Browse FIPS, NIST Special Publications, NISTIRs and ITL Bulletins by legal requirement (see the left navigation menu).
There are certain legal requirements regarding IT security with which Federal agencies must comply; these sources include legislation, Presidential Directives and Office of Management and Budget (OMB) Circulars. CSD technical publications are organized below according to relevant legal requirement.
Cybersecurity Enhancement Act of 2014 |
Interagency Coordination |
NISTIR 8074 Vol. 2 | December 2015 | Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity NISTIR 8074 Vol. 2 FAQ doi:10.6028/NIST.IR.8074v2 [Direct Link] |
NISTIR 8074 Vol. 1 | December 2015 | Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity NISTIR 8074 Vol. 1 FAQ doi:10.6028/NIST.IR.8074v1 [Direct Link] |
Whitepaper (Draft) | January 2017 | DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication |
|
Back to Top |
Cybersecurity Strategy and Implementation Plan (CSIP) |
Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology |
|
Back to Top |
Prioritized Identification and Protection of High Value Information and Assets |
|
Back to Top |
Rapid Recovery from Incidents and Accelerated Adoption of Lessons Learned |
|
Back to Top |
Timely Detection of and Rapid Response to Cyber Incidents |
|
Back to Top |
E-Government Act of 2002 |
Mandates NIST Development of Security Standards |
|
Back to Top |
Federal Information Security Management Act of 2002 (FISMA) |
Annual Public Report on Activities Undertaken in the Previous Year |
|
Back to Top |
Categorization of All Information & Information Systems & Minimum Security Requirements for Each Category |
|
Back to Top |
Detection & Handling of Information Security Incidents |
FIPS 198-1 | July 2008 | The Keyed-Hash Message Authentication Code (HMAC) FIPS 198-1 FAQ doi:10.6028/NIST.FIPS.198-1 [Direct Link] |
FIPS 180-4 | August 2015 | Secure Hash Standard (SHS) FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ doi:10.6028/NIST.FIPS.180-4 [Direct Link] |
| | Federal Register Notice |
| | Comments received on FIPS 180-4 (Aug. 2014) |
FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules FIPS 140-2 (including change notices as of 12-03-2002) FAQ doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery SP 800-184 FAQ doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
SP 800-179 | December 2016 | Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 FAQ doi:10.6028/NIST.SP.800-179 [Direct Link] |
| | Supplemental Content (GitHub) |
| | National Checklist Program |
SP 800-167 | October 2015 | Guide to Application Whitelisting SP 800-167 FAQ doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
SP 800-166 | June 2016 | Derived PIV Application and Data Model Test Guidelines SP 800-166 FAQ doi:10.6028/NIST.SP.800-166 [Direct Link] |
SP 800-157 | December 2014 | Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 FAQ doi:10.6028/NIST.SP.800-157 [Direct Link] |
| | Comments and resolutions on Draft SP 800-157 (Mar. 2014) |
SP 800-156 | May 2016 | Representation of PIV Chain-of-Trust for Import and Export SP 800-156 FAQ doi:10.6028/NIST.SP.800-156 [Direct Link] |
| | XSD Schema File for SP 800-156 Chain of Trust |
SP 800-154 (Draft) | March 2016 | DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication |
SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers SP 800-147B FAQ doi:10.6028/NIST.SP.800-147B [Direct Link] |
SP 800-147 | April 2011 | BIOS Protection Guidelines SP 800-147 FAQ doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-146 | May 2012 | Cloud Computing Synopsis and Recommendations SP 800-146 FAQ doi:10.6028/NIST.SP.800-146 [Direct Link] |
| | SP 800-146 (EPUB) FAQ |
| | Press Release |
SP 800-145 | September 2011 | The NIST Definition of Cloud Computing SP 800-145 FAQ doi:10.6028/NIST.SP.800-145 [Direct Link] |
| | SP 800-145 (EPUB) FAQ |
| | Press Release |
SP 800-144 | December 2011 | Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 FAQ doi:10.6028/NIST.SP.800-144 [Direct Link] |
| | SP 800-144 (EPUB) FAQ |
| | Press Release |
SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 FAQ doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
SP 800-126A (Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication |
SP 800-126 Rev. 3 (Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication |
SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 FAQ doi:10.6028/NIST.SP.800-126 [Direct Link] |
SP 800-125 | January 2011 | Guide to Security for Full Virtualization Technologies SP 800-125 FAQ doi:10.6028/NIST.SP.800-125 [Direct Link] |
