Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Publications By Legal Requirement

Browse FIPS, NIST Special Publications, NISTIRs and ITL Bulletins by legal requirement (see the left navigation menu).

There are certain legal requirements regarding IT security with which Federal agencies must comply; these sources include legislation, Presidential Directives and Office of Management and Budget (OMB) Circulars. CSD technical publications are organized below according to relevant legal requirement.

Note: Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.

Cybersecurity Enhancement Act of 2014

Interagency Coordination
NumberDateTitle
NISTIR 8074 Vol. 2December 2015 Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 2 FAQ
doi:10.6028/NIST.IR.8074v2 [Direct Link]
NISTIR 8074 Vol. 1December 2015 Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 1 FAQ
doi:10.6028/NIST.IR.8074v1 [Direct Link]
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
Back to Top

Cybersecurity Strategy and Implementation Plan (CSIP)

Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology
NumberDateTitle
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
Back to Top
Prioritized Identification and Protection of High Value Information and Assets
NumberDateTitle
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8139 
(Draft)
February 2017DRAFT Identifying Uniformity with Entropy and Divergence
Announcement and Draft Publication
WhitepaperApril 21, 2016 Best Practices for Privileged User PIV Authentication
Best Practices Paper
Back to Top
Rapid Recovery from Incidents and Accelerated Adoption of Lessons Learned
NumberDateTitle
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
ITL BulletinMarch 2017Fundamentals of Small Business Information Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
Back to Top
Timely Detection of and Rapid Response to Cyber Incidents
NumberDateTitle
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
Back to Top

E-Government Act of 2002

Mandates NIST Development of Security Standards
NumberDateTitle
FIPS 200March 2006 Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199February 2004 Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-188 
(Draft)
December 2016DRAFT De-Identifying Government Datasets (2nd Draft)
Announcement and Draft Publication
SP 800-185December 2016SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
SP 800-185 FAQ
doi:10.6028/NIST.SP.800-185 [Direct Link]
Comments Received on Draft SP 800-185
SP 800-160November 2016Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link]
"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-152October 2015 A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)
SP 800-152 FAQ
doi:10.6028/NIST.SP.800-152 [Direct Link]
Comments received on final (3rd) Draft (Dec. 2014)
Draft 3 (Dec. 2014)
Draft 2 (Jan. 2014)
Draft (Aug. 2012)
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 7698August 2011 Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698 FAQ
doi:10.6028/NIST.IR.7698 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7697August 2011 Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697 FAQ
doi:10.6028/NIST.IR.7697 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7696August 2011 Common Platform Enumeration: Name Matching Specification Version 2.3
NISTIR 7696 FAQ
doi:10.6028/NIST.IR.7696 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7695August 2011 Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695 FAQ
doi:10.6028/NIST.IR.7695 [Direct Link]
Press Release (for NISTIRs 7695-7698)
ITL BulletinJanuary 2017Dramatically Reducing Software Vulnerabilities
ITL BulletinDecember 2016Rethinking Security Through Systems Security Engineering
ITL BulletinJuly 2007Border Gateway Protocol (BGP) Security
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
ITL BulletinNovember 2006Guide to Securing Computers Using Windows XP Home Edition
ITL BulletinApril 2006Protecting Sensitive Information Transmitted in Public Networks
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Back to Top

Federal Information Security Management Act of 2002 (FISMA)

