIR 7987 Revision 1 FAQ
doi:10.6028/NIST.IR.7987r1 [Direct Link]
NISTIR 7946April 2014 CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link]
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7802September 2011 Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7698August 2011 Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698 FAQ
doi:10.6028/NIST.IR.7698 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7697August 2011 Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697 FAQ
doi:10.6028/NIST.IR.7697 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7696August 2011 Common Platform Enumeration: Name Matching Specification Version 2.3
NISTIR 7696 FAQ
doi:10.6028/NIST.IR.7696 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7695August 2011 Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695 FAQ
doi:10.6028/NIST.IR.7695 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7694June 2011 Specification for Asset Reporting Format 1.1
NISTIR 7694 FAQ
doi:10.6028/NIST.IR.7694 [Direct Link]
NISTIR 7693June 2011 Specification for Asset Identification 1.1
NISTIR 7693 FAQ
doi:10.6028/NIST.IR.7693 [Direct Link]
NISTIR 7692April 2011 Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link]
NISTIR 7511 Rev. 4January 2016 Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
NISTIR 7511 Rev. 4 FAQ
doi:10.6028/NIST.IR.7511r4 [Direct Link]
NISTIR 7502December 2010 The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
NISTIR 7502 FAQ
doi:10.6028/NIST.IR.7502 [Direct Link]
NISTIR 7435August 2007 The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems
NISTIR 7435 FAQ
doi:10.6028/NIST.IR.7435 [Direct Link]
NISTIR 7275 Rev. 4March 2012Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4
NISTIR 7275 Rev. 4 (markup)
NISTIR 7275 Rev. 3January 2008 Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3 FAQ
doi:10.6028/NIST.IR.7275r3 [Direct Link]
NISTIR 7275January 2006 Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1
NISTIR 7275 FAQ
doi:10.6028/NIST.IR.7275 [Direct Link]
NISTIR 7188January 2005 Specification for the Extensible Configuration Checklist Description Format (XCCDF)
NISTIR 7188 FAQ
doi:10.6028/NIST.IR.7188 [Direct Link]
ITL BulletinMay 2017Cyber-Threat Intelligence and Information Sharing
ITL BulletinJuly 2016Improving Security and Software Management Through the Use of SWID Tags
ITL BulletinDecember 2013The National Vulnerability Database (NVD): Overview
ITL BulletinMarch 2016Updates to the NIST SCAP Validation Program and Associated Test Requirements
ITL BulletinMarch 2015Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL BulletinAugust 2014Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment
ITL BulletinJuly 2014Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL BulletinApril 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
ITL BulletinJanuary 2012Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)
ITL BulletinSeptember 2011Managing the Configuration of Information Systems with a Focus on Security
ITL BulletinMay 2011Using Security Configuration Checklists and the National Checklist Program
Using Security Configuration Checklists and the National Checklist Program
ITL BulletinSeptember 2010Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of Their Information Systems
ITL BulletinNovember 2009Cybersecurity Fundamentals for Small Business Owners
ITL BulletinFebruary 2008Federal Desktop Core Configuration (FDCC): Improving Security for Windows Desktop Operating Systems
Back to Top
Services & Acquisitions
NumberDateTitle
FIPS 201-2August 2013 Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
Revised Draft (July 2012)
Draft FIPS 201-2 (March 2011)
FIPS 140-2May 25, 2001 (Change Notice 2, 12/3/2002)Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link]
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Comments on FIPS 140-1 (Oct. 1998)
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-124 Rev. 1June 2013 Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
Press Release
SP 800-121 Rev. 2May 2017Guide to Bluetooth Security
SP 800-121 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-115September 2008 Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link]
SP 800-115 (EPUB) FAQ
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-97February 2007 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP 800-97 FAQ
doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-85A-4April 2016 PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
SP 800-85A-4 FAQ
doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 
(Draft)
August 2014 DRAFT PIV Data Model Test Guidelines
Announcement and Draft Publication
SP 800-85BJuly 2006 PIV Data Model Test Guidelines
SP 800-85B FAQ
doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-79-2July 2015 Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
SP 800-79-2 FAQ
doi:10.6028/NIST.SP.800-79-2 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-73-4May 2015 (Updated 2/8/2016)Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
SP 800-66 Rev. 1October 2008 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-65January 2005 Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65 FAQ
doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-58January 2005 Security Considerations for Voice Over IP Systems
SP 800-58 FAQ
doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-53 Rev. 5 
(Draft)
August 2017DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-36October 2003 Guide to Selecting Information Technology Security Products
SP 800-36 FAQ
doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-35October 2003 Guide to Information Technology Security Services
SP 800-35 FAQ
doi:10.6028/NIST.SP.800-35 [Direct Link]
SP 800-25October 2000 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-15January 1998 MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link]
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7622October 2012 Notional Supply Chain Risk Management Practices for Federal Information Systems
NISTIR 7622 FAQ
doi:10.6028/NIST.IR.7622 [Direct Link]
Press Release
NISTIR 7511 Rev. 4January 2016 Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
NISTIR 7511 Rev. 4 FAQ
doi:10.6028/NIST.IR.7511r4 [Direct Link]
NISTIR 7497September 2010 Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link]
NISTIR 7387March 2007 Cell Phone Forensic Tools: an Overview and Analysis Update
NISTIR 7387 FAQ
doi:10.6028/NIST.IR.7387 [Direct Link]
NISTIR 7313July 2006 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link]
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
NISTIR 7250October 2005 Cell Phone Forensic Tools: an Overview and Analysis
NISTIR 7250 FAQ
doi:10.6028/NIST.IR.7250 [Direct Link]
NISTIR 7100August 2004 PDA Forensic Tools: an Overview and Analysis
NISTIR 7100 FAQ
doi:10.6028/NIST.IR.7100 [Direct Link]
NISTIR 6887 2003 EditionJuly 16, 2003 Government Smart Card Interoperability Specification, Version 2.1
NISTIR 6887 FAQ
doi:10.6028/NIST.IR.6887e2003 [Direct Link]
ITL BulletinJuly 2017Updated NIST Guidance for Bluetooth Security
ITL BulletinMarch 2016Updates to the NIST SCAP Validation Program and Associated Test Requirements
ITL BulletinJune 2015Increasing Visibility and Control of Your ICT Supply Chains
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinOctober 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL BulletinNovember 2012Practices for Managing Supply Chain Risks to Protect Federal Information Systems
ITL BulletinMay 2011Using Security Configuration Checklists and the National Checklist Program
ITL BulletinNovember 2009Cybersecurity Fundamentals for Small Business Owners
ITL BulletinFebruary 2008Federal Desktop Core Configuration (FDCC): Improving Security for Windows Desktop Operating Systems
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinJanuary 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL BulletinJanuary 2005Integrating IT Security into the Capital Planning and Investment Control Process
ITL BulletinOctober 2004Securing Voice Over Internet Protocol (IP) Networks
ITL BulletinJune 2004Information Technology Security Services: How to Select, Implement, and Manage
ITL BulletinApril 2004Selecting Information Technology Security Products
Back to Top
Smart Cards
NumberDateTitle
FIPS 201-2August 2013 Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
Revised Draft (July 2012)
2011 Draft Comments and Dispositions
Draft FIPS 201-2 (March 2011)
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-96September 2006 PIV Card to Reader Interoperability Guidelines
SP 800-96 FAQ
doi:10.6028/NIST.SP.800-96 [Direct Link]
SP 800-85A-4April 2016 PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
SP 800-85A-4 FAQ
doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-73-4May 2015 (Updated 2/8/2016)Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 7849March 2014 A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7676June 2010 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 FAQ
doi:10.6028/NIST.IR.7676 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7539December 2009 Symmetric Key Injection onto Smart Cards
NISTIR 7539 FAQ
doi:10.6028/NIST.IR.7539 [Direct Link]
NISTIR 7452November 2007 Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7313July 2006 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link]
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
NISTIR 7206July 2005 Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link]
NISTIR 7056March 2004 Card Technology Developments and Gap Analysis Interagency Report
NISTIR 7056 FAQ
doi:10.6028/NIST.IR.7056 [Direct Link]
NISTIR 6887 2003 EditionJuly 16, 2003 Government Smart Card Interoperability Specification, Version 2.1
NISTIR 6887 FAQ
doi:10.6028/NIST.IR.6887e2003 [Direct Link]
ITL BulletinAugust 2016NIST Updates Personal Identity Verification (PIV) Guidelines
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL BulletinJanuary 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
Back to Top
Supply Chain
NumberDateTitle
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 7622October 2012 Notional Supply Chain Risk Management Practices for Federal Information Systems
NISTIR 7622 FAQ
doi:10.6028/NIST.IR.7622 [Direct Link]
