Files available¹ to download:

+ ANNUAL REPORTS

* [IR 7111]+4 – Computer Security Division 2003 Annual Report
 * [IR 7219]+4 – Computer Security Division 2004 Annual Report
 * [IR 7285]+4 – Computer Security Division 2005 Annual Report
 * [IR 7399]+3 – Computer Security Division 2006 Annual Report
 * [IR 7442]+3 – Computer Security Division 2007 Annual Report
 * [IR 7536]+3 – Computer Security Division 2008 Annual Report
 * [IR 7653]+3 – Computer Security Division 2009 Annual Report
 * [IR 7751]+4 – Computer Security Division 2010 Annual Report
 * [IR 7816]+3 – Computer Security Division 2011 Annual Report
 * [SP 800-165]+1 – Computer Security Division 2012 Annual Report
 * [SP 800-170]+1 – Computer Security Division 2013 Annual Report
 * [SP 800-176]+1 – Computer Security Division 2014 Annual Report
 * [SP 800-182]+1 – Computer Security Division 2015 Annual Report
 * [SP 800-195]+1 – NIST-ITL Cybersecurity Program Annual Report
 * [SP 800-203]+1 – NIST-ITL Cybersecurity Program Annual Report

+ AUDIT & ACCOUNTABILITY

* [August 2003]+3 – IT Security Metrics
 * [August 2005]+9 – Implementation Of FIPS 201, Personal Identity Verification (PIV) Of Federal Employees And Contractors
 * [FIPS 140]+266 – Security Requirements for Cryptographic Modules
 * [FIPS 191]+1 – Guideline for The Analysis of Local Area Network Security
 * [FIPS 198]+7 – The Keyed-Hash Message Authentication Code (HMAC)
 * [FIPS 199]+7 – Standards for Security Categorization of Federal Information and Information Systems
 * [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
 * [February 2000]+12 – Guideline for Implementing Cryptography in the Federal Government – ITL Bulletin
 * [January 2002]+6 – Guidelines on Firewalls and Firewall Policy – ITL Security Bulletin
 * [January 2006]+3 – Testing And Validation Of Personal Identity Verification (PIV) Components And Subsystems For Conformance To Federal Information Processing Standard 201
 * [January 2007]+4 – Security Controls For Information Systems: Revised Guidelines Issued By NIST - ITL Security Bulletin
 * [June 2003]+33 – ASSET: Security Assessment Tool For Federal Agencies
 * [March 2004]+12 – Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information And Information Systems – ITL Bulletin
 * [March 2006]+19 – Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce – ITL Security Bulletin
 * [May 2005] – Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process – ITL Bulletin
 * [IR 6981]+2 – Policy Expression and Enforcement for Handheld Devices
 * [IR 7275]+13 – Specification for the Extensible Configuration Checklist Description Format (XCCDF)
 * [IR 7284]+2 – Personal Identity Verification Card Management Report
 * [IR 7316]+3 – Assessment of Access Control Systems
 * [IR 7358]+4 – Program Review for Information Security Management Assistance (PRISMA)
 * [November 2004]+4 – Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government – ITL Security Bulletin
 * [October 2006]+2 – Log Management: Using Computer And Network Records To Improve Information Security - ITL Security Bulletin
 * [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
 * [SP 800-115]+7 – Technical Guide to Information Security Testing and Assessment
 * [SP 800-12]+23 – An Introduction to Computer Security: The NIST Handbook
 * [SP 800-123]+7 – Guide to General Server Security
 * [SP 800-14]+8 – Generally Accepted Principles and Practices for Securing Information Technology Systems
 * [SP 800-16]+25 – Information Technology Security Training Requirements: A Role- and Performance-Based Model
 * [SP 800-18r1]+10 – Guide for Developing Security Plans for Information Systems
 * [SP 800-19]+4 – Mobile Agent Security
 * [SP 800-30]+12 – Risk Management Guide for Information Technology Systems
 * [SP 800-37]+37 – Guide for Security Certification and Accreditation of Federal Information Systems
 * [SP 800-41]+5 – Guidelines on Firewalls and Firewall Policy
 * [SP 800-44]+3 – Guidelines on Securing Public Web Servers
 * [SP 800-45]+3 – Guidelines on Electronic Mail Security
 * [SP 800-49]+2 – Federal S/MIME V3 Client Profile
 * [SP 800-50]+3 – Building an Information Technology Security Awareness and Training Program
 * [SP 800-52]+13 – Guidelines on the Selection and Use of Transport Layer Security
 * [SP 800-53r3]+220 – Recommended Security Controls for Federal Information Systems and Organizations
 * [SP 800-53A]+74 – Guide for Assessing the Security Controls in Federal Information Systems
 * [SP 800-55]+6 – Security Metrics Guide for Information Technology Systems
 * [SP 800-55r1]+6 – Performance Measurement Guide for Information Security
 * [SP 800-57]+46 – Recommendation on Key Management
 * [SP 800-66r1]+8 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule
 * [SP 800-68r1]+6 – Guide to Securing Microsoft Windows XP Systems for IT Professionals
 * [SP 800-68 Rev. 1]+6 – Guide to Securing Microsoft Windows XP Systems for IT Professionals
 * [SP 800-72]+2 – Guidelines on PDA Forensics
 * [SP 800-83]+7 – Guide to Malware Incident Prevention and Handling
 * [SP 800-86]+2 – Guide to Integrating Forensic Techniques into Incident Response
 * [SP 800-89]+2 – Recommendation for Obtaining Assurances for Digital Signature Applications
 * [SP 800-92]+7 – Guide to Computer Security Log Management
 * [SP 800-94]+7 – Guide to Intrusion Detection and Prevention Systems (IDPS)
 * [September 2001] – Security Self-Assessment Guide for Information Technology Systems – ITL Bulletin

