Files available¹ to download:

+ ANNUAL REPORTS

* [IR 7111]+2 – Computer Security Division 2003 Annual Report
* [IR 7219]+2 – Computer Security Division 2004 Annual Report
* [IR 7285]+2 – Computer Security Division 2005 Annual Report
* [IR 7399]+2 – Computer Security Division 2006 Annual Report
* [IR 7442]+2 – Computer Security Division 2007 Annual Report
* [IR 7536]+2 – Computer Security Division 2008 Annual Report
* [IR 7653]+2 – Computer Security Division 2009 Annual Report
* [IR 7751]+2 – Computer Security Division 2010 Annual Report
* [IR 7816]+2 – Computer Security Division 2011 Annual Report
* [SP 800-165]+1 – Computer Security Division 2012 Annual Report
* [SP 800-170]+1 – Computer Security Division 2013 Annual Report
* [SP 800-176]+1 – Computer Security Division 2014 Annual Report
* [SP 800-182]+1 – Computer Security Division 2015 Annual Report
* [SP 800-195]+1 – NIST-ITL Cybersecurity Program Annual Report
* [SP 800-203] – NIST-ITL Cybersecurity Program Annual Report

+ AUDIT & ACCOUNTABILITY

* [August 2003]+3 – IT Security Metrics
* [August 2005]+7 – Implementation Of FIPS 201, Personal Identity Verification (PIV) Of Federal Employees And Contractors
* [FIPS 140]+142 – Security Requirements for Cryptographic Modules
* [FIPS 191] – Guideline for The Analysis of Local Area Network Security
* [FIPS 198]+5 – The Keyed-Hash Message Authentication Code (HMAC)
* [FIPS 199]+6 – Standards for Security Categorization of Federal Information and Information Systems
* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [February 2000]+11 – Guideline for Implementing Cryptography in the Federal Government – ITL Bulletin
* [January 2002]+4 – Guidelines on Firewalls and Firewall Policy – ITL Security Bulletin
* [January 2006]+2 – Testing And Validation Of Personal Identity Verification (PIV) Components And Subsystems For Conformance To Federal Information Processing Standard 201
* [January 2007]+4 – Security Controls For Information Systems: Revised Guidelines Issued By NIST - ITL Security Bulletin
* [June 2003]+21 – ASSET: Security Assessment Tool For Federal Agencies
* [March 2004]+11 – Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information And Information Systems – ITL Bulletin
* [March 2006]+18 – Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce – ITL Security Bulletin
* [May 2005] – Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process – ITL Bulletin
* [IR 6981]+1 – Policy Expression and Enforcement for Handheld Devices
* [IR 7275]+8 – Specification for the Extensible Configuration Checklist Description Format (XCCDF)
* [IR 7284]+1 – Personal Identity Verification Card Management Report
* [IR 7316]+2 – Assessment of Access Control Systems
* [IR 7358]+2 – Program Review for Information Security Management Assistance (PRISMA)
* [November 2004]+3 – Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government – ITL Security Bulletin
* [October 2006]+2 – Log Management: Using Computer And Network Records To Improve Information Security - ITL Security Bulletin
* [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
* [SP 800-115]+4 – Technical Guide to Information Security Testing and Assessment
* [SP 800-12]+19 – An Introduction to Computer Security: The NIST Handbook
* [SP 800-123]+5 – Guide to General Server Security
* [SP 800-14]+6 – Generally Accepted Principles and Practices for Securing Information Technology Systems
* [SP 800-16]+12 – Information Technology Security Training Requirements: A Role- and Performance-Based Model
* [SP 800-18r1]+7 – Guide for Developing Security Plans for Information Systems
* [SP 800-19]+2 – Mobile Agent Security
* [SP 800-30]+7 – Risk Management Guide for Information Technology Systems
* [SP 800-37]+20 – Guide for Security Certification and Accreditation of Federal Information Systems
* [SP 800-41]+2 – Guidelines on Firewalls and Firewall Policy
* [SP 800-44]+2 – Guidelines on Securing Public Web Servers
* [SP 800-45]+2 – Guidelines on Electronic Mail Security
* [SP 800-49]+1 – Federal S/MIME V3 Client Profile
* [SP 800-50]+2 – Building an Information Technology Security Awareness and Training Program
* [SP 800-52]+7 – Guidelines on the Selection and Use of Transport Layer Security
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-53A]+25 – Guide for Assessing the Security Controls in Federal Information Systems
* [SP 800-55]+2 – Security Metrics Guide for Information Technology Systems
* [SP 800-55r1]+2 – Performance Measurement Guide for Information Security
* [SP 800-57]+25 – Recommendation on Key Management
* [SP 800-66r1]+2 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule
* [SP 800-68r1]+2 – Guide to Securing Microsoft Windows XP Systems for IT Professionals
* [SP 800-68 Rev. 1]+2 – Guide to Securing Microsoft Windows XP Systems for IT Professionals
* [SP 800-72]+1 – Guidelines on PDA Forensics
* [SP 800-83]+2 – Guide to Malware Incident Prevention and Handling
* [SP 800-86]+2 – Guide to Integrating Forensic Techniques into Incident Response
* [SP 800-89]+1 – Recommendation for Obtaining Assurances for Digital Signature Applications
* [SP 800-92]+4 – Guide to Computer Security Log Management
* [SP 800-94]+5 – Guide to Intrusion Detection and Prevention Systems (IDPS)
* [September 2001] – Security Self-Assessment Guide for Information Technology Systems – ITL Bulletin