Press Release
ITL BulletinJune 2015Increasing Visibility and Control of Your ICT Supply Chains
ITL BulletinNovember 2012Practices for Managing Supply Chain Risks to Protect Federal Information Systems
Back to Top
Threats & Vulnerability Management
NumberDateTitle
SP 800-190 
(Draft)
July 2017DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-163January 2015 Vetting the Security of Mobile Applications
SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link]
Press Release
SP 800-154 
(Draft)
March 2016 DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication
SP 800-150October 2016Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-83 Rev. 1July 2013 Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-70 Rev. 4 
(Draft)
August 2017DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Announcement and Draft Publication
SP 800-70 Rev. 3November 2015 (Updated 12/8/2016)National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-70r3 [Direct Link]
National Checklist Program
SP 800-61 Rev. 2August 2012 Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
Press Release
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-46 Rev. 2July 2016Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-28 Version 2March 2008 Guidelines on Active Content and Mobile Code
SP 800-28 Version 2 FAQ
doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-19October 1999 Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link]
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8176 
(Draft)
August 2017DRAFT Security Assurance Challenges for Container Deployment
Announcement and Draft Publication
NISTIR 8151November 2016Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy
NISTIR 8151 FAQ
doi:10.6028/NIST.IR.8151 [Direct Link]
NISTIR 8144 
(Draft)
September 2016DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue
Announcement and Draft Publication
NISTIR 8138 
(Draft)
September 2016DRAFT Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities
Announcement and Draft Publication
NISTIR 8011 Vol. 2June 2017Automation Support for Security Control Assessments: Hardware Asset Management
NISTIR 8011 Vol. 2 FAQ
doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1June 2017Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7946April 2014 CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link]
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7551December 2008 A Threat Analysis on UOCAVA Voting Systems
NISTIR 7551 FAQ
doi:10.6028/NIST.IR.7551 [Direct Link]
NISTIR 7502December 2010 The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
NISTIR 7502 FAQ
doi:10.6028/NIST.IR.7502 [Direct Link]
NISTIR 7435August 2007 The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems
NISTIR 7435 FAQ
doi:10.6028/NIST.IR.7435 [Direct Link]
ITL BulletinMay 2017Cyber-Threat Intelligence and Information Sharing
ITL BulletinJanuary 2017Dramatically Reducing Software Vulnerabilities
ITL BulletinDecember 2015Stopping Malware and Unauthorized Software through Application Whitelisting
ITL BulletinMarch 2015Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinJuly 2014Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL BulletinSeptember 2013ITL Publishes Guidance on Preventing and Handling Malware Incidents
Whitepaper 
(Draft)
March 20, 2017DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication
WhitepaperMay 2016 [Project Description] Data Integrity: Recovering from a destructive malware attack
Project Description
Data Integrity homepage
Journal-ArticleMarch-April 2016Using a Capability Oriented Methodology to Build Your Cloud Ecosystem
Preprint FAQ
doi:10.1109/MCC.2016.38 [Direct Link]
Journal-ArticleJune 2016Metamorphic Testing for Cybersecurity
Preprint FAQ
doi:10.1109/MC.2016.176 [Direct Link]
Article (PubReader)
Conference-ProceedingsJuly 18-21, 2016Diversifying Network Services under Cost Constraints for Better Resilience against Unknown Attacks
Preprint FAQ
doi:10.1007/978-3-319-41483-6_21 [Direct Link]
Conference-ProceedingsJanuary 4-6, 2016A Probabilistic Network Forensics Model for Evidence Analysis
Preprint FAQ
doi:10.1007/978-3-319-46279-0_10 [Direct Link]
Back to Top
Usability
NumberDateTitle
NISTIR 8080July 2016Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link]
NISTIR 8040April 2016 Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
NISTIR 8040 FAQ
doi:10.6028/NIST.IR.8040 [Direct Link]
Journal-ArticleSeptember-October 2016Security Fatigue
Press Release FAQ
doi:10.1109/MITP.2016.84 [Direct Link]
Back to Top
Voting
NumberDateTitle
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 7770February 2011 Security Considerations for Remote Electronic UOCAVA Voting
NISTIR 7770 FAQ
doi:10.6028/NIST.IR.7770 [Direct Link]
NISTIR 7711September 2011 Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters
NISTIR 7711 FAQ
doi:10.6028/NIST.IR.7711 [Direct Link]
NISTIR 7682September 2011 Information System Security Best Practices for UOCAVA-Supporting Systems
NISTIR 7682 FAQ
doi:10.6028/NIST.IR.7682 [Direct Link]
NISTIR 7551December 2008 A Threat Analysis on UOCAVA Voting Systems
NISTIR 7551 FAQ
doi:10.6028/NIST.IR.7551 [Direct Link]