+ AUTHENTICATION

* [April 2007]+1 – Securing Wireless Networks – ITL Bulletin
 * [August 2004]+2 – Electronic Authentication: Guidance For Selecting Secure Techniques
 * [FIPS 180]+22 – Secure Hash Standard (SHS)
 * [FIPS 181]+1 – Automated Password Generator
 * [FIPS 186]+23 – Digital Signature Standard (DSS)
 * [FIPS 190]+1 – Guideline for the Use of Advanced Authentication Technology Alternatives
 * [FIPS 196]+2 – Entity Authentication Using Public Key Cryptography
 * [FIPS 198]+7 – The Keyed-Hash Message Authentication Code (HMAC)
 * [February 2007]+11 – Intrusion Detection And Prevention Systems – ITL Bulletin
 * [July 2005]+2 – Protecting Sensitive Information That Is Transmitted Across Networks: NIST Guidance For Selecting And Using Transport Layer Security Implementations – ITL Security Bulletin
 * [March 2001]+12 – An Introduction to IPsec (Internet Protocol Security)
 * [March 2003]+26 – Security For Wireless Networks And Devices
 * [May 2001]+3 – Biometrics - Technologies for Highly Secure Personal Authentication
 * [May 2006]+8 – An Update On Cryptographic Standards, Guidelines, And Testing Requirements – ITL Bulletin
 * [IR 7030]+2 – Picture Password: A Visual Login Technique for Mobile Devices
 * [IR 7046]+2 – Framework for Multi-Mode Authentication: Overview and Implementation Guide
 * [IR 7200]+1 – Proximity Beacons and Mobile Handheld Devices: Overview and Implementation
 * [IR 7206]+1 – Smart Cards and Mobile Device Authentication: An Overview and Implementation
 * [IR 7290]+2 – Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
 * [IR 7452]+2 – Secure Biometric Match-on-Card Feasibility Report
 * [SP 800-104] – A Scheme for PIV Visual Card Topography
 * [SP 800-113]+2 – Guide to SSL VPNs
 * [SP 800-114]+7 – User's Guide to Securing External Devices for Telework and Remote Access
 * [SP 800-116]+12 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
 * [SP 800-121]+15 – Guide to Bluetooth Security
 * [SP 800-124]+11 – Guidelines on Cell Phone and PDA Security
 * [SP 800-17]+10 – Modes of Operation Validation System (MOVS): Requirements and Procedures
 * [SP 800-21r2]+5 – Guideline for Implementing Cryptography in the Federal Government
 * [SP 800-25]+5 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
 * [SP 800-32]+4 – Introduction to Public Key Technology and the Federal PKI Infrastructure
 * [SP 800-38A]+10 – Recommendation for Block Cipher Modes of Operation - Methods and Techniques
 * [SP 800-38B]+5 – Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode
 * [SP 800-38C]+7 – Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
 * [SP 800-38D]+8 – Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication
 * [SP 800-53r3]+220 – Recommended Security Controls for Federal Information Systems and Organizations
 * [SP 800-57]+46 – Recommendation on Key Management
 * [SP 800-63r1]+40 – Electronic Authentication Guideline
 * [SP 800-73]+42 – Interfaces for Personal Identity Verification
 * [SP 800-78]+20 – Cryptographic Algorithms and Key Sizes for Personal Identity Verification
 * [SP 800-89]+2 – Recommendation for Obtaining Assurances for Digital Signature Applications
 * [September 2005]+13 – Biometric Technologies: Helping To Protect Information And Automated Transactions In Information Technology Systems