+ AUTHENTICATION

* [April 2007]+1 – Securing Wireless Networks – ITL Bulletin
* [August 2004]+2 – Electronic Authentication: Guidance For Selecting Secure Techniques
* [FIPS 180]+15 – Secure Hash Standard (SHS)
* [FIPS 181] – Automated Password Generator
* [FIPS 186]+14 – Digital Signature Standard (DSS)
* [FIPS 190] – Guideline for the Use of Advanced Authentication Technology Alternatives
* [FIPS 196]+1 – Entity Authentication Using Public Key Cryptography
* [FIPS 198]+5 – The Keyed-Hash Message Authentication Code (HMAC)
* [February 2007]+11 – Intrusion Detection And Prevention Systems – ITL Bulletin
* [July 2005]+2 – Protecting Sensitive Information That Is Transmitted Across Networks: NIST Guidance For Selecting And Using Transport Layer Security Implementations – ITL Security Bulletin
* [March 2001]+5 – An Introduction to IPsec (Internet Protocol Security)
* [March 2003]+24 – Security For Wireless Networks And Devices
* [May 2001]+3 – Biometrics - Technologies for Highly Secure Personal Authentication
* [May 2006]+4 – An Update On Cryptographic Standards, Guidelines, And Testing Requirements – ITL Bulletin
* [IR 7030]+1 – Picture Password: A Visual Login Technique for Mobile Devices
* [IR 7046]+1 – Framework for Multi-Mode Authentication: Overview and Implementation Guide
* [IR 7200]+1 – Proximity Beacons and Mobile Handheld Devices: Overview and Implementation
* [IR 7206]+1 – Smart Cards and Mobile Device Authentication: An Overview and Implementation
* [IR 7290]+1 – Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
* [IR 7452]+1 – Secure Biometric Match-on-Card Feasibility Report
* [SP 800-104] – A Scheme for PIV Visual Card Topography
* [SP 800-113]+2 – Guide to SSL VPNs
* [SP 800-114]+3 – User's Guide to Securing External Devices for Telework and Remote Access
* [SP 800-116]+5 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
* [SP 800-121]+7 – Guide to Bluetooth Security
* [SP 800-124]+5 – Guidelines on Cell Phone and PDA Security
* [SP 800-17]+5 – Modes of Operation Validation System (MOVS): Requirements and Procedures
* [SP 800-21r2]+2 – Guideline for Implementing Cryptography in the Federal Government
* [SP 800-25]+2 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
* [SP 800-32]+1 – Introduction to Public Key Technology and the Federal PKI Infrastructure
* [SP 800-38A]+4 – Recommendation for Block Cipher Modes of Operation - Methods and Techniques
* [SP 800-38B]+3 – Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode
* [SP 800-38C]+4 – Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
* [SP 800-38D]+3 – Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-57]+25 – Recommendation on Key Management
* [SP 800-63r1]+13 – Electronic Authentication Guideline
* [SP 800-73]+21 – Interfaces for Personal Identity Verification
* [SP 800-78]+6 – Cryptographic Algorithms and Key Sizes for Personal Identity Verification
* [SP 800-89]+1 – Recommendation for Obtaining Assurances for Digital Signature Applications
* [September 2005]+13 – Biometric Technologies: Helping To Protect Information And Automated Transactions In Information Technology Systems

+ AWARENESS & TRAINING

* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [IR 7284]+1 – Personal Identity Verification Card Management Report
* [IR 7359]+1 – Information Security Guide For Government Executives
* [November 2002]+2 – Security For Telecommuting And Broadband Communications
* [November 2006]+2 – Guide To Securing Computers Using Windows XP Home Edition – ITL Bulletin
* [October 2003]+6 – Information Technology Security Awareness, Training, Education, and Certification
* [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
* [SP 800-12]+19 – An Introduction to Computer Security: The NIST Handbook
* [SP 800-14]+6 – Generally Accepted Principles and Practices for Securing Information Technology Systems
* [SP 800-16]+12 – Information Technology Security Training Requirements: A Role- and Performance-Based Model
* [SP 800-40r2]+3 – Creating a Patch and Vulnerability Management Program
* [SP 800-46r1]+5 – Security for Telecommuting and Broadband Communications
* [SP 800-50]+2 – Building an Information Technology Security Awareness and Training Program
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-66r1]+2 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule

+ BIOMETRICS

* [August 2005]+7 – Implementation Of FIPS 201, Personal Identity Verification (PIV) Of Federal Employees And Contractors
* [FIPS 201]+136 – Personal Identity Verification for Federal Employees and Contractors
* [July 2002]+2 – Overview: The Government Smart Card Interoperability Specification
* [March 2005]+10 – Personal Identity Verification (PIV) Of Federal Employees And Contractors: Federal Information Processing Standard (FIPS) 201
* [May 2001]+3 – Biometrics - Technologies for Highly Secure Personal Authentication
* [IR 6529-A]+1 – Common Biometric Exchange File Format (CBEFF)
* [IR 6887]+1 – Government Smart Card Interoperability Specification (GSC-IS), v2.1
* [IR 7056]+1 – Card Technology Development and Gap Analysis Interagency Report
* [IR 7206]+1 – Smart Cards and Mobile Device Authentication: An Overview and Implementation
* [IR 7284]+1 – Personal Identity Verification Card Management Report
* [IR 7290]+1 – Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
* [IR 7452]+1 – Secure Biometric Match-on-Card Feasibility Report
* [SP 800-116]+5 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
* [SP 800-73]+21 – Interfaces for Personal Identity Verification
* [SP 800-76]+5 – Biometric Data Specification for Personal Identity Verification
* [September 2005]+13 – Biometric Technologies: Helping To Protect Information And Automated Transactions In Information Technology Systems

+ CERTIFICATION & ACCREDITATION (C&A)