| | Press Release |
SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 FAQ doi:10.6028/NIST.SP.800-117 [Direct Link] |
SP 800-116 Rev. 1 (Draft) | December 2015 | DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication |
SP 800-116 | November 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 FAQ doi:10.6028/NIST.SP.800-116 [Direct Link] |
SP 800-114 Rev. 1 | July 2016 | User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link] |
SP 800-113 | July 2008 | Guide to SSL VPNs SP 800-113 FAQ doi:10.6028/NIST.SP.800-113 [Direct Link] |
SP 800-111 | November 2007 | Guide to Storage Encryption Technologies for End User Devices SP 800-111 FAQ doi:10.6028/NIST.SP.800-111 [Direct Link] |
SP 800-107 Rev. 1 | August 2012 | Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link] |
SP 800-106 | February 2009 | Randomized Hashing for Digital Signatures SP 800-106 FAQ doi:10.6028/NIST.SP.800-106 [Direct Link] |
SP 800-101 Rev. 1 | May 2014 | Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link] |
SP 800-98 | April 2007 | Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 FAQ doi:10.6028/NIST.SP.800-98 [Direct Link] |
SP 800-94 Rev. 1 (Draft) | July 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication |
SP 800-94 | February 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 FAQ doi:10.6028/NIST.SP.800-94 [Direct Link] |
SP 800-86 | August 2006 | Guide to Integrating Forensic Techniques into Incident Response SP 800-86 FAQ doi:10.6028/NIST.SP.800-86 [Direct Link] |
SP 800-84 | September 2006 | Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84 FAQ doi:10.6028/NIST.SP.800-84 [Direct Link] |
| | SP 800-84 (EPUB) FAQ |
SP 800-83 Rev. 1 | July 2013 | Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link] |
SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
SP 800-76-2 | July 2013 | Biometric Specifications for Personal Identity Verification SP 800-76-2 FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link] |
SP 800-61 Rev. 2 | August 2012 | Computer Security Incident Handling Guide SP 800-61 Rev. 2 FAQ doi:10.6028/NIST.SP.800-61r2 [Direct Link] |
| | Press Release |
SP 800-54 | July 2007 | Border Gateway Protocol Security SP 800-54 FAQ doi:10.6028/NIST.SP.800-54 [Direct Link] |
SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| | Press Release |
SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
SP 800-44 Version 2 | September 2007 | Guidelines on Securing Public Web Servers SP 800-44 Version 2 FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
SP 800-39 | March 2011 | Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 FAQ doi:10.6028/NIST.SP.800-39 [Direct Link] |
| | Press Release |
SP 1800-6 (Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication |
NISTIR 8085 (Draft) | December 2015 | DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication |
NISTIR 8060 | April 2016 | Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 FAQ doi:10.6028/NIST.IR.8060 [Direct Link] |
| | Guideline Summary for NISTIR 8060 |
| | Schema Definition for NISTIR 8060 |
NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 FAQ doi:10.6028/NIST.IR.8055 [Direct Link] |
NISTIR 8023 | February 2015 | Risk Management for Replication Devices NISTIR 8023 FAQ doi:10.6028/NIST.IR.8023 [Direct Link] |
NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 FAQ doi:10.6028/NIST.IR.7966 [Direct Link] |
NISTIR 7904 | December 2015 | Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 FAQ doi:10.6028/NIST.IR.7904 [Direct Link] |
NISTIR 7817 | November 2012 | A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 FAQ doi:10.6028/NIST.IR.7817 [Direct Link] |
ITL Bulletin | March 2017 | Fundamentals of Small Business Information Security |
ITL Bulletin | February 2017 | Guide for Cybersecurity Incident Recovery |
ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
ITL Bulletin | December 2014 | Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials |
ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
ITL Bulletin | June 2007 | Forensic Techniques for Cell Phones |
ITL Bulletin | May 2007 | Securing Radio Frequency Identification (RFID) Systems |
ITL Bulletin | February 2007 | Intrusion Detection and Prevention Systems |
ITL Bulletin | December 2006 | Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs |
ITL Bulletin | October 2006 | Log Management: Using Computer and Network Records to Improve Information Security |