+ AWARENESS & TRAINING

* [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
 * [IR 7284]+2 – Personal Identity Verification Card Management Report
 * [IR 7359]+2 – Information Security Guide For Government Executives
 * [November 2002]+2 – Security For Telecommuting And Broadband Communications
 * [November 2006]+2 – Guide To Securing Computers Using Windows XP Home Edition – ITL Bulletin
 * [October 2003]+6 – Information Technology Security Awareness, Training, Education, and Certification
 * [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
 * [SP 800-12]+23 – An Introduction to Computer Security: The NIST Handbook
 * [SP 800-14]+8 – Generally Accepted Principles and Practices for Securing Information Technology Systems
 * [SP 800-16]+25 – Information Technology Security Training Requirements: A Role- and Performance-Based Model
 * [SP 800-40r2]+11 – Creating a Patch and Vulnerability Management Program
 * [SP 800-46r1]+10 – Security for Telecommuting and Broadband Communications
 * [SP 800-50]+3 – Building an Information Technology Security Awareness and Training Program
 * [SP 800-53r3]+220 – Recommended Security Controls for Federal Information Systems and Organizations
 * [SP 800-66r1]+8 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule

+ BIOMETRICS

* [August 2005]+9 – Implementation Of FIPS 201, Personal Identity Verification (PIV) Of Federal Employees And Contractors
 * [FIPS 201]+365 – Personal Identity Verification for Federal Employees and Contractors
 * [July 2002]+3 – Overview: The Government Smart Card Interoperability Specification
 * [March 2005]+13 – Personal Identity Verification (PIV) Of Federal Employees And Contractors: Federal Information Processing Standard (FIPS) 201
 * [May 2001]+3 – Biometrics - Technologies for Highly Secure Personal Authentication
 * [IR 6529-A]+2 – Common Biometric Exchange File Format (CBEFF)
 * [IR 6887]+2 – Government Smart Card Interoperability Specification (GSC-IS), v2.1
 * [IR 7056]+1 – Card Technology Development and Gap Analysis Interagency Report
 * [IR 7206]+1 – Smart Cards and Mobile Device Authentication: An Overview and Implementation
 * [IR 7284]+2 – Personal Identity Verification Card Management Report
 * [IR 7290]+2 – Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
 * [IR 7452]+2 – Secure Biometric Match-on-Card Feasibility Report
 * [SP 800-116]+12 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
 * [SP 800-73]+42 – Interfaces for Personal Identity Verification
 * [SP 800-76]+16 – Biometric Data Specification for Personal Identity Verification
 * [September 2005]+13 – Biometric Technologies: Helping To Protect Information And Automated Transactions In Information Technology Systems

+ CERTIFICATION & ACCREDITATION (C&A)