Annual Public Report on Activities Undertaken in the Previous Year
NumberDateTitle
SP 800-182July 2016Computer Security Division 2015 Annual Report
SP 800-182 FAQ
doi:10.6028/NIST.SP.800-182 [Direct Link]
SP 800-176August 2015 Computer Security Division 2014 Annual Report
SP 800-176 FAQ
doi:10.6028/NIST.SP.800-176 [Direct Link]
SP 800-170June 2014 Computer Security Division 2013 Annual Report
SP 800-170 FAQ
doi:10.6028/NIST.SP.800-170 [Direct Link]
SP 800-165July 2013 Computer Security Division 2012 Annual Report
SP 800-165 FAQ
doi:10.6028/NIST.SP.800-165 [Direct Link]
NISTIR 7816May 2012 Computer Security Division 2011 Annual Report
NISTIR 7816 FAQ
doi:10.6028/NIST.IR.7816 [Direct Link]
NISTIR 7751May 2011 Computer Security Division 2010 Annual Report
NISTIR 7751 FAQ
doi:10.6028/NIST.IR.7751 [Direct Link]
NISTIR 7653March 2010 Computer Security Division 2009 Annual Report
NISTIR 7653 FAQ
doi:10.6028/NIST.IR.7653 [Direct Link]
NISTIR 7536March 2009 Computer Security Division 2008 Annual Report
NISTIR 7536 FAQ
doi:10.6028/NIST.IR.7536 [Direct Link]
NISTIR 7442April 2008 Computer Security Division 2007 Annual Report
NISTIR 7442 FAQ
doi:10.6028/NIST.IR.7442 [Direct Link]
NISTIR 7399March 2007 Computer Security Division 2006 Annual Report
NISTIR 7399 FAQ
doi:10.6028/NIST.IR.7399 [Direct Link]
NISTIR 7285February 2006 Computer Security Division 2005 Annual Report
NISTIR 7285 FAQ
doi:10.6028/NIST.IR.7285 [Direct Link]
NISTIR 7219April 2005 Computer Security Division 2004 Annual Report
NISTIR 7219 FAQ
doi:10.6028/NIST.IR.7219 [Direct Link]
NISTIR 7111April 2004 Computer Security Division 2003 Annual Report
NISTIR 7111 FAQ
doi:10.6028/NIST.IR.7111 [Direct Link]
Back to Top
Categorization of All Information & Information Systems & Minimum Security Requirements for Each Category
NumberDateTitle
FIPS 200March 2006 Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199February 2004 Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-192June 2017Verification and Test Methods for Access Control Policies/Models
SP 800-192 FAQ
doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-154 
(Draft)
March 2016 DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-76-2July 2013 Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-70 Rev. 3November 2015 (Updated 12/8/2016)National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-70r3 [Direct Link]
National Checklist Program
SP 800-60 Vol. 2 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
SP 800-60 Vol. 2, Rev. 1: Appendices FAQ
doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-60 Vol. 1 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-53A Rev. 4December 2014 (Updated 12/18/2014)Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
Word version of SP 800-53A Rev. 4 (12-18-2014)
XML file for SP 800-53A Rev. 4 (06-16-2015)
Press Release
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-37 Rev. 1February 2010 (Updated 6/5/2014)Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
SP 800-34 Rev. 1May 2010 (Updated 11/11/2010)Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link]
Business Impact Analysis (BIA) Template
Contingency Planning: Low Impact System Template
Contingency Planning: Moderate Impact System Template
Contingency Planning: High Impact System Template
SP 800-30 Rev. 1September 2012 Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link]
SP 800-30 Rev. 1 (EPUB) FAQ
Press Release
SP 800-18 Rev. 1February 2006 Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link]
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8085 
(Draft)
December 2015 DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication
NISTIR 8060April 2016 Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link]
Guideline Summary for NISTIR 8060
Schema Definition for NISTIR 8060
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904December 2015 Trusted Geolocation in the Cloud: Proof of Concept Implementation
NISTIR 7904 FAQ
doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7698August 2011 Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698 FAQ
doi:10.6028/NIST.IR.7698 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7697August 2011 Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697 FAQ
doi:10.6028/NIST.IR.7697 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7696August 2011 Common Platform Enumeration: Name Matching Specification Version 2.3
NISTIR 7696 FAQ
doi:10.6028/NIST.IR.7696 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7695August 2011 Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695 FAQ
doi:10.6028/NIST.IR.7695 [Direct Link]
Press Release (for NISTIRs 7695-7698)
NISTIR 7516August 2008 Forensic Filtering of Cell Phone Protocols
NISTIR 7516 FAQ
doi:10.6028/NIST.IR.7516 [Direct Link]
ITL BulletinMarch 2017Fundamentals of Small Business Information Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinJanuary 2015Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinAugust 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Whitepaper6/3/2014Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management
Paper
Back to Top
Detection & Handling of Information Security Incidents
NumberDateTitle
FIPS 198-1July 2008 The Keyed-Hash Message Authentication Code (HMAC)
FIPS 198-1 FAQ
doi:10.6028/NIST.FIPS.198-1 [Direct Link]
FIPS 180-4August 2015 Secure Hash Standard (SHS)
FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ
doi:10.6028/NIST.FIPS.180-4 [Direct Link]
Federal Register Notice
Comments received on FIPS 180-4 (Aug. 2014)