ITL Bulletin | September 2006 | Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents |
ITL Bulletin | August 2006 | Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems |
ITL Bulletin | April 2006 | Protecting Sensitive Information Transmitted in Public Networks |
|
Back to Top |
Identification of an Information System as a National Security System |
|
Back to Top |
Manage Security Incidents |
SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery SP 800-184 FAQ doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
SP 800-179 | December 2016 | Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 FAQ doi:10.6028/NIST.SP.800-179 [Direct Link] |
| | Supplemental Content (GitHub) |
| | National Checklist Program |
SP 800-167 | October 2015 | Guide to Application Whitelisting SP 800-167 FAQ doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
SP 800-166 | June 2016 | Derived PIV Application and Data Model Test Guidelines SP 800-166 FAQ doi:10.6028/NIST.SP.800-166 [Direct Link] |
SP 800-157 | December 2014 | Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 FAQ doi:10.6028/NIST.SP.800-157 [Direct Link] |
| | Comments and resolutions on Draft SP 800-157 (Mar. 2014) |
SP 800-156 | May 2016 | Representation of PIV Chain-of-Trust for Import and Export SP 800-156 FAQ doi:10.6028/NIST.SP.800-156 [Direct Link] |
| | XSD Schema File for SP 800-156 Chain of Trust |
SP 800-154 (Draft) | March 2016 | DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication |
SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers SP 800-147B FAQ doi:10.6028/NIST.SP.800-147B [Direct Link] |
SP 800-147 | April 2011 | BIOS Protection Guidelines SP 800-147 FAQ doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-146 | May 2012 | Cloud Computing Synopsis and Recommendations SP 800-146 FAQ doi:10.6028/NIST.SP.800-146 [Direct Link] |
| | SP 800-146 (EPUB) FAQ |
| | Press Release |
SP 800-145 | September 2011 | The NIST Definition of Cloud Computing SP 800-145 FAQ doi:10.6028/NIST.SP.800-145 [Direct Link] |
| | SP 800-145 (EPUB) FAQ |
| | Press Release |
SP 800-144 | December 2011 | Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 FAQ doi:10.6028/NIST.SP.800-144 [Direct Link] |
| | SP 800-144 (EPUB) FAQ |
| | Press Release |
SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 FAQ doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
SP 800-126A (Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication |
SP 800-126 Rev. 3 (Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication |
SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-122 | April 2010 | Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 FAQ doi:10.6028/NIST.SP.800-122 [Direct Link] |
| | SP 800-122 (EPUB) FAQ |
SP 800-117 Rev. 1 (Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication |
SP 800-101 Rev. 1 | May 2014 | Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link] |
SP 800-94 Rev. 1 (Draft) | July 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication |
SP 800-94 | February 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 FAQ doi:10.6028/NIST.SP.800-94 [Direct Link] |
SP 800-86 | August 2006 | Guide to Integrating Forensic Techniques into Incident Response SP 800-86 FAQ doi:10.6028/NIST.SP.800-86 [Direct Link] |
SP 800-83 Rev. 1 | July 2013 | Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link] |
SP 800-61 Rev. 2 | August 2012 | Computer Security Incident Handling Guide SP 800-61 Rev. 2 FAQ doi:10.6028/NIST.SP.800-61r2 [Direct Link] |
| | Press Release |
SP 800-54 | July 2007 | Border Gateway Protocol Security SP 800-54 FAQ doi:10.6028/NIST.SP.800-54 [Direct Link] |
SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| | Press Release |
SP 800-44 Version 2 | September 2007 | Guidelines on Securing Public Web Servers SP 800-44 Version 2 FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
SP 800-40 Rev. 3 | July 2013 | Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link] |
| | Press Release |
SP 800-39 | March 2011 | Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 FAQ doi:10.6028/NIST.SP.800-39 [Direct Link] |
| | Press Release |
NISTIR 8085 (Draft) | December 2015 | DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication |
NISTIR 8060 | April 2016 | Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 FAQ doi:10.6028/NIST.IR.8060 [Direct Link] |
| | Guideline Summary for NISTIR 8060 |
| | Schema Definition for NISTIR 8060 |
NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 FAQ doi:10.6028/NIST.IR.8055 [Direct Link] |