* [August 2003]+3 – IT Security Metrics
 * [December 2006]+24 – Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs – ITL Bulletin
 * [FIPS 191]+1 – Guideline for The Analysis of Local Area Network Security
 * [FIPS 199]+7 – Standards for Security Categorization of Federal Information and Information Systems
 * [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
 * [February 2003]+1 – Secure Interconnections for Information Technology Systems – ITL Bulletin
 * [July 2004] – Guide For Mapping Types Of Information And Information Systems To Security Categories – ITL Bulletin
 * [June 2003]+33 – ASSET: Security Assessment Tool For Federal Agencies
 * [March 2004]+12 – Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information And Information Systems – ITL Bulletin
 * [March 2006]+19 – Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce – ITL Security Bulletin
 * [May 2004]+3 – Guide For The Security Certification And Accreditation Of Federal Information Systems – ITL Bulletin
 * [May 2005] – Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process – ITL Bulletin
 * [November 2004]+4 – Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government – ITL Security Bulletin
 * [SP 800-115]+7 – Technical Guide to Information Security Testing and Assessment
 * [SP 800-18r1]+10 – Guide for Developing Security Plans for Information Systems
 * [SP 800-23]+3 – Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
 * [SP 800-30]+12 – Risk Management Guide for Information Technology Systems
 * [SP 800-34]+21 – Contingency Planning Guide for Information Technology Systems
 * [SP 800-37]+37 – Guide for Security Certification and Accreditation of Federal Information Systems
 * [SP 800-47]+4 – Security Guide for Interconnecting Information Technology Systems
 * [SP 800-53r3]+220 – Recommended Security Controls for Federal Information Systems and Organizations
 * [SP 800-53A]+74 – Guide for Assessing the Security Controls in Federal Information Systems
 * [SP 800-55]+6 – Security Metrics Guide for Information Technology Systems
 * [SP 800-55r1]+6 – Performance Measurement Guide for Information Security
 * [SP 800-59]+2 – Guideline for Identifying an Information System as a National Security System
 * [SP 800-60r1]+15 – Guide for Mapping Types of Information and Information Systems to Security Categories
 * [SP 800-84]+8 – Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
 * [SP 800-88]+8 – Media Sanitization Guide

+ COMMUNICATIONS & WIRELESS

* [April 2006]+2 – Protecting Sensitive Information Transmitted in Public Networks – ITL Security Bulletin
 * [April 2007]+1 – Securing Wireless Networks – ITL Bulletin
 * [August 2000]+14 – Security for Private Branch Exchange Systems
 * [FIPS 140]+266 – Security Requirements for Cryptographic Modules
 * [January 2002]+6 – Guidelines on Firewalls and Firewall Policy – ITL Security Bulletin
 * [January 2003]+5 – Security Of Electronic Mail
 * [July 2007]+5 – Border Gateway Protocol Security – ITL Security Bulletin
 * [June 2006]+18 – Domain Name System (DNS) Services: NIST Recommendations For Secure Deployment – ITL Bulletin
 * [June 2007]+18 – Forensic Techniques for Cell Phones – ITL Bulletin
 * [March 2001]+12 – An Introduction to IPsec (Internet Protocol Security)
 * [March 2003]+26 – Security For Wireless Networks And Devices
 * [March 2007]+17 – Improving The Security Of Electronic Mail: Updated Guidelines Issued By NIST – ITL Security Bulletin
 * [May 2007]+3 – Securing Radio Frequency Identification (RFID) Systems – ITL Security Bulletin
 * [IR 7046]+2 – Framework for Multi-Mode Authentication: Overview and Implementation Guide
 * [IR 7206]+1 – Smart Cards and Mobile Device Authentication: An Overview and Implementation
 * [IR 7387]+2 – Cell Phone Forensic Tools: An Overview and Analysis Update
 * [IR 7452]+2 – Secure Biometric Match-on-Card Feasibility Report
 * [November 2002]+2 – Security For Telecommuting And Broadband Communications
 * [October 2004]+1 – Securing Voice Over Internet Protocol (IP) Networks – ITL Bulletin
 * [SP 800-101]+5 – Guidelines on Cell Phone Forensics
 * [SP 800-113]+2 – Guide to SSL VPNs
 * [SP 800-114]+7 – User's Guide to Securing External Devices for Telework and Remote Access
 * [SP 800-115]+7 – Technical Guide to Information Security Testing and Assessment
 * [SP 800-121]+15 – Guide to Bluetooth Security
 * [SP 800-124]+11 – Guidelines on Cell Phone and PDA Security
 * [SP 800-24]+3 – PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
 * [SP 800-41]+5 – Guidelines on Firewalls and Firewall Policy
 * [SP 800-45r2]+3 – Guidelines on Electronic Mail Security
 * [SP 800-46r1]+10 – Security for Telecommuting and Broadband Communications
 * [SP 800-48r1]+4 – Guide to Securing Legacy IEEE 802.11 Wireless Networks
 * [SP 800-52]+13 – Guidelines on the Selection and Use of Transport Layer Security
 * [SP 800-53r3]+220 – Recommended Security Controls for Federal Information Systems and Organizations
 * [SP 800-54]+2 – Border Gateway Protocol Security
 * [SP 800-58]+2 – Security Considerations for Voice Over IP Systems
 * [SP 800-77]+4 – Guide to IPSec VPNs
 * [SP 800-81]+6 – Secure Domain Name System (DNS) Deployment Guide
 * [SP 800-82]+10 – Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security
 * [SP 800-98]+2 – Guidelines for Securing Radio Frequency Identification (RFID) Systems