FIPS 140-2May 25, 2001 (Change Notice 2, 12/3/2002)Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link]
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Comments on FIPS 140-1 (Oct. 1998)
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-154 
(Draft)
March 2016 DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125January 2011 Guide to Security for Full Virtualization Technologies
SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link]
Press Release
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-114 Rev. 1July 2016User's Guide to Telework and Bring Your Own Device (BYOD) Security
SP 800-114 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113July 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111November 2007 Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-107 Rev. 1August 2012 Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106February 2009 Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-86August 2006 Guide to Integrating Forensic Techniques into Incident Response
SP 800-86 FAQ
doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-84September 2006 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link]
SP 800-84 (EPUB) FAQ
SP 800-83 Rev. 1July 2013 Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-76-2July 2013 Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-61 Rev. 2August 2012 Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
Press Release
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 8085 
(Draft)
December 2015 DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication
NISTIR 8060April 2016 Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link]
Guideline Summary for NISTIR 8060
Schema Definition for NISTIR 8060
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904December 2015 Trusted Geolocation in the Cloud: Proof of Concept Implementation
NISTIR 7904 FAQ
doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
ITL BulletinMarch 2017Fundamentals of Small Business Information Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinMay 2007Securing Radio Frequency Identification (RFID) Systems
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinOctober 2006Log Management: Using Computer and Network Records to Improve Information Security
ITL BulletinSeptember 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL BulletinAugust 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL BulletinApril 2006Protecting Sensitive Information Transmitted in Public Networks
Back to Top
Identification of an Information System as a National Security System
NumberDateTitle
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-154 
(Draft)
March 2016 DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-59August 2003 Guideline for Identifying an Information System as a National Security System
SP 800-59 FAQ
doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
NISTIR 8085 
(Draft)
December 2015 DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication
NISTIR 8060April 2016 Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link]
Guideline Summary for NISTIR 8060
Schema Definition for NISTIR 8060
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904December 2015 Trusted Geolocation in the Cloud: Proof of Concept Implementation
NISTIR 7904 FAQ
doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
ITL BulletinMarch 2017Fundamentals of Small Business Information Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinApril 2006Protecting Sensitive Information Transmitted in Public Networks
Back to Top
Manage Security Incidents
NumberDateTitle
SP 800-184December 2016Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link]
Press Release (12-22-2016)
SP 800-179December 2016Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link]
Supplemental Content (GitHub)
National Checklist Program
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-154 
(Draft)
March 2016 DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-122April 2010 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link]
SP 800-122 (EPUB) FAQ
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-86August 2006 Guide to Integrating Forensic Techniques into Incident Response
SP 800-86 FAQ
doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-83 Rev. 1July 2013 Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-61 Rev. 2August 2012 Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
Press Release
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-40 Rev. 3July 2013 Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
Press Release
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
NISTIR 8085 
(Draft)
December 2015 DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication
NISTIR 8060April 2016 Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link]
Guideline Summary for NISTIR 8060
Schema Definition for NISTIR 8060
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023February 2015 Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904December 2015 Trusted Geolocation in the Cloud: Proof of Concept Implementation
NISTIR 7904 FAQ
doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7817November 2012 A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
ITL BulletinMarch 2017Fundamentals of Small Business Information Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinOctober 2006Log Management: Using Computer and Network Records to Improve Information Security
ITL BulletinSeptember 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL BulletinApril 2006Protecting Sensitive Information Transmitted in Public Networks
Back to Top