NISTIR 8023 | February 2015 | Risk Management for Replication Devices NISTIR 8023 FAQ doi:10.6028/NIST.IR.8023 [Direct Link] |
NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 FAQ doi:10.6028/NIST.IR.7966 [Direct Link] |
NISTIR 7904 | December 2015 | Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 FAQ doi:10.6028/NIST.IR.7904 [Direct Link] |
NISTIR 7848 (Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication |
NISTIR 7817 | November 2012 | A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 FAQ doi:10.6028/NIST.IR.7817 [Direct Link] |
NISTIR 7800 (Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication |
NISTIR 7799 (Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication |
NISTIR 7756 (Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication |
ITL Bulletin | March 2017 | Fundamentals of Small Business Information Security |
ITL Bulletin | February 2017 | Guide for Cybersecurity Incident Recovery |
ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
ITL Bulletin | December 2014 | Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials |
ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
ITL Bulletin | June 2007 | Forensic Techniques for Cell Phones |
ITL Bulletin | February 2007 | Intrusion Detection and Prevention Systems |
ITL Bulletin | December 2006 | Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs |
ITL Bulletin | October 2006 | Log Management: Using Computer and Network Records to Improve Information Security |
ITL Bulletin | September 2006 | Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents |
ITL Bulletin | April 2006 | Protecting Sensitive Information Transmitted in Public Networks |
|
Back to Top |
Health Insurance Portability and Accountability Act (HIPAA) |
Assure Health Information Privacy & Security |
|
Back to Top |
Standardize Electronic Data Interchange in Health Care Transactions |
|
Back to Top |
Homeland Security Presidential Directive-12 (HSPD-12) |
Establishes a Mandatory, Government-Wide Standard for Secure & Reliable Forms of Identification Issued by the Federal Government to its Employees & Contractors |
|
Back to Top |
Homeland Security Presidential Directive-7 (HSPD-7) |
Protect Critical Infrastructure |
|
Back to Top |
OMB Circular A-11: Preparation, Submission, and Execution of the Budget |
Capital Planning |
|
Back to Top |
OMB Circular A-130: Management of Federal Information Resources, Appendix III: Security of Federal Automated Information Resources |
Assess Risks |
FIPS 199 | February 2004 | Standards for Security Categorization of Federal Information and Information Systems FIPS 199 FAQ doi:10.6028/NIST.FIPS.199 [Direct Link] |
SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 FAQ doi:10.6028/NIST.SP.800-161 [Direct Link] |
SP 800-153 | February 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 FAQ doi:10.6028/NIST.SP.800-153 [Direct Link] |
| | Press Release (Mar. 6, 2012) |
SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers SP 800-147B FAQ doi:10.6028/NIST.SP.800-147B [Direct Link] |
SP 800-147 | April 2011 | BIOS Protection Guidelines SP 800-147 FAQ doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-146 | May 2012 | Cloud Computing Synopsis and Recommendations SP 800-146 FAQ doi:10.6028/NIST.SP.800-146 [Direct Link] |
| | SP 800-146 (EPUB) FAQ |
| | Press Release |
SP 800-145 | September 2011 | The NIST Definition of Cloud Computing SP 800-145 FAQ doi:10.6028/NIST.SP.800-145 [Direct Link] |
| | SP 800-145 (EPUB) FAQ |
| | Press Release |
SP 800-144 | December 2011 | Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 FAQ doi:10.6028/NIST.SP.800-144 [Direct Link] |
| | SP 800-144 (EPUB) FAQ |
| | Press Release |
SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 FAQ doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
SP 800-126A (Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication |
SP 800-126 Rev. 3 (Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication |
SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 FAQ doi:10.6028/NIST.SP.800-126 [Direct Link] |
SP 800-125A (Draft) | October 20, 2014 | DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication |
SP 800-122 | April 2010 | Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 FAQ doi:10.6028/NIST.SP.800-122 [Direct Link] |
| | SP 800-122 (EPUB) FAQ |
SP 800-117 Rev. 1 (Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication |
SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 FAQ doi:10.6028/NIST.SP.800-117 [Direct Link] |
