Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)

Search

Fulltext search of NIST's computer security publications:

Browse Publications

Publications By Legal Requirement

Browse FIPS, NIST Special Publications, NISTIRs and ITL Bulletins by legal requirement (see the left navigation menu).

There are certain legal requirements regarding IT security with which Federal agencies must comply; these sources include legislation, Presidential Directives and Office of Management and Budget (OMB) Circulars. CSD technical publications are organized below according to relevant legal requirement.

Note: Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.

Cybersecurity Enhancement Act of 2014

Interagency Coordination

Number	Date	Title
NISTIR 8074 Vol. 2	December 2015	Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity NISTIR 8074 Vol. 2 ^FAQ doi:10.6028/NIST.IR.8074v2 [Direct Link]
NISTIR 8074 Vol. 1	December 2015	Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity NISTIR 8074 Vol. 1 ^FAQ doi:10.6028/NIST.IR.8074v1 [Direct Link]
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication

Cybersecurity Strategy and Implementation Plan (CSIP)

Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology

Number	Date	Title
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication

Prioritized Identification and Protection of High Value Information and Assets

Number	Date	Title
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8139 (Draft)	February 2017	DRAFT Identifying Uniformity with Entropy and Divergence Announcement and Draft Publication
Whitepaper	April 21, 2016	Best Practices for Privileged User PIV Authentication Best Practices Paper

Rapid Recovery from Incidents and Accelerated Adoption of Lessons Learned

Number	Date	Title
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery

Timely Detection of and Rapid Response to Cyber Incidents

Number	Date	Title
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication

E-Government Act of 2002

Mandates NIST Development of Security Standards

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-188 (Draft)	December 2016	DRAFT De-Identifying Government Datasets (2nd Draft) Announcement and Draft Publication
SP 800-185	December 2016	SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash SP 800-185 ^FAQ doi:10.6028/NIST.SP.800-185 [Direct Link]
		Comments Received on Draft SP 800-185
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-152	October 2015	A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS) SP 800-152 ^FAQ doi:10.6028/NIST.SP.800-152 [Direct Link]
		Comments received on final (3rd) Draft (Dec. 2014)
		Draft 3 (Dec. 2014)
		Draft 2 (Jan. 2014)
		Draft (Aug. 2012)
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
NISTIR 7698	August 2011	Common Platform Enumeration: Applicability Language Specification Version 2.3 NISTIR 7698 ^FAQ doi:10.6028/NIST.IR.7698 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7697	August 2011	Common Platform Enumeration: Dictionary Specification Version 2.3 NISTIR 7697 ^FAQ doi:10.6028/NIST.IR.7697 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7696	August 2011	Common Platform Enumeration: Name Matching Specification Version 2.3 NISTIR 7696 ^FAQ doi:10.6028/NIST.IR.7696 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7695	August 2011	Common Platform Enumeration: Naming Specification Version 2.3 NISTIR 7695 ^FAQ doi:10.6028/NIST.IR.7695 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
ITL Bulletin	January 2017	Dramatically Reducing Software Vulnerabilities
ITL Bulletin	December 2016	Rethinking Security Through Systems Security Engineering
ITL Bulletin	July 2007	Border Gateway Protocol (BGP) Security
ITL Bulletin	June 2007	Forensic Techniques for Cell Phones
ITL Bulletin	February 2007	Intrusion Detection and Prevention Systems
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce

Federal Information Security Management Act of 2002 (FISMA)