Health Insurance Portability and Accountability Act (HIPAA)

Assure Health Information Privacy & Security
NumberDateTitle
SP 800-177September 2016Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link]
High Assurance Domains project
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-124 Rev. 1June 2013 Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
Press Release
SP 800-111November 2007 Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
SP 1800-1 
(Draft)
July 2015 DRAFT Securing Electronic Health Records on Mobile Devices
Announcement and Draft Publication
NISTIR 8053October 2015 De-Identification of Personal Information
NISTIR 8053 FAQ
doi:10.6028/NIST.IR.8053 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7497September 2010 Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link]
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinOctober 2006Log Management: Using Computer and Network Records to Improve Information Security
Back to Top
Standardize Electronic Data Interchange in Health Care Transactions
NumberDateTitle
SP 800-177September 2016Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link]
High Assurance Domains project
SP 800-167October 2015 Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-66 Rev. 1October 2008 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 1800-1 
(Draft)
July 2015 DRAFT Securing Electronic Health Records on Mobile Devices
Announcement and Draft Publication
NISTIR 8053October 2015 De-Identification of Personal Information
NISTIR 8053 FAQ
doi:10.6028/NIST.IR.8053 [Direct Link]
NISTIR 7966October 2015 Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link]
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
Back to Top

Homeland Security Presidential Directive-12 (HSPD-12)

Establishes a Mandatory, Government-Wide Standard for Secure & Reliable Forms of Identification Issued by the Federal Government to its Employees & Contractors
NumberDateTitle
FIPS 201-2August 2013 Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
Revised Draft (July 2012)
Draft FIPS 201-2 (March 2011)
SP 800-166June 2016 Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156May 2016 Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-85A-4April 2016 PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
SP 800-85A-4 FAQ
doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 
(Draft)
August 2014 DRAFT PIV Data Model Test Guidelines
Announcement and Draft Publication
SP 800-85BJuly 2006 PIV Data Model Test Guidelines
SP 800-85B FAQ
doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-79-2July 2015 Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
SP 800-79-2 FAQ
doi:10.6028/NIST.SP.800-79-2 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-76-2July 2013 Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
NISTIR 8055January 2016 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 7981 
(Draft)
March 2014 DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NISTIR 7849March 2014 A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7676June 2010 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 FAQ
doi:10.6028/NIST.IR.7676 [Direct Link]
NISTIR 7611August 2009 Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7452November 2007 Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7337August 2006 Personal Identity Verification Demonstration Summary
NISTIR 7337 FAQ
doi:10.6028/NIST.IR.7337 [Direct Link]
NISTIR 7284January 2006 Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link]
ITL BulletinAugust 2016NIST Updates Personal Identity Verification (PIV) Guidelines
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinJuly 2007Border Gateway Protocol (BGP) Security
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinMay 2007Securing Radio Frequency Identification (RFID) Systems
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinNovember 2006Guide to Securing Computers Using Windows XP Home Edition
ITL BulletinAugust 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL BulletinApril 2006Protecting Sensitive Information Transmitted in Public Networks
ITL BulletinJanuary 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
Back to Top

Homeland Security Presidential Directive-7 (HSPD-7)

Protect Critical Infrastructure
NumberDateTitle
FIPS 200March 2006 Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199February 2004 Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-192June 2017Verification and Test Methods for Access Control Policies/Models
SP 800-192 FAQ
doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-157December 2014 Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-82 Rev. 2May 2015 Guide to Industrial Control Systems (ICS) Security
SP 800-82 Revision 2 FAQ
doi:10.6028/NIST.SP.800-82r2 [Direct Link]
Press Release
SP 800-60 Vol. 2 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
SP 800-60 Vol. 2, Rev. 1: Appendices FAQ
doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1August 2008 Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-60 Vol. 1 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-59August 2003 Guideline for Identifying an Information System as a National Security System
SP 800-59 FAQ
doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-41 Rev. 1September 2009 Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-37 Rev. 1February 2010 (Updated 6/5/2014)Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
SP 800-30 Rev. 1September 2012 Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link]
SP 800-30 Rev. 1 (EPUB) FAQ
Press Release
SP 800-18 Rev. 1February 2006 Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 1800-6 
(Draft)
November 2016DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication
NISTIR 7981 
(Draft)
March 2014 DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NISTIR 7823March 2015 Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
NISTIR 7823 FAQ
doi:10.6028/NIST.IR.7823 [Direct Link]
ITL BulletinNovember 2015Tailoring Security Controls for Industrial Control Systems
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinJuly 2007Border Gateway Protocol (BGP) Security
ITL BulletinMay 2007Securing Radio Frequency Identification (RFID) Systems
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinNovember 2006Guide to Securing Computers Using Windows XP Home Edition
ITL BulletinAugust 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL BulletinApril 2006Protecting Sensitive Information Transmitted in Public Networks
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Whitepaper 
(Draft)
January 2017DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication
Whitepaper 
(Draft)
March 20, 2017DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication
Back to Top