* [August 2003]+3 – IT Security Metrics
* [December 2006]+24 – Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs – ITL Bulletin
* [FIPS 191] – Guideline for The Analysis of Local Area Network Security
* [FIPS 199]+6 – Standards for Security Categorization of Federal Information and Information Systems
* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [February 2003]+1 – Secure Interconnections for Information Technology Systems – ITL Bulletin
* [July 2004] – Guide For Mapping Types Of Information And Information Systems To Security Categories – ITL Bulletin
* [June 2003]+21 – ASSET: Security Assessment Tool For Federal Agencies
* [March 2004]+11 – Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information And Information Systems – ITL Bulletin
* [March 2006]+18 – Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce – ITL Security Bulletin
* [May 2004]+1 – Guide For The Security Certification And Accreditation Of Federal Information Systems – ITL Bulletin
* [May 2005] – Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process – ITL Bulletin
* [November 2004]+3 – Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government – ITL Security Bulletin
* [SP 800-115]+4 – Technical Guide to Information Security Testing and Assessment
* [SP 800-18r1]+7 – Guide for Developing Security Plans for Information Systems
* [SP 800-23]+1 – Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
* [SP 800-30]+7 – Risk Management Guide for Information Technology Systems
* [SP 800-34]+10 – Contingency Planning Guide for Information Technology Systems
* [SP 800-37]+20 – Guide for Security Certification and Accreditation of Federal Information Systems
* [SP 800-47]+1 – Security Guide for Interconnecting Information Technology Systems
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-53A]+25 – Guide for Assessing the Security Controls in Federal Information Systems
* [SP 800-55]+2 – Security Metrics Guide for Information Technology Systems
* [SP 800-55r1]+2 – Performance Measurement Guide for Information Security
* [SP 800-59]+1 – Guideline for Identifying an Information System as a National Security System
* [SP 800-60r1]+10 – Guide for Mapping Types of Information and Information Systems to Security Categories
* [SP 800-84]+4 – Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
* [SP 800-88]+2 – Media Sanitization Guide

+ COMMUNICATIONS & WIRELESS

* [April 2006]+2 – Protecting Sensitive Information Transmitted in Public Networks – ITL Security Bulletin
* [April 2007]+1 – Securing Wireless Networks – ITL Bulletin
* [August 2000]+11 – Security for Private Branch Exchange Systems
* [FIPS 140]+142 – Security Requirements for Cryptographic Modules
* [January 2002]+4 – Guidelines on Firewalls and Firewall Policy – ITL Security Bulletin
* [January 2003]+4 – Security Of Electronic Mail
* [July 2007]+5 – Border Gateway Protocol Security – ITL Security Bulletin
* [June 2006]+13 – Domain Name System (DNS) Services: NIST Recommendations For Secure Deployment – ITL Bulletin
* [June 2007]+18 – Forensic Techniques for Cell Phones – ITL Bulletin
* [March 2001]+5 – An Introduction to IPsec (Internet Protocol Security)
* [March 2003]+24 – Security For Wireless Networks And Devices
* [March 2007]+16 – Improving The Security Of Electronic Mail: Updated Guidelines Issued By NIST – ITL Security Bulletin
* [May 2007]+3 – Securing Radio Frequency Identification (RFID) Systems – ITL Security Bulletin
* [IR 7046]+1 – Framework for Multi-Mode Authentication: Overview and Implementation Guide
* [IR 7206]+1 – Smart Cards and Mobile Device Authentication: An Overview and Implementation
* [IR 7387]+1 – Cell Phone Forensic Tools: An Overview and Analysis Update
* [IR 7452]+1 – Secure Biometric Match-on-Card Feasibility Report
* [November 2002]+2 – Security For Telecommuting And Broadband Communications
* [October 2004]+1 – Securing Voice Over Internet Protocol (IP) Networks – ITL Bulletin
* [SP 800-101]+2 – Guidelines on Cell Phone Forensics
* [SP 800-113]+2 – Guide to SSL VPNs
* [SP 800-114]+3 – User's Guide to Securing External Devices for Telework and Remote Access
* [SP 800-115]+4 – Technical Guide to Information Security Testing and Assessment
* [SP 800-121]+7 – Guide to Bluetooth Security
* [SP 800-124]+5 – Guidelines on Cell Phone and PDA Security
* [SP 800-24]+1 – PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
* [SP 800-41]+2 – Guidelines on Firewalls and Firewall Policy
* [SP 800-45r2]+2 – Guidelines on Electronic Mail Security
* [SP 800-46r1]+5 – Security for Telecommuting and Broadband Communications
* [SP 800-48r1]+2 – Guide to Securing Legacy IEEE 802.11 Wireless Networks
* [SP 800-52]+7 – Guidelines on the Selection and Use of Transport Layer Security
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-54]+1 – Border Gateway Protocol Security
* [SP 800-58]+1 – Security Considerations for Voice Over IP Systems
* [SP 800-77]+2 – Guide to IPSec VPNs
* [SP 800-81]+3 – Secure Domain Name System (DNS) Deployment Guide
* [SP 800-82]+3 – Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security
* [SP 800-98]+2 – Guidelines for Securing Radio Frequency Identification (RFID) Systems