Annual Public Report on Activities Undertaken in the Previous Year

Number	Date	Title
SP 800-182	July 2016	Computer Security Division 2015 Annual Report SP 800-182 ^FAQ doi:10.6028/NIST.SP.800-182 [Direct Link]
SP 800-176	August 2015	Computer Security Division 2014 Annual Report SP 800-176 ^FAQ doi:10.6028/NIST.SP.800-176 [Direct Link]
SP 800-170	June 2014	Computer Security Division 2013 Annual Report SP 800-170 ^FAQ doi:10.6028/NIST.SP.800-170 [Direct Link]
SP 800-165	July 2013	Computer Security Division 2012 Annual Report SP 800-165 ^FAQ doi:10.6028/NIST.SP.800-165 [Direct Link]
NISTIR 7816	May 2012	Computer Security Division 2011 Annual Report NISTIR 7816 ^FAQ doi:10.6028/NIST.IR.7816 [Direct Link]
NISTIR 7751	May 2011	Computer Security Division 2010 Annual Report NISTIR 7751 ^FAQ doi:10.6028/NIST.IR.7751 [Direct Link]
NISTIR 7653	March 2010	Computer Security Division 2009 Annual Report NISTIR 7653 ^FAQ doi:10.6028/NIST.IR.7653 [Direct Link]
NISTIR 7536	March 2009	Computer Security Division 2008 Annual Report NISTIR 7536 ^FAQ doi:10.6028/NIST.IR.7536 [Direct Link]
NISTIR 7442	April 2008	Computer Security Division 2007 Annual Report NISTIR 7442 ^FAQ doi:10.6028/NIST.IR.7442 [Direct Link]
NISTIR 7399	March 2007	Computer Security Division 2006 Annual Report NISTIR 7399 ^FAQ doi:10.6028/NIST.IR.7399 [Direct Link]
NISTIR 7285	February 2006	Computer Security Division 2005 Annual Report NISTIR 7285 ^FAQ doi:10.6028/NIST.IR.7285 [Direct Link]
NISTIR 7219	April 2005	Computer Security Division 2004 Annual Report NISTIR 7219 ^FAQ doi:10.6028/NIST.IR.7219 [Direct Link]
NISTIR 7111	April 2004	Computer Security Division 2003 Annual Report NISTIR 7111 ^FAQ doi:10.6028/NIST.IR.7111 [Direct Link]

Categorization of All Information & Information Systems & Minimum Security Requirements for Each Category

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-192	June 2017	Verification and Test Methods for Access Control Policies/Models SP 800-192 ^FAQ doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-179	December 2016	Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 ^FAQ doi:10.6028/NIST.SP.800-179 [Direct Link]
		Supplemental Content (GitHub)
		National Checklist Program
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-166	June 2016	Derived PIV Application and Data Model Test Guidelines SP 800-166 ^FAQ doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157	December 2014	Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 ^FAQ doi:10.6028/NIST.SP.800-157 [Direct Link]
		Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156	May 2016	Representation of PIV Chain-of-Trust for Import and Export SP 800-156 ^FAQ doi:10.6028/NIST.SP.800-156 [Direct Link]
		XSD Schema File for SP 800-156 Chain of Trust
SP 800-154 (Draft)	March 2016	DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-88 Rev. 1	December 2014	Guidelines for Media Sanitization SP 800-88 Revision 1 ^FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-70 Rev. 3	November 2015 (Updated 12/8/2016)	National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-70r3 [Direct Link]
		National Checklist Program
SP 800-60 Vol. 2 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices SP 800-60 Vol. 2, Rev. 1: Appendices ^FAQ doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol. 1 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-53A Rev. 4	December 2014 (Updated 12/18/2014)	Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans SP 800-53A Revision 4 ^FAQ doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
		Word version of SP 800-53A Rev. 4 (12-18-2014)
		XML file for SP 800-53A Rev. 4 (06-16-2015)
		Press Release
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
SP 800-30 Rev. 1	September 2012	Guide for Conducting Risk Assessments SP 800-30 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-30r1 [Direct Link]
		SP 800-30 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-18 Rev. 1	February 2006	Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-18r1 [Direct Link]
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7817	November 2012	A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 ^FAQ doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7698	August 2011	Common Platform Enumeration: Applicability Language Specification Version 2.3 NISTIR 7698 ^FAQ doi:10.6028/NIST.IR.7698 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7697	August 2011	Common Platform Enumeration: Dictionary Specification Version 2.3 NISTIR 7697 ^FAQ doi:10.6028/NIST.IR.7697 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7696	August 2011	Common Platform Enumeration: Name Matching Specification Version 2.3 NISTIR 7696 ^FAQ doi:10.6028/NIST.IR.7696 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7695	August 2011	Common Platform Enumeration: Naming Specification Version 2.3 NISTIR 7695 ^FAQ doi:10.6028/NIST.IR.7695 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7516	August 2008	Forensic Filtering of Cell Phone Protocols NISTIR 7516 ^FAQ doi:10.6028/NIST.IR.7516 [Direct Link]
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	February 2015	NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL Bulletin	January 2015	Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL Bulletin	December 2014	Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL Bulletin	August 2006	Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Whitepaper	6/3/2014	Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management Paper