OMB Circular A-11: Preparation, Submission, and Execution of the Budget

Capital Planning
NumberDateTitle
SP 800-65January 2005 Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65 FAQ
doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-55 Rev. 1July 2008 Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 7773November 2010 An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events
NISTIR 7773 FAQ
doi:10.6028/NIST.IR.7773 [Direct Link]
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
Back to Top

OMB Circular A-130: Management of Federal Information Resources, Appendix III: Security of Federal Automated Information Resources

Assess Risks
NumberDateTitle
FIPS 199February 2004 Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-153February 2012 Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link]
Press Release (Mar. 6, 2012)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A 
(Draft)
October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-122April 2010 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link]
SP 800-122 (EPUB) FAQ
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-116 Rev. 1 
(Draft)
December 2015 DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116November 2008 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-113July 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111November 2007 Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-107 Rev. 1August 2012 Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106February 2009 Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-48 Rev. 1July 2008 Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8139 
(Draft)
February 2017DRAFT Identifying Uniformity with Entropy and Divergence
Announcement and Draft Publication
NISTIR 8058 
(Draft)
May 1, 2015 DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content
Announcement and Draft Publication
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7692April 2011 Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link]
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
Back to Top
Certify & Accredit Systems
NumberDateTitle
FIPS 200March 2006 Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A 
(Draft)
October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-111November 2007 Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-37 Rev. 1February 2010 (Updated 6/5/2014)Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
NISTIR 8058 
(Draft)
May 1, 2015 DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content
Announcement and Draft Publication
NISTIR 8011 Vol. 2June 2017Automation Support for Security Control Assessments: Hardware Asset Management
NISTIR 8011 Vol. 2 FAQ
doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1June 2017Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7802September 2011 Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7692April 2011 Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link]
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Back to Top
Conduct Security Awareness Training
NumberDateTitle
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-125A 
(Draft)
October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-78-4May 2015 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-50October 2003 Building an Information Technology Security Awareness and Training Program
SP 800-50 FAQ
doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-16 Rev. 1 
(Draft)
March 2014 DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training
Announcement and Draft Publication
SP 800-16April 1998 Information Technology Security Training Requirements: a Role- and Performance-Based Model
SP 800-16 FAQ
doi:10.6028/NIST.SP.800-16 [Direct Link]
NISTIR 8058 
(Draft)
May 1, 2015 DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content
Announcement and Draft Publication
Back to Top
Develop Contingency Plans & Procedures
NumberDateTitle
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-125A 
(Draft)
October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-101 Rev. 1May 2014 Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-88 Rev. 1December 2014 Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-46 Rev. 2July 2016Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-34 Rev. 1May 2010 (Updated 11/11/2010)Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link]
Business Impact Analysis (BIA) Template
Contingency Planning: Low Impact System Template
Contingency Planning: Moderate Impact System Template
Contingency Planning: High Impact System Template
NISTIR 8058 
(Draft)
May 1, 2015 DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content
Announcement and Draft Publication
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
Back to Top
Manage System Configurations & Security throughout the System Development Life Cycle
NumberDateTitle
SP 800-192June 2017Verification and Test Methods for Access Control Policies/Models
SP 800-192 FAQ
doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-190 
(Draft)
July 2017DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication
SP 800-180 
(Draft)
February 2016 DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines
Announcement and Draft Publication
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-153February 2012 Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link]
Press Release (Mar. 6, 2012)
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012 Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-128August 2011 Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-127September 2010 Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link]