+ CONTINGENCY PLANNING

* [April 2002]+1 – Techniques for System and Data Recovery
 * [December 2006]+24 – Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs – ITL Bulletin
 * [FIPS 200]+2 – Minimum Security Requirements for Federal Information and Information Systems
 * [January 2004]+1 – Computer Security Incidents: Assessing, Managing, And Controlling The Risks – ITL Bulletin
 * [June 2002]+17 – Contingency Planning Guide For Information Technology Systems
 * [SP 800-100]+1 – Information Security Handbook: A Guide for Managers
 * [SP 800-12]+23 – An Introduction to Computer Security: The NIST Handbook
 * [SP 800-13]+6 – Telecommunications Security Guidelines for Telecommunications Management Network
 * [SP 800-14]+8 – Generally Accepted Principles and Practices for Securing Information Technology Systems
 * [SP 800-21r2]+5 – Guideline for Implementing Cryptography in the Federal Government
 * [SP 800-24]+3 – PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
 * [SP 800-25]+5 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
 * [SP 800-34]+21 – Contingency Planning Guide for Information Technology Systems
 * [SP 800-41]+5 – Guidelines on Firewalls and Firewall Policy
 * [SP 800-43]+1 – Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System
 * [SP 800-44]+3 – Guidelines on Securing Public Web Servers
 * [SP 800-45]+3 – Guidelines on Electronic Mail Security
 * [SP 800-46r1]+10 – Security for Telecommuting and Broadband Communications
 * [SP 800-50]+3 – Building an Information Technology Security Awareness and Training Program
 * [SP 800-53r3]+220 – Recommended Security Controls for Federal Information Systems and Organizations
 * [SP 800-57]+46 – Recommendation on Key Management
 * [SP 800-66r1]+8 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule
 * [SP 800-81]+6 – Secure Domain Name System (DNS) Deployment Guide
 * [SP 800-83]+7 – Guide to Malware Incident Prevention and Handling
 * [SP 800-84]+8 – Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
 * [SP 800-86]+2 – Guide to Integrating Forensic Techniques into Incident Response