SP 800-116 Rev. 1 (Draft) | December 2015 | DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication |
SP 800-116 | November 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 FAQ doi:10.6028/NIST.SP.800-116 [Direct Link] |
SP 800-113 | July 2008 | Guide to SSL VPNs SP 800-113 FAQ doi:10.6028/NIST.SP.800-113 [Direct Link] |
SP 800-111 | November 2007 | Guide to Storage Encryption Technologies for End User Devices SP 800-111 FAQ doi:10.6028/NIST.SP.800-111 [Direct Link] |
SP 800-107 Rev. 1 | August 2012 | Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link] |
SP 800-106 | February 2009 | Randomized Hashing for Digital Signatures SP 800-106 FAQ doi:10.6028/NIST.SP.800-106 [Direct Link] |
SP 800-101 Rev. 1 | May 2014 | Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link] |
SP 800-98 | April 2007 | Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 FAQ doi:10.6028/NIST.SP.800-98 [Direct Link] |
SP 800-94 Rev. 1 (Draft) | July 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication |
SP 800-94 | February 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 FAQ doi:10.6028/NIST.SP.800-94 [Direct Link] |
SP 800-88 Rev. 1 | December 2014 | Guidelines for Media Sanitization SP 800-88 Revision 1 FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link] |
SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
SP 800-54 | July 2007 | Border Gateway Protocol Security SP 800-54 FAQ doi:10.6028/NIST.SP.800-54 [Direct Link] |
SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| | Press Release |
SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
SP 800-44 Version 2 | September 2007 | Guidelines on Securing Public Web Servers SP 800-44 Version 2 FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
SP 800-39 | March 2011 | Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 FAQ doi:10.6028/NIST.SP.800-39 [Direct Link] |
| | Press Release |
NISTIR 8179 (Draft) | July 2017 | DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication |
NISTIR 8139 (Draft) | February 2017 | DRAFT Identifying Uniformity with Entropy and Divergence Announcement and Draft Publication |
NISTIR 8058 (Draft) | May 1, 2015 | DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication |
NISTIR 7848 (Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication |
NISTIR 7800 (Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication |
NISTIR 7799 (Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication |
NISTIR 7756 (Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication |
NISTIR 7692 | April 2011 | Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 NISTIR 7692 FAQ doi:10.6028/NIST.IR.7692 [Direct Link] |
ITL Bulletin | February 2015 | NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization |
ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
|
Back to Top |
Certify & Accredit Systems |
FIPS 200 | March 2006 | Minimum Security Requirements for Federal Information and Information Systems FIPS 200 FAQ doi:10.6028/NIST.FIPS.200 [Direct Link] |
SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 FAQ doi:10.6028/NIST.SP.800-161 [Direct Link] |
SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers SP 800-147B FAQ doi:10.6028/NIST.SP.800-147B [Direct Link] |
SP 800-147 | April 2011 | BIOS Protection Guidelines SP 800-147 FAQ doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-146 | May 2012 | Cloud Computing Synopsis and Recommendations SP 800-146 FAQ doi:10.6028/NIST.SP.800-146 [Direct Link] |
| | SP 800-146 (EPUB) FAQ |
| | Press Release |
SP 800-145 | September 2011 | The NIST Definition of Cloud Computing SP 800-145 FAQ doi:10.6028/NIST.SP.800-145 [Direct Link] |
| | SP 800-145 (EPUB) FAQ |
| | Press Release |
SP 800-144 | December 2011 | Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 FAQ doi:10.6028/NIST.SP.800-144 [Direct Link] |
| | SP 800-144 (EPUB) FAQ |
| | Press Release |
SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 FAQ doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
SP 800-126A (Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication |
SP 800-126 Rev. 3 (Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication |
SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 FAQ doi:10.6028/NIST.SP.800-126 [Direct Link] |
SP 800-125A (Draft) | October 20, 2014 | DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication |
SP 800-117 Rev. 1 (Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication |
SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 FAQ doi:10.6028/NIST.SP.800-117 [Direct Link] |