SP 800-127 (EPUB) FAQ
Press Release
SP 800-126A 
(Draft)
July 2016DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication
SP 800-126 Rev. 3 
(Draft)
July 2016DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication
SP 800-126 Rev. 2September 2011 (Updated 3/19/2012)The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1February 2011 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126November 2009 The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A 
(Draft)
October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-124 Rev. 1June 2013 Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
Press Release
SP 800-123July 2008 Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link]
SP 800-123 (EPUB) FAQ
SP 800-117 Rev. 1 
(Draft)
January 2012 DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117July 2010 Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-114 Rev. 1July 2016User's Guide to Telework and Bring Your Own Device (BYOD) Security
SP 800-114 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113July 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111November 2007 Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-107 Rev. 1August 2012 Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106February 2009 Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-98April 2007 Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 2012 DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94February 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-70 Rev. 3November 2015 (Updated 12/8/2016)National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-70r3 [Direct Link]
National Checklist Program
SP 800-68 Rev. 1October 2008 Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link]
SP 800-64 Rev. 2October 2008 Security Considerations in the System Development Life Cycle
SP 800-64 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-64r2 [Direct Link]
SP 800-54July 2007 Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1February 2011 Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-46 Rev. 2July 2016Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-40 Rev. 3July 2013 Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
Press Release
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-34 Rev. 1May 2010 (Updated 11/11/2010)Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link]
Business Impact Analysis (BIA) Template
Contingency Planning: Low Impact System Template
Contingency Planning: Moderate Impact System Template
Contingency Planning: High Impact System Template
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8062January 2017An Introduction to Privacy Engineering and Risk Management in Federal Systems
NISTIR 8062 FAQ
doi:10.6028/NIST.IR.8062 [Direct Link]
"Making Privacy Concrete (three words not usually found together)" (blog post)
NISTIR 8058 
(Draft)
May 1, 2015 DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content
Announcement and Draft Publication
NISTIR 7848 
(Draft)
May 2012 DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NISTIR 7800 
(Draft)
January 2012 DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NISTIR 7799 
(Draft)
January 2012 DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NISTIR 7756 
(Draft)
January 2012 DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NISTIR 7694June 2011 Specification for Asset Reporting Format 1.1
NISTIR 7694 FAQ
doi:10.6028/NIST.IR.7694 [Direct Link]
NISTIR 7693June 2011 Specification for Asset Identification 1.1
NISTIR 7693 FAQ
doi:10.6028/NIST.IR.7693 [Direct Link]
NISTIR 7511 Rev. 4January 2016 Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
NISTIR 7511 Rev. 4 FAQ
doi:10.6028/NIST.IR.7511r4 [Direct Link]
NISTIR 7316September 2006 Assessment of Access Control Systems
NISTIR 7316 FAQ
doi:10.6028/NIST.IR.7316 [Direct Link]
ITL BulletinApril 2017Building the Bridge Between Privacy and Cybersecurity for Federal Systems
ITL BulletinMarch 2016Updates to the NIST SCAP Validation Program and Associated Test Requirements
ITL BulletinMay 2011Using Security Configuration Checklists and the National Checklist Program
ITL BulletinNovember 2009Cybersecurity Fundamentals for Small Business Owners
ITL BulletinOctober 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
Back to Top
Mandates Agency-Wide Information Security Program Development & Implementation
NumberDateTitle
SP 800-161April 2015 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-147BAugust 2014 BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147April 2011 BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-145September 2011 The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144December 2011 Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-137September 2011 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-125A 
(Draft)
October 20, 2014 DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-100October 2006 (Updated 3/7/2007)Information Security Handbook: A Guide for Managers
SP 800-100 (including updates as of 03-07-2007) FAQ
doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-53 Rev. 4April 2013 (Updated 1/22/2015)Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-44 Version 2September 2007 Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39March 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-18 Rev. 1February 2006 Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link]
NISTIR 8179 
(Draft)
July 2017DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication
NISTIR 8058 
(Draft)
May 1, 2015 DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content
Announcement and Draft Publication