Detection & Handling of Information Security Incidents

Number	Date	Title
FIPS 198-1	July 2008	The Keyed-Hash Message Authentication Code (HMAC) FIPS 198-1 ^FAQ doi:10.6028/NIST.FIPS.198-1 [Direct Link]
FIPS 180-4	August 2015	Secure Hash Standard (SHS) FIPS 180-4 (revised Applicability Clause, Aug. 2015) ^FAQ doi:10.6028/NIST.FIPS.180-4 [Direct Link]
		Federal Register Notice
		Comments received on FIPS 180-4 (Aug. 2014)
FIPS 140-2	May 25, 2001 (Change Notice 2, 12/3/2002)	Security Requirements for Cryptographic Modules FIPS 140-2 (including change notices as of 12-03-2002) ^FAQ doi:10.6028/NIST.FIPS.140-2 [Direct Link]
		Annex A: Approved Security Functions
		Annex B: Approved Protection Profiles
		Annex C: Approved Random Number Generators
		Annex D: Approved Key Establishment Techniques
		FIPS 140-2 (EPUB)^FAQ
		Comments on FIPS 140-1 (Oct. 1998)
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-179	December 2016	Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 ^FAQ doi:10.6028/NIST.SP.800-179 [Direct Link]
		Supplemental Content (GitHub)
		National Checklist Program
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-166	June 2016	Derived PIV Application and Data Model Test Guidelines SP 800-166 ^FAQ doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157	December 2014	Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 ^FAQ doi:10.6028/NIST.SP.800-157 [Direct Link]
		Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156	May 2016	Representation of PIV Chain-of-Trust for Import and Export SP 800-156 ^FAQ doi:10.6028/NIST.SP.800-156 [Direct Link]
		XSD Schema File for SP 800-156 Chain of Trust
SP 800-154 (Draft)	March 2016	DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125	January 2011	Guide to Security for Full Virtualization Technologies SP 800-125 ^FAQ doi:10.6028/NIST.SP.800-125 [Direct Link]
		Press Release
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-114 Rev. 1	July 2016	User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-107 Rev. 1	August 2012	Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106	February 2009	Randomized Hashing for Digital Signatures SP 800-106 ^FAQ doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-84	September 2006	Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84 ^FAQ doi:10.6028/NIST.SP.800-84 [Direct Link]
		SP 800-84 (EPUB)^FAQ
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-61 Rev. 2	August 2012	Computer Security Incident Handling Guide SP 800-61 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-61r2 [Direct Link]
		Press Release
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7817	November 2012	A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 ^FAQ doi:10.6028/NIST.IR.7817 [Direct Link]
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	December 2014	Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL Bulletin	June 2007	Forensic Techniques for Cell Phones
ITL Bulletin	May 2007	Securing Radio Frequency Identification (RFID) Systems
ITL Bulletin	February 2007	Intrusion Detection and Prevention Systems
ITL Bulletin	December 2006	Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL Bulletin	October 2006	Log Management: Using Computer and Network Records to Improve Information Security
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	August 2006	Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks

Identification of an Information System as a National Security System

Number	Date	Title
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-179	December 2016	Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 ^FAQ doi:10.6028/NIST.SP.800-179 [Direct Link]
		Supplemental Content (GitHub)
		National Checklist Program
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-166	June 2016	Derived PIV Application and Data Model Test Guidelines SP 800-166 ^FAQ doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157	December 2014	Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 ^FAQ doi:10.6028/NIST.SP.800-157 [Direct Link]
		Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156	May 2016	Representation of PIV Chain-of-Trust for Import and Export SP 800-156 ^FAQ doi:10.6028/NIST.SP.800-156 [Direct Link]
		XSD Schema File for SP 800-156 Chain of Trust
SP 800-154 (Draft)	March 2016	DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-59	August 2003	Guideline for Identifying an Information System as a National Security System SP 800-59 ^FAQ doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7817	November 2012	A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 ^FAQ doi:10.6028/NIST.IR.7817 [Direct Link]
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	December 2014	Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks

Manage Security Incidents

Number	Date	Title
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-179	December 2016	Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 ^FAQ doi:10.6028/NIST.SP.800-179 [Direct Link]
		Supplemental Content (GitHub)
		National Checklist Program
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-166	June 2016	Derived PIV Application and Data Model Test Guidelines SP 800-166 ^FAQ doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157	December 2014	Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 ^FAQ doi:10.6028/NIST.SP.800-157 [Direct Link]
		Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156	May 2016	Representation of PIV Chain-of-Trust for Import and Export SP 800-156 ^FAQ doi:10.6028/NIST.SP.800-156 [Direct Link]
		XSD Schema File for SP 800-156 Chain of Trust
SP 800-154 (Draft)	March 2016	DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-61 Rev. 2	August 2012	Computer Security Incident Handling Guide SP 800-61 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-61r2 [Direct Link]
		Press Release
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-40 Rev. 3	July 2013	Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link]
		Press Release
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7817	November 2012	A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 ^FAQ doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	December 2014	Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL Bulletin	June 2007	Forensic Techniques for Cell Phones
ITL Bulletin	February 2007	Intrusion Detection and Prevention Systems
ITL Bulletin	December 2006	Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL Bulletin	October 2006	Log Management: Using Computer and Network Records to Improve Information Security
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks

Health Insurance Portability and Accountability Act (HIPAA)

Assure Health Information Privacy & Security

Number	Date	Title
SP 800-177	September 2016	Trustworthy Email SP 800-177 ^FAQ doi:10.6028/NIST.SP.800-177 [Direct Link]
		High Assurance Domains project
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
SP 1800-1 (Draft)	July 2015	DRAFT Securing Electronic Health Records on Mobile Devices Announcement and Draft Publication
NISTIR 8053	October 2015	De-Identification of Personal Information NISTIR 8053 ^FAQ doi:10.6028/NIST.IR.8053 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7497	September 2010	Security Architecture Design Process for Health Information Exchanges (HIEs) NISTIR 7497 ^FAQ doi:10.6028/NIST.IR.7497 [Direct Link]
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	October 2006	Log Management: Using Computer and Network Records to Improve Information Security

Standardize Electronic Data Interchange in Health Care Transactions

Number	Date	Title
SP 800-177	September 2016	Trustworthy Email SP 800-177 ^FAQ doi:10.6028/NIST.SP.800-177 [Direct Link]
		High Assurance Domains project
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 1800-1 (Draft)	July 2015	DRAFT Securing Electronic Health Records on Mobile Devices Announcement and Draft Publication
NISTIR 8053	October 2015	De-Identification of Personal Information NISTIR 8053 ^FAQ doi:10.6028/NIST.IR.8053 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)

Homeland Security Presidential Directive-12 (HSPD-12)

Establishes a Mandatory, Government-Wide Standard for Secure & Reliable Forms of Identification Issued by the Federal Government to its Employees & Contractors

Number	Date	Title
FIPS 201-2	August 2013	Personal Identity Verification (PIV) of Federal Employees and Contractors FIPS 201-2 ^FAQ doi:10.6028/NIST.FIPS.201-2 [Direct Link]
		2012 Draft Comments and Dispositions
		2011 Draft Comments and Dispositions
		Revised Draft (July 2012)
		Draft FIPS 201-2 (March 2011)
SP 800-166	June 2016	Derived PIV Application and Data Model Test Guidelines SP 800-166 ^FAQ doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-157	December 2014	Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 ^FAQ doi:10.6028/NIST.SP.800-157 [Direct Link]
		Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156	May 2016	Representation of PIV Chain-of-Trust for Import and Export SP 800-156 ^FAQ doi:10.6028/NIST.SP.800-156 [Direct Link]
		XSD Schema File for SP 800-156 Chain of Trust
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-85A-4	April 2016	PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) SP 800-85A-4 ^FAQ doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 (Draft)	August 2014	DRAFT PIV Data Model Test Guidelines Announcement and Draft Publication
SP 800-85B	July 2006	PIV Data Model Test Guidelines SP 800-85B ^FAQ doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-79-2	July 2015	Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) SP 800-79-2 ^FAQ doi:10.6028/NIST.SP.800-79-2 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 7981 (Draft)	March 2014	DRAFT Mobile, PIV, and Authentication Announcement and Draft Publication
NISTIR 7849	March 2014	A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification NISTIR 7849 ^FAQ doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7676	June 2010	Maintaining and Using Key History on Personal Identity Verification (PIV) Cards NISTIR 7676 ^FAQ doi:10.6028/NIST.IR.7676 [Direct Link]
NISTIR 7611	August 2009	Use of ISO/IEC 24727 NISTIR 7611 ^FAQ doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7452	November 2007	Secure Biometric Match-on-Card Feasibility Report NISTIR 7452 ^FAQ doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7337	August 2006	Personal Identity Verification Demonstration Summary NISTIR 7337 ^FAQ doi:10.6028/NIST.IR.7337 [Direct Link]
NISTIR 7284	January 2006	Personal Identity Verification Card Management Report NISTIR 7284 ^FAQ doi:10.6028/NIST.IR.7284 [Direct Link]
ITL Bulletin	August 2016	NIST Updates Personal Identity Verification (PIV) Guidelines
ITL Bulletin	December 2014	Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL Bulletin	July 2007	Border Gateway Protocol (BGP) Security
ITL Bulletin	June 2007	Forensic Techniques for Cell Phones
ITL Bulletin	May 2007	Securing Radio Frequency Identification (RFID) Systems
ITL Bulletin	December 2006	Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	August 2006	Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks
ITL Bulletin	January 2006	Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201