+ CRYPTOGRAPHY

* [December 2000]+19 – A Statistical Test Suite For Random And Pseudorandom Number Generators For Cryptographic Applications
 * [FIPS 140]+266 – Security Requirements for Cryptographic Modules
 * [FIPS 180]+22 – Secure Hash Standard (SHS)
 * [FIPS 181]+1 – Automated Password Generator
 * [FIPS 185]+2 – Escrowed Encryption Standard
 * [FIPS 186]+23 – Digital Signature Standard (DSS)
 * [FIPS 190]+1 – Guideline for the Use of Advanced Authentication Technology Alternatives
 * [FIPS 196]+2 – Entity Authentication Using Public Key Cryptography
 * [FIPS 197]+8 – Advanced Encryption Standard
 * [FIPS 198]+7 – The Keyed-Hash Message Authentication Code (HMAC)
 * [February 2000]+12 – Guideline for Implementing Cryptography in the Federal Government – ITL Bulletin
 * [May 2006]+8 – An Update On Cryptographic Standards, Guidelines, And Testing Requirements – ITL Bulletin
 * [IR 7046]+2 – Framework for Multi-Mode Authentication: Overview and Implementation Guide
 * [IR 7206]+1 – Smart Cards and Mobile Device Authentication: An Overview and Implementation
 * [IR 7452]+2 – Secure Biometric Match-on-Card Feasibility Report
 * [SP 800-111]+2 – Guide to Storage Encryption Technologies for End User Devices
 * [SP 800-113]+2 – Guide to SSL VPNs
 * [SP 800-116]+12 – A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
 * [SP 800-15r1]+7 – Minimum Interoperability Specification for PKI Components (MISPC), Version 1
 * [SP 800-17]+10 – Modes of Operation Validation System (MOVS): Requirements and Procedures
 * [SP 800-21r2]+5 – Guideline for Implementing Cryptography in the Federal Government
 * [SP 800-22r1]+11 – A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
 * [SP 800-25]+5 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
 * [SP 800-32]+4 – Introduction to Public Key Technology and the Federal PKI Infrastructure
 * [SP 800-38A]+10 – Recommendation for Block Cipher Modes of Operation - Methods and Techniques
 * [SP 800-38B]+5 – Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode
 * [SP 800-38C]+7 – Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
 * [SP 800-38D]+8 – Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication
 * [SP 800-49]+2 – Federal S/MIME V3 Client Profile
 * [SP 800-52]+13 – Guidelines on the Selection and Use of Transport Layer Security
 * [SP 800-53r3]+220 – Recommended Security Controls for Federal Information Systems and Organizations
 * [SP 800-56A]+23 – Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
 * [SP 800-57]+46 – Recommendation on Key Management
 * [SP 800-67 1.1]+7 – Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
 * [SP 800-73]+42 – Interfaces for Personal Identity Verification
 * [SP 800-78]+20 – Cryptographic Algorithms and Key Sizes for Personal Identity Verification
 * [SP 800-90]+50 – Recommendation for Random Number Generation Using Deterministic Random Bit Generators
 * [September 2002]+14 – Cryptographic Standards and Guidelines: A Status Report

+ DIGITAL SIGNATURES

* [FIPS 140]+266 – Security Requirements for Cryptographic Modules
 * [FIPS 180]+22 – Secure Hash Standard (SHS)
 * [FIPS 186]+23 – Digital Signature Standard (DSS)
 * [FIPS 198]+7 – The Keyed-Hash Message Authentication Code (HMAC)
 * [February 2000]+12 – Guideline for Implementing Cryptography in the Federal Government – ITL Bulletin
 * [May 2006]+8 – An Update On Cryptographic Standards, Guidelines, And Testing Requirements – ITL Bulletin
 * [IR 7313]+1 – 5th Annual PKI R&D Workshop “Making PKI Easy to Use” Proceedings
 * [SP 800-106]+4 – Randomized Hashing for Digital Signatures
 * [SP 800-107]+8 – Recommendation for Applications Using Approved Hash Algorithms
 * [SP 800-15]+7 – Minimum Interoperability Specification for PKI Components (MISPC), Version 1
 * [SP 800-21r2]+5 – Guideline for Implementing Cryptography in the Federal Government
 * [SP 800-25]+5 – Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
 * [SP 800-32]+4 – Introduction to Public Key Technology and the Federal PKI Infrastructure
 * [SP 800-49]+2 – Federal S/MIME V3 Client Profile
 * [SP 800-52]+13 – Guidelines on the Selection and Use of Transport Layer Security
 * [SP 800-57]+46 – Recommendation on Key Management
 * [SP 800-63r1]+40 – Electronic Authentication Guideline