+ CONTINGENCY PLANNING

* [April 2002]+1 – Techniques for System and Data Recovery
* [December 2006]+24 – Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs – ITL Bulletin
* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [January 2004]+1 – Computer Security Incidents: Assessing, Managing, And Controlling The Risks – ITL Bulletin
* [June 2002]+15 – Contingency Planning Guide For Information Technology Systems
* [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
* [SP 800-12]+19 – An Introduction to Computer Security: The NIST Handbook
* [SP 800-13]+5 – Telecommunications Security Guidelines for Telecommunications Management Network
* [SP 800-14]+6 – Generally Accepted Principles and Practices for Securing Information Technology Systems
* [SP 800-21r2]+2 – Guideline for Implementing Cryptography in the Federal Government
* [SP 800-24]+1 – PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
* [SP 800-25]+2 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
* [SP 800-34]+10 – Contingency Planning Guide for Information Technology Systems
* [SP 800-41]+2 – Guidelines on Firewalls and Firewall Policy
* [SP 800-43] – Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System
* [SP 800-44]+2 – Guidelines on Securing Public Web Servers
* [SP 800-45]+2 – Guidelines on Electronic Mail Security
* [SP 800-46r1]+5 – Security for Telecommuting and Broadband Communications
* [SP 800-50]+2 – Building an Information Technology Security Awareness and Training Program
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-57]+25 – Recommendation on Key Management
* [SP 800-66r1]+2 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule
* [SP 800-81]+3 – Secure Domain Name System (DNS) Deployment Guide
* [SP 800-83]+2 – Guide to Malware Incident Prevention and Handling
* [SP 800-84]+4 – Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
* [SP 800-86]+2 – Guide to Integrating Forensic Techniques into Incident Response

+ CRYPTOGRAPHY

* [December 2000]+14 – A Statistical Test Suite For Random And Pseudorandom Number Generators For Cryptographic Applications
* [FIPS 140]+142 – Security Requirements for Cryptographic Modules
* [FIPS 180]+15 – Secure Hash Standard (SHS)
* [FIPS 181] – Automated Password Generator
* [FIPS 185]+1 – Escrowed Encryption Standard
* [FIPS 186]+14 – Digital Signature Standard (DSS)
* [FIPS 190] – Guideline for the Use of Advanced Authentication Technology Alternatives
* [FIPS 196]+1 – Entity Authentication Using Public Key Cryptography
* [FIPS 197]+6 – Advanced Encryption Standard
* [FIPS 198]+5 – The Keyed-Hash Message Authentication Code (HMAC)
* [February 2000]+11 – Guideline for Implementing Cryptography in the Federal Government – ITL Bulletin
* [May 2006]+4 – An Update On Cryptographic Standards, Guidelines, And Testing Requirements – ITL Bulletin
* [IR 7046]+1 – Framework for Multi-Mode Authentication: Overview and Implementation Guide
* [IR 7206]+1 – Smart Cards and Mobile Device Authentication: An Overview and Implementation
* [IR 7452]+1 – Secure Biometric Match-on-Card Feasibility Report
* [SP 800-111]+2 – Guide to Storage Encryption Technologies for End User Devices
* [SP 800-113]+2 – Guide to SSL VPNs
* [SP 800-116]+5 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
* [SP 800-15r1]+2 – Minimum Interoperability Specification for PKI Components (MISPC), Version 1
* [SP 800-17]+5 – Modes of Operation Validation System (MOVS): Requirements and Procedures
* [SP 800-21r2]+2 – Guideline for Implementing Cryptography in the Federal Government
* [SP 800-22r1]+6 – A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
* [SP 800-25]+2 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
* [SP 800-32]+1 – Introduction to Public Key Technology and the Federal PKI Infrastructure
* [SP 800-38A]+4 – Recommendation for Block Cipher Modes of Operation - Methods and Techniques
* [SP 800-38B]+3 – Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode
* [SP 800-38C]+4 – Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
* [SP 800-38D]+3 – Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication
* [SP 800-49]+1 – Federal S/MIME V3 Client Profile
* [SP 800-52]+7 – Guidelines on the Selection and Use of Transport Layer Security
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-56A]+10 – Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
* [SP 800-57]+25 – Recommendation on Key Management
* [SP 800-67 1.1]+2 – Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
* [SP 800-73]+21 – Interfaces for Personal Identity Verification
* [SP 800-78]+6 – Cryptographic Algorithms and Key Sizes for Personal Identity Verification
* [SP 800-90]+32 – Recommendation for Random Number Generation Using Deterministic Random Bit Generators
* [September 2002]+11 – Cryptographic Standards and Guidelines: A Status Report

+ DIGITAL SIGNATURES

* [FIPS 140]+142 – Security Requirements for Cryptographic Modules
* [FIPS 180]+15 – Secure Hash Standard (SHS)
* [FIPS 186]+14 – Digital Signature Standard (DSS)
* [FIPS 198]+5 – The Keyed-Hash Message Authentication Code (HMAC)
* [February 2000]+11 – Guideline for Implementing Cryptography in the Federal Government – ITL Bulletin
* [May 2006]+4 – An Update On Cryptographic Standards, Guidelines, And Testing Requirements – ITL Bulletin
* [IR 7313]+1 – 5th Annual PKI R&D Workshop “Making PKI Easy to Use” Proceedings
* [SP 800-106]+2 – Randomized Hashing for Digital Signatures
* [SP 800-107]+4 – Recommendation for Applications Using Approved Hash Algorithms
* [SP 800-15]+2 – Minimum Interoperability Specification for PKI Components (MISPC), Version 1
* [SP 800-21r2]+2 – Guideline for Implementing Cryptography in the Federal Government
* [SP 800-25]+2 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
* [SP 800-32]+1 – Introduction to Public Key Technology and the Federal PKI Infrastructure
* [SP 800-49]+1 – Federal S/MIME V3 Client Profile
* [SP 800-52]+7 – Guidelines on the Selection and Use of Transport Layer Security
* [SP 800-57]+25 – Recommendation on Key Management
* [SP 800-63r1]+13 – Electronic Authentication Guideline
* [SP 800-78]+6 – Cryptographic Algorithms and Key Sizes for Personal Identity Verification