Homeland Security Presidential Directive-7 (HSPD-7)

Protect Critical Infrastructure

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-192	June 2017	Verification and Test Methods for Access Control Policies/Models SP 800-192 ^FAQ doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-157	December 2014	Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 ^FAQ doi:10.6028/NIST.SP.800-157 [Direct Link]
		Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-82 Rev. 2	May 2015	Guide to Industrial Control Systems (ICS) Security SP 800-82 Revision 2 ^FAQ doi:10.6028/NIST.SP.800-82r2 [Direct Link]
		Press Release
SP 800-60 Vol. 2 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices SP 800-60 Vol. 2, Rev. 1: Appendices ^FAQ doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol. 1 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-59	August 2003	Guideline for Identifying an Information System as a National Security System SP 800-59 ^FAQ doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-41 Rev. 1	September 2009	Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
SP 800-30 Rev. 1	September 2012	Guide for Conducting Risk Assessments SP 800-30 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-30r1 [Direct Link]
		SP 800-30 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-18 Rev. 1	February 2006	Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
NISTIR 7981 (Draft)	March 2014	DRAFT Mobile, PIV, and Authentication Announcement and Draft Publication
NISTIR 7823	March 2015	Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework NISTIR 7823 ^FAQ doi:10.6028/NIST.IR.7823 [Direct Link]
ITL Bulletin	November 2015	Tailoring Security Controls for Industrial Control Systems
ITL Bulletin	December 2014	Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL Bulletin	July 2007	Border Gateway Protocol (BGP) Security
ITL Bulletin	May 2007	Securing Radio Frequency Identification (RFID) Systems
ITL Bulletin	February 2007	Intrusion Detection and Prevention Systems
ITL Bulletin	December 2006	Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	August 2006	Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	March 20, 2017	DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft) Announcement and Draft Publication

OMB Circular A-11: Preparation, Submission, and Execution of the Budget

Capital Planning

Number	Date	Title
SP 800-65	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 ^FAQ doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-55 Rev. 1	July 2008	Performance Measurement Guide for Information Security SP 800-55 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 7773	November 2010	An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events NISTIR 7773 ^FAQ doi:10.6028/NIST.IR.7773 [Direct Link]
ITL Bulletin	February 2007	Intrusion Detection and Prevention Systems

OMB Circular A-130: Management of Federal Information Resources, Appendix III: Security of Federal Automated Information Resources

Assess Risks

Number	Date	Title
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-153	February 2012	Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 ^FAQ doi:10.6028/NIST.SP.800-153 [Direct Link]
		Press Release (Mar. 6, 2012)
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-107 Rev. 1	August 2012	Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106	February 2009	Randomized Hashing for Digital Signatures SP 800-106 ^FAQ doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-88 Rev. 1	December 2014	Guidelines for Media Sanitization SP 800-88 Revision 1 ^FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8139 (Draft)	February 2017	DRAFT Identifying Uniformity with Entropy and Divergence Announcement and Draft Publication
NISTIR 8058 (Draft)	May 1, 2015	DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7692	April 2011	Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 NISTIR 7692 ^FAQ doi:10.6028/NIST.IR.7692 [Direct Link]
ITL Bulletin	February 2015	NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers

Certify & Accredit Systems

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-88 Rev. 1	December 2014	Guidelines for Media Sanitization SP 800-88 Revision 1 ^FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
NISTIR 8058 (Draft)	May 1, 2015	DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication
NISTIR 8011 Vol. 2	June 2017	Automation Support for Security Control Assessments: Hardware Asset Management NISTIR 8011 Vol. 2 ^FAQ doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1	June 2017	Automation Support for Security Control Assessments: Overview NISTIR 8011 Vol. 1 ^FAQ doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7802	September 2011	Trust Model for Security Automation Data 1.0 (TMSAD) NISTIR 7802 ^FAQ doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7692	April 2011	Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 NISTIR 7692 ^FAQ doi:10.6028/NIST.IR.7692 [Direct Link]
ITL Bulletin	February 2015	NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce

Conduct Security Awareness Training

Number	Date	Title
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-50	October 2003	Building an Information Technology Security Awareness and Training Program SP 800-50 ^FAQ doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 800-16 Rev. 1 (Draft)	March 2014	DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training Announcement and Draft Publication
SP 800-16	April 1998	Information Technology Security Training Requirements: a Role- and Performance-Based Model SP 800-16 ^FAQ doi:10.6028/NIST.SP.