SP 800-111 | November 2007 | Guide to Storage Encryption Technologies for End User Devices SP 800-111 FAQ doi:10.6028/NIST.SP.800-111 [Direct Link] |
SP 800-88 Rev. 1 | December 2014 | Guidelines for Media Sanitization SP 800-88 Revision 1 FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link] |
SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
SP 800-39 | March 2011 | Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 FAQ doi:10.6028/NIST.SP.800-39 [Direct Link] |
| | Press Release |
SP 800-37 Rev. 1 | February 2010 (Updated 6/5/2014) | Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link] |
| | Supplemental Guidance on Ongoing Authorization, (June 2014) |
| | Press Release |
NISTIR 8058 (Draft) | May 1, 2015 | DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication |
NISTIR 8011 Vol. 2 | June 2017 | Automation Support for Security Control Assessments: Hardware Asset Management NISTIR 8011 Vol. 2 FAQ doi:10.6028/NIST.IR.8011-2 [Direct Link] |
NISTIR 8011 Vol. 1 | June 2017 | Automation Support for Security Control Assessments: Overview NISTIR 8011 Vol. 1 FAQ doi:10.6028/NIST.IR.8011-1 [Direct Link] |
NISTIR 7848 (Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication |
NISTIR 7802 | September 2011 | Trust Model for Security Automation Data 1.0 (TMSAD) NISTIR 7802 FAQ doi:10.6028/NIST.IR.7802 [Direct Link] |
NISTIR 7800 (Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication |
NISTIR 7799 (Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication |
NISTIR 7756 (Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication |
NISTIR 7692 | April 2011 | Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 NISTIR 7692 FAQ doi:10.6028/NIST.IR.7692 [Direct Link] |
ITL Bulletin | February 2015 | NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization |
ITL Bulletin | March 2006 | Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce |
|
Back to Top |
Conduct Security Awareness Training |
|
Back to Top |
Develop Contingency Plans & Procedures |
|
Back to Top |
Manage System Configurations & Security throughout the System Development Life Cycle |
SP 800-192 | June 2017 | Verification and Test Methods for Access Control Policies/Models SP 800-192 FAQ doi:10.6028/NIST.SP.800-192 [Direct Link] |
SP 800-190 (Draft) | July 2017 | DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication |
SP 800-180 (Draft) | February 2016 | DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines Announcement and Draft Publication |
SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 FAQ doi:10.6028/NIST.SP.800-161 [Direct Link] |
SP 800-153 | February 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 FAQ doi:10.6028/NIST.SP.800-153 [Direct Link] |
| | Press Release (Mar. 6, 2012) |
SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers SP 800-147B FAQ doi:10.6028/NIST.SP.800-147B [Direct Link] |
SP 800-147 | April 2011 | BIOS Protection Guidelines SP 800-147 FAQ doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-146 | May 2012 | Cloud Computing Synopsis and Recommendations SP 800-146 FAQ doi:10.6028/NIST.SP.800-146 [Direct Link] |
| | SP 800-146 (EPUB) FAQ |
| | Press Release |
SP 800-145 | September 2011 | The NIST Definition of Cloud Computing SP 800-145 FAQ doi:10.6028/NIST.SP.800-145 [Direct Link] |
| | SP 800-145 (EPUB) FAQ |
| | Press Release |
SP 800-144 | December 2011 | Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 FAQ doi:10.6028/NIST.SP.800-144 [Direct Link] |
| | SP 800-144 (EPUB) FAQ |
| | Press Release |
SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 FAQ doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
SP 800-128 | August 2011 | Guide for Security-Focused Configuration Management of Information Systems SP 800-128 FAQ doi:10.6028/NIST.SP.800-128 [Direct Link] |
SP 800-127 | September 2010 | Guide to Securing WiMAX Wireless Communications SP 800-127 FAQ doi:10.6028/NIST.SP.800-127 [Direct Link] |
| | SP 800-127 (EPUB) FAQ |
| | Press Release |
SP 800-126A (Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication |
SP 800-126 Rev. 3 (Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication |
SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 FAQ doi:10.6028/NIST.SP.800-126 [Direct Link] |
SP 800-125A (Draft) | October 20, 2014 | DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication |
SP 800-124 Rev. 1 | June 2013 | Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link] |
| | SP 800-124 Rev. 1 (EPUB) FAQ |
| | Press Release |