+ FORENSICS

* [February 2007]+11 – Intrusion Detection And Prevention Systems – ITL Bulletin
* [June 2007]+18 – Forensic Techniques for Cell Phones – ITL Bulletin
* [IR 7100]+1 – PDA Forensic Tools: An Overview and Analysis
* [IR 7250] – Cell Phone Forensic Tools: An Overview and Analysis
* [IR 7387]+1 – Cell Phone Forensic Tools: An Overview and Analysis Update
* [IR 7516]+1 – Forensic Filtering of Cell Phone Protocols
* [November 2001]+3 – Computer Forensics Guidance
* [SP 800-101]+2 – Guidelines on Cell Phone Forensics
* [SP 800-72]+1 – Guidelines on PDA Forensics
* [SP 800-86]+2 – Guide to Integrating Forensic Techniques into Incident Response
* [SP 800-88]+2 – Media Sanitization Guide
* [SP 800-94]+5 – Guide to Intrusion Detection and Prevention Systems (IDPS)
* [September 2006]+26 – Forensic Techniques: Helping Organizations Improve Their Responses To Information Security Incidents

+ GENERAL IT SECURITY

* [April 2007]+1 – Securing Wireless Networks – ITL Bulletin
* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [March 2006]+18 – Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce – ITL Security Bulletin
* [IR 7298]+6 – Glossary of Key Information Security Terms
* [IR 7358]+2 – Program Review for Information Security Management Assistance (PRISMA)
* [IR 7359]+1 – Information Security Guide For Government Executives
* [IR 7435]+2 – The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems
* [November 2006]+2 – Guide To Securing Computers Using Windows XP Home Edition – ITL Bulletin
* [October 2008]+8 – Keeping Information Technology (IT) System Servers Secure: A General Guide To Good Practices
* [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
* [SP 800-111]+2 – Guide to Storage Encryption Technologies for End User Devices
* [SP 800-114]+3 – User's Guide to Securing External Devices for Telework and Remote Access
* [SP 800-116]+5 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
* [SP 800-12]+19 – An Introduction to Computer Security: The NIST Handbook
* [SP 800-123]+5 – Guide to General Server Security
* [SP 800-14]+6 – Generally Accepted Principles and Practices for Securing Information Technology Systems
* [SP 800-27rA] – Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
* [SP 800-33]+1 – Underlying Technical Models for Information Technology Security
* [SP 800-44]+2 – Guidelines on Securing Public Web Servers
* [SP 800-47]+1 – Security Guide for Interconnecting Information Technology Systems
* [SP 800-48]+2 – Guide to Securing Legacy IEEE 802.11 Wireless Networks
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-63r1]+13 – Electronic Authentication Guideline
* [SP 800-64r2]+2 – Security Considerations in the Information System Development Life Cycle
* [SP 800-88]+2 – Media Sanitization Guide
* [SP 800-95]+2 – Guide to Secure Web Services

+ INCIDENT RESPONSE

* [April 2002]+1 – Techniques for System and Data Recovery
* [December 2005]+16 – Preventing And Handling Malware Incidents: How To Protect Information Technology Systems From Malicious Code And Software
* [December 2006]+24 – Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs – ITL Bulletin
* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [February 2006]+4 – Creating A Program To Manage Security Patches And Vulnerabilities: NIST Recommendations For Improving System Security – ITL Bulletin
* [February 2007]+11 – Intrusion Detection And Prevention Systems – ITL Bulletin
* [January 2004]+1 – Computer Security Incidents: Assessing, Managing, And Controlling The Risks – ITL Bulletin
* [June 2007]+18 – Forensic Techniques for Cell Phones – ITL Bulletin
* [IR 6416] – Applying Mobile Agents to Intrusion Detection and Response
* [IR 6981]+1 – Policy Expression and Enforcement for Handheld Devices
* [IR 7100]+1 – PDA Forensic Tools: An Overview and Analysis
* [IR 7250] – Cell Phone Forensic Tools: An Overview and Analysis
* [IR 7387]+1 – Cell Phone Forensic Tools: An Overview and Analysis Update
* [November 2001]+3 – Computer Forensics Guidance
* [October 2002]+1 – Security Patches And The CVE Vulnerability Naming Scheme: Tools To Address Computer System Vulnerabilities – ITL Bulletin
* [October 2005]+2 – National Vulnerability Database: Helping Information Technology System Users And Developers Find Current Information About Cyber Security Vulnerabilities – ITL Bulletin
* [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
* [SP 800-101]+2 – Guidelines on Cell Phone Forensics
* [SP 800-12]+19 – An Introduction to Computer Security: The NIST Handbook
* [SP 800-123]+5 – Guide to General Server Security
* [SP 800-14]+6 – Generally Accepted Principles and Practices for Securing Information Technology Systems
* [SP 800-21r2]+2 – Guideline for Implementing Cryptography in the Federal Government
* [SP 800-36]+1 – Guide to Selecting Information Technology Security Products
* [SP 800-40 Rev]+3 – Creating a Patch and Vulnerability Management Program
* [SP 800-50]+2 – Building an Information Technology Security Awareness and Training Program
* [SP 800-51]+2 – Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme [subsection] :- Annual public report on activities undertaken in the previous year
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-61 Rev]+6 – Computer Security Incident Handling Guide
* [SP 800-61r1]+6 – Computer Security Incident Handling Guide
* [SP 800-66r1]+2 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule
* [SP 800-83]+2 – Guide to Malware Incident Prevention and Handling
* [SP 800-84]+4 – Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
* [SP 800-86]+2 – Guide to Integrating Forensic Techniques into Incident Response
* [SP 800-92]+4 – Guide to Computer Security Log Management
* [SP 800-94]+5 – Guide to Intrusion Detection and Prevention Systems (IDPS)
* [September 2006]+26 – Forensic Techniques: Helping Organizations Improve Their Responses To Information Security Incidents

+ MAINTENANCE

* [August 2006]+2 – Protecting Sensitive Information Processed And Stored In Information Technology (IT) Systems - ITL Security Bulletin
* [December 2002]+18 – Security of Public Web Servers – ITL Security Bulletin
* [December 2005]+16 – Preventing And Handling Malware Incidents: How To Protect Information Technology Systems From Malicious Code And Software
* [December 2006]+24 – Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs – ITL Bulletin
* [FIPS 188]+4 – Standard Security Labels for Information Transfer
* [FIPS 191] – Guideline for The Analysis of Local Area Network Security
* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [February 2006]+4 – Creating A Program To Manage Security Patches And Vulnerabilities: NIST Recommendations For Improving System Security – ITL Bulletin
* [January 2002]+4 – Guidelines on Firewalls and Firewall Policy – ITL Security Bulletin
* [January 2004]+1 – Computer Security Incidents: Assessing, Managing, And Controlling The Risks – ITL Bulletin
* [IR 6462]+3 – CSPP - Guidance for COTS Security Protection Profiles
* [IR 6985]+2 – COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP)
* [IR 7275]+8 – Specification for the Extensible Configuration Checklist Description Format (XCCDF)
* [IR 7284]+1 – Personal Identity Verification Card Management Report
* [November 2003]+1 – Network Security Testing – ITL Bulletin
* [November 2005]+2 – Securing Microsoft Windows XP Systems: NIST Recommendations For Using A Security Configuration Checklist – ITL Security Bulletin
* [November 2006]+2 – Guide To Securing Computers Using Windows XP Home Edition – ITL Bulletin
* [October 2002]+1 – Security Patches And The CVE Vulnerability Naming Scheme: Tools To Address Computer System Vulnerabilities – ITL Bulletin
* [October 2004]+1 – Securing Voice Over Internet Protocol (IP) Networks – ITL Bulletin
* [October 2005]+2 – National Vulnerability Database: Helping Information Technology System Users And Developers Find Current Information About Cyber Security Vulnerabilities – ITL Bulletin
* [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
* [SP 800-12]+19 – An Introduction to Computer Security: The NIST Handbook
* [SP 800-123]+5 – Guide to General Server Security
* [SP 800-14]+6 – Generally Accepted Principles and Practices for Securing Information Technology Systems
* [SP 800-24]+1 – PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
* [SP 800-31] – Intrusion Detection Systems (IDS)
* [SP 800-34]+10 – Contingency Planning Guide for Information Technology Systems
* [SP 800-40r2]+3 – Creating a Patch and Vulnerability Management Program
* [SP 800-41]+2 – Guidelines on Firewalls and Firewall Policy
* [SP 800-43] – Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System
* [SP 800-44]+2 – Guidelines on Securing Public Web Servers
* [SP 800-51]+2 – Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme [subsection] :- Annual public report on activities undertaken in the previous year
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-55]+2 – Security Metrics Guide for Information Technology Systems
* [SP 800-55r1]+2 – Performance Measurement Guide for Information Security
* [SP 800-68r1]+2 – Guide to Securing Microsoft Windows XP Systems for IT Professionals
* [SP 800-69]+2 – Guidance for Securing Microsoft Windows XP Home Edition: a NIST Security Configuration Checklist
* [SP 800-70]+4 – Security Configuration Checklists Program for IT Products
* [SP 800-77]+2 – Guide to IPSec VPNs
* [SP 800-83]+2 – Guide to Malware Incident Prevention and Handling
* [SP 800-84]+4 – Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
* [SP 800-88]+2 – Media Sanitization Guide

+ PERSONAL IDENTITY VERIFICATION (PIV)

* [August 2005]+7 – Implementation Of FIPS 201, Personal Identity Verification (PIV) Of Federal Employees And Contractors
* [FIPS 201]+136 – Personal Identity Verification for Federal Employees and Contractors
* [January 2006]+2 – Testing And Validation Of Personal Identity Verification (PIV) Components And Subsystems For Conformance To Federal Information Processing Standard 201
* [March 2005]+10 – Personal Identity Verification (PIV) Of Federal Employees And Contractors: Federal Information Processing Standard (FIPS) 201
* [IR 7284]+1 – Personal Identity Verification Card Management Report
* [IR 7313]+1 – 5th Annual PKI R&D Workshop “Making PKI Easy to Use” Proceedings
* [IR 7337]+1 – Personal Identity Verification Demonstration Summary
* [IR 7452]+1 – Secure Biometric Match-on-Card Feasibility Report
* [SP 800-104] – A Scheme for PIV Visual Card Topography
* [SP 800-116]+5 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
* [SP 800-63r1]+13 – Electronic Authentication Guideline
* [SP 800-73]+21 – Interfaces for Personal Identity Verification
* [SP 800-76]+5 – Biometric Data Specification for Personal Identity Verification
* [SP 800-78]+6 – Cryptographic Algorithms and Key Sizes for Personal Identity Verification
* [SP 800-79]+3 – Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
* [SP 800-85A]+6 – PIV Card Application and Middleware Interface Test Guidelines (SP 800-73 compliance)
* [SP 800-85B]+8 – PIV Data Model Test Guidelines

+ PKI

* [FIPS 140]+142 – Security Requirements for Cryptographic Modules
* [FIPS 196]+1 – Entity Authentication Using Public Key Cryptography
* [IR 7313]+1 – 5th Annual PKI R&D Workshop “Making PKI Easy to Use” Proceedings
* [IR 7452]+1 – Secure Biometric Match-on-Card Feasibility Report
* [SP 800-116]+5 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
* [SP 800-15]+2 – Minimum Interoperability Specification for PKI Components (MISPC), Version 1
* [SP 800-25]+2 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
* [SP 800-32]+1 – Introduction to Public Key Technology and the Federal PKI Infrastructure
* [SP 800-57]+25 – Recommendation on Key Management
* [SP 800-63r1]+13 – Electronic Authentication Guideline
* [SP 800-73]+21 – Interfaces for Personal Identity Verification
* [SP 800-76]+5 – Biometric Data Specification for Personal Identity Verification
* [SP 800-78]+6 – Cryptographic Algorithms and Key Sizes for Personal Identity Verification
* [SP 800-89]+1 – Recommendation for Obtaining Assurances for Digital Signature Applications

+ PLANNING

* [April 1999]+2 – Guide for Developing Security Plans for Information Technology Systems – ITL Security Bulletin
* [April 2007]+1 – Securing Wireless Networks – ITL Bulletin
* [August 2005]+7 – Implementation Of FIPS 201, Personal Identity Verification (PIV) Of Federal Employees And Contractors
* [December 2002]+18 – Security of Public Web Servers – ITL Security Bulletin
* [December 2005]+16 – Preventing And Handling Malware Incidents: How To Protect Information Technology Systems From Malicious Code And Software
* [FIPS 140]+142 – Security Requirements for Cryptographic Modules
* [FIPS 188]+4 – Standard Security Labels for Information Transfer
* [FIPS 191] – Guideline for The Analysis of Local Area Network Security
* [FIPS 199]+6 – Standards for Security Categorization of Federal Information and Information Systems
* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [FIPS 201]+136 – Personal Identity Verification for Federal Employees and Contractors
* [February 2000]+11 – Guideline for Implementing Cryptography in the Federal Government – ITL Bulletin
* [February 2002]+1 – Risk Management Guidance For Information Technology Systems – ITL Bulletin
* [February 2003]+1 – Secure Interconnections for Information Technology Systems – ITL Bulletin
* [February 2006]+4 – Creating A Program To Manage Security Patches And Vulnerabilities: NIST Recommendations For Improving System Security – ITL Bulletin
* [February 2007]+11 – Intrusion Detection And Prevention Systems – ITL Bulletin
* [January 2002]+4 – Guidelines on Firewalls and Firewall Policy – ITL Security Bulletin
* [January 2005]+11 – Integrating It Security Into The Capital Planning And Investment Control Process – ITL Bulletin
* [January 2006]+2 – Testing And Validation Of Personal Identity Verification (PIV) Components And Subsystems For Conformance To Federal Information Processing Standard 201
* [July 2002]+2 – Overview: The Government Smart Card Interoperability Specification
* [July 2004] – Guide For Mapping Types Of Information And Information Systems To Security Categories – ITL Bulletin
* [July 2005]+2 – Protecting Sensitive Information That Is Transmitted Across Networks: NIST Guidance For Selecting And Using Transport Layer Security Implementations – ITL Security Bulletin
* [July 2007]+5 – Border Gateway Protocol Security – ITL Security Bulletin
* [June 2005]+15 – NIST’s Security Configuration Checklists Program For IT Products – ITL Bulletin
* [June 2006]+13 – Domain Name System (DNS) Services: NIST Recommendations For Secure Deployment – ITL Bulletin
* [March 2004]+11 – Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information And Information Systems – ITL Bulletin
* [March 2006]+18 – Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce – ITL Security Bulletin
* [May 2004]+1 – Guide For The Security Certification And Accreditation Of Federal Information Systems – ITL Bulletin
* [May 2005] – Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process – ITL Bulletin
* [May 2006]+4 – An Update On Cryptographic Standards, Guidelines, And Testing Requirements – ITL Bulletin
* [May 2007]+3 – Securing Radio Frequency Identification (RFID) Systems – ITL Security Bulletin
* [IR 6462]+3 – CSPP - Guidance for COTS Security Protection Profiles
* [IR 6887]+1 – Government Smart Card Interoperability Specification (GSC-IS), v2.1
* [IR 6981]+1 – Policy Expression and Enforcement for Handheld Devices
* [IR 6985]+2 – COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP)
* [IR 7284]+1 – Personal Identity Verification Card Management Report
* [IR 7316]+2 – Assessment of Access Control Systems
* [IR 7358]+2 – Program Review for Information Security Management Assistance (PRISMA)
* [IR 7359]+1 – Information Security Guide For Government Executives
* [November 2004]+3 – Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government – ITL Security Bulletin
* [November 2005]+2 – Securing Microsoft Windows XP Systems: NIST Recommendations For Using A Security Configuration Checklist – ITL Security Bulletin
* [November 2006]+2 – Guide To Securing Computers Using Windows XP Home Edition – ITL Bulletin
* [October 2008]+8 – Keeping Information Technology (IT) System Servers Secure: A General Guide To Good Practices
* [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
* [SP 800-101]+2 – Guidelines on Cell Phone Forensics
* [SP 800-113]+2 – Guide to SSL VPNs
* [SP 800-116]+5 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
* [SP 800-12]+19 – An Introduction to Computer Security: The NIST Handbook
* [SP 800-121]+7 – Guide to Bluetooth Security
* [SP 800-123]+5 – Guide to General Server Security
* [SP 800-14]+6 – Generally Accepted Principles and Practices for Securing Information Technology Systems
* [SP 800-18r1]+7 – Guide for Developing Security Plans for Information Systems
* [SP 800-19]+2 – Mobile Agent Security
* [SP 800-21r2]+2 – Guideline for Implementing Cryptography in the Federal Government
* [SP 800-25]+2 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
* [SP 800-27rA] – Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
* [SP 800-30]+7 – Risk Management Guide for Information Technology Systems
* [SP 800-31] – Intrusion Detection Systems (IDS)
* [SP 800-32]+1 – Introduction to Public Key Technology and the Federal PKI Infrastructure
* [SP 800-33]+1 – Underlying Technical Models for Information Technology Security
* [SP 800-34]+10 – Contingency Planning Guide for Information Technology Systems
* [SP 800-35]+1 – Guide to Information Technology Security Services
* [SP 800-36]+1 – Guide to Selecting Information Technology Security Products
* [SP 800-37]+20 – Guide for Security Certification and Accreditation of Federal Information Systems
* [SP 800-40 Ver. 2]+3 – Creating a Patch and Vulnerability Management Program
* [SP 800-41]+2 – Guidelines on Firewalls and Firewall Policy
* [SP 800-43] – Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System
* [SP 800-44]+2 – Guidelines on Securing Public Web Servers
* [SP 800-45]+2 – Guidelines on Electronic Mail Security
* [SP 800-47]+1 – Security Guide for Interconnecting Information Technology Systems
* [SP 800-48]+2 – Guide to Securing Legacy IEEE 802.11 Wireless Networks
* [SP 800-48r1]+2 – Guide to Securing Legacy IEEE 802.11 Wireless Networks
* [SP 800-53 Rev]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-53r3]+78 – Recommended Security Controls for Federal Information Systems and Organizations
* [SP 800-54]+1 – Border Gateway Protocol Security
* [SP 800-55 Rev]+2 – Performance Measurement Guide for Information Security
* [SP 800-55r1]+2 – Performance Measurement Guide for Information Security
* [SP 800-57]+25 – Recommendation on Key Management
* [SP 800-58]+1 – Security Considerations for Voice Over IP Systems
* [SP 800-64r2]+2 – Security Considerations in the Information System Development Life Cycle
* [SP 800-65]+1 – Integrating IT Security into the Capital Planning and Investment Control Process
* [SP 800-66r1]+2 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule
* [SP 800-81]+3 – Secure Domain Name System (DNS) Deployment Guide
* [SP 800-89]+1 – Recommendation for Obtaining Assurances for Digital Signature Applications
* [SP 800-94]+5 – Guide to Intrusion Detection and Prevention Systems (IDPS)
* [SP 800-95]+2 – Guide to Secure Web Services
* [SP 800-98]+2 – Guidelines for Securing Radio Frequency Identification (RFID) Systems

