Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Library


Back to Top

Legislation, Directives, and Policies

Public Law 107-347 Section III
Federal Information Security Management Act of 2002

December 2002

Homeland Security Presidential Directive #7
Critical Infrastructure Identification, Prioritization, and Protection

December 2003

OMB Circular A-130, Appendix III
Security of Federal Automated Information Resources

November 2003


Back to Top

Standards and Guidelines

FIPS Publication 199
Standards for Security Categorization of Federal Information and Information Systems

February 2004
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: NIST FISMA Team

FIPS Publication 200
Minimum Security Requirements for Federal Information and Information Systems

March 2006
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: NIST FISMA Team

NIST Special Publication 800-18, Revision 1
Guide for Developing Security Plans for Federal Information Systems

February 2006
Primary Contact: NIST FISMA Team

NIST Special Publication 800-30 Revision 1
Guide for Conducting Risk Assessments

September 2012
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: NIST FISMA Team

Special Publication 800-37, Revision 1
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

February 2010 (updated with Errata June 10, 2014)
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: NIST FISMA Team

Special Publication 800-39
Managing Information Security Risk: Organization, Mission, and Information System View

March 2011
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: NIST FISMA Team

NIST Special Publication 800-53, Revision 4
Security and Privacy Controls for Federal Information Systems and Organizations
April 2013 (updated 1/22/2015)
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: NIST FISMA Team

Database Application for NIST Special Publication 800-53 Revision 4

NIST Special Publication 800-53A Revision 4
Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans

December 2014
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: NIST FISMA Team

NIST Special Publication 800-59
Guideline for Identifying an Information System as a National Security System

August 2003
Primary Contact: NIST FISMA Team

NIST Special Publication 800-60, Revision 1 VOLUME 1 of 2 (document)
Guide for Mapping Types of Information and Information Systems to Security Categories

August 2008
Primary Contact: Kevin Stine, (301) 975-4483
Alternate Contact: NIST FISMA Team

Special Publication 800-60 Revision 1 VOLUME 2 of 2 (Appendices)
Guide for Mapping Types of Information and Information Systems to Security Categories
August 2008
Primary Contact: Kevin Stine, (301) 975-4483
Alternate Contact: NIST FISMA Team

Special Publication 800-137
Information Security Continuous Monitoring for Federal Information Systems and Organizations
September 2011
Primary Contact: NIST FISMA Team


Back to Top

Tutorials and Presentations

Presentations from the NIST Security Seminar on February 1, 2007
   NIST Presentation - (black & white)
   FDIC Presentation

Automated Security Support Tools: The Key to Successful FISMA Implementation

FISMA Phase II Workshop

FISMA Information Security Poster

FISMA Implementation: The Strategy, Challenges, and Roadmap Ahead

Certification and Accreditation Tutorial

FISMA Phase II April 26, 2006 Workshop Summary on Credentialing Program for Security Assessment Service Providers

Presentation from the FISMA Phase II Workshop on Credentialing Program for Security Assessment Service Providers


Back to Top

Papers

Memorandum For Record: Security Controls Assessment Form (SP 800-53A),
[updated 05/24/07]

Managing Enterprise Risk in Today’s World of Sophisticated Threats: A Framework for Developing Broad-Based, Cost-Effective Information Security Programs