SP 800-123 | July 2008 | Guide to General Server Security SP 800-123 FAQ doi:10.6028/NIST.SP.800-123 [Direct Link] |
| | SP 800-123 (EPUB) FAQ |
SP 800-117 Rev. 1 (Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication |
SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 FAQ doi:10.6028/NIST.SP.800-117 [Direct Link] |
SP 800-114 Rev. 1 | July 2016 | User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link] |
SP 800-113 | July 2008 | Guide to SSL VPNs SP 800-113 FAQ doi:10.6028/NIST.SP.800-113 [Direct Link] |
SP 800-111 | November 2007 | Guide to Storage Encryption Technologies for End User Devices SP 800-111 FAQ doi:10.6028/NIST.SP.800-111 [Direct Link] |
SP 800-107 Rev. 1 | August 2012 | Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link] |
SP 800-106 | February 2009 | Randomized Hashing for Digital Signatures SP 800-106 FAQ doi:10.6028/NIST.SP.800-106 [Direct Link] |
SP 800-98 | April 2007 | Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 FAQ doi:10.6028/NIST.SP.800-98 [Direct Link] |
SP 800-94 Rev. 1 (Draft) | July 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication |
SP 800-94 | February 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 FAQ doi:10.6028/NIST.SP.800-94 [Direct Link] |
SP 800-70 Rev. 3 | November 2015 (Updated 12/8/2016) | National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 FAQ doi:10.6028/NIST.SP.800-70r3 [Direct Link] |
| | National Checklist Program |
SP 800-68 Rev. 1 | October 2008 | Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link] |
SP 800-64 Rev. 2 | October 2008 | Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2 FAQ doi:10.6028/NIST.SP.800-64r2 [Direct Link] |
SP 800-54 | July 2007 | Border Gateway Protocol Security SP 800-54 FAQ doi:10.6028/NIST.SP.800-54 [Direct Link] |
SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| | Press Release |
SP 800-46 Rev. 2 | July 2016 | Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link] |
SP 800-44 Version 2 | September 2007 | Guidelines on Securing Public Web Servers SP 800-44 Version 2 FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
SP 800-40 Rev. 3 | July 2013 | Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link] |
| | Press Release |
SP 800-39 | March 2011 | Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 FAQ doi:10.6028/NIST.SP.800-39 [Direct Link] |
| | Press Release |
SP 800-34 Rev. 1 | May 2010 (Updated 11/11/2010) | Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link] |
| | Business Impact Analysis (BIA) Template |
| | Contingency Planning: Low Impact System Template |
| | Contingency Planning: Moderate Impact System Template |
| | Contingency Planning: High Impact System Template |
NISTIR 8179 (Draft) | July 2017 | DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication |
NISTIR 8062 | January 2017 | An Introduction to Privacy Engineering and Risk Management in Federal Systems NISTIR 8062 FAQ doi:10.6028/NIST.IR.8062 [Direct Link] |
| | "Making Privacy Concrete (three words not usually found together)" (blog post) |
NISTIR 8058 (Draft) | May 1, 2015 | DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication |
NISTIR 7848 (Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication |
NISTIR 7800 (Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication |
NISTIR 7799 (Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication |
NISTIR 7756 (Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication |
NISTIR 7694 | June 2011 | Specification for Asset Reporting Format 1.1 NISTIR 7694 FAQ doi:10.6028/NIST.IR.7694 [Direct Link] |
NISTIR 7693 | June 2011 | Specification for Asset Identification 1.1 NISTIR 7693 FAQ doi:10.6028/NIST.IR.7693 [Direct Link] |
NISTIR 7511 Rev. 4 | January 2016 | Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements NISTIR 7511 Rev. 4 FAQ doi:10.6028/NIST.IR.7511r4 [Direct Link] |
NISTIR 7316 | September 2006 | Assessment of Access Control Systems NISTIR 7316 FAQ doi:10.6028/NIST.IR.7316 [Direct Link] |
ITL Bulletin | April 2017 | Building the Bridge Between Privacy and Cybersecurity for Federal Systems |
ITL Bulletin | March 2016 | Updates to the NIST SCAP Validation Program and Associated Test Requirements |
ITL Bulletin | May 2011 | Using Security Configuration Checklists and the National Checklist Program |
ITL Bulletin | November 2009 | Cybersecurity Fundamentals for Small Business Owners |
ITL Bulletin | October 2008 | Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices |
|
Back to Top |
Mandates Agency-Wide Information Security Program Development & Implementation |
|