+ RESEARCH

* [July 2003]+7 – Testing Intrusion Detection Systems – ITL Bulletin
* [June 2007]+18 – Forensic Techniques for Cell Phones – ITL Bulletin
* [IR 7007]+1 – An Overview of Issues in Testing Intrusion Detection Systems
* [IR 7056]+1 – Card Technology Development and Gap Analysis Interagency Report
* [IR 7200]+1 – Proximity Beacons and Mobile Handheld Devices: Overview and Implementation
* [IR 7387]+1 – Cell Phone Forensic Tools: An Overview and Analysis Update
* [IR 7516]+1 – Forensic Filtering of Cell Phone Protocols
* [IR 7539]+1 – Symmetric Key Injection onto Smart Cards
* [SP 800-101]+2 – Guidelines on Cell Phone Forensics
* [SP 800-124]+5 – Guidelines on Cell Phone and PDA Security
* [SP 800-95]+2 – Guide to Secure Web Services

+ RISK ASSESSMENT

* [December 2006]+24 – Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs – ITL Bulletin
* [FIPS 191] – Guideline for The Analysis of Local Area Network Security
* [FIPS 199]+6 – Standards for Security Categorization of Federal Information and Information Systems
* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
* [February 2002]+1 – Risk Management Guidance For Information Technology Systems – ITL Bulletin
* [February 2003]+1 – Secure Interconnections for Information Technology Systems – ITL Bulletin
* [February 2006]+4 – Creating A Program To Manage Security Patches And Vulnerabilities: NIST Recommendations For Improving System Security – ITL Bulletin
* [January 2004]+1 – Computer Security Incidents: Assessing, Managing, And Controlling The Risks – ITL Bulletin
* [July 2004] – Guide For Mapping Types Of Information And Information Systems To Security Categories – ITL Bulletin
* [March 2004]+11 – Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information And Information Systems – ITL Bulletin
* [May 2004]+1 – Guide For The Security Certification And Accreditation Of Federal Information Systems – ITL Bulletin
* [May 2005] – Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process – ITL Bulletin
* [May 2006]+4 – An Update On Cryptographic Standards, Guidelines, And Testing Requirements – ITL Bulletin
* [IR 6981]+1 – Policy Expression and Enforcement for Handheld Devices
* [IR 7316]+2 – Assessment of Access Control Systems
* [November 2003]+1 – Network Security Testing – ITL Bulletin
* [October 2002]+1 – Security Patches And The CVE Vulnerability Naming Scheme: Tools To Address Computer System Vulnerabilities – ITL Bulletin
* [October 2005]+2 – National Vulnerability Database: Helping Information Technology System Users And Developers Find Current Information About Cyber Security Vulnerabilities – ITL Bulletin
* [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
* [SP 800-115]+4 – Technical Guide to Information Security Testing and Assessment
* [SP 800-116]+5 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
* [SP 800-12]+19 – An Introduction to Computer Security: The NIST Handbook
* [SP 800-13]+5 – Telecommunications Security Guidelines for Telecommunications Management Network
* [SP 800-14]+6 – Generally Accepted Principles and Practices for Securing Information Technology Systems
* [SP 800-19]+2 – Mobile Agent Security
* [SP 800-21r2]+2 – Guideline for Implementing Cryptography in the Federal Government
* [SP 800-23]+1 – Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
* [SP 800-24]+1 – PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
* [SP 800-25]+2 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
* [SP 800-28r2]+1 – Guidelines on Active Content and Mobile Code
* [SP 800-30]+7 – Risk Management Guide for Information Technology Systems
* [SP 800-32]+1 – Introduction to Public Key Technology and the Federal PKI Infrastructure
* [SP 800-34]+10 – Contingency Planning Guide for Information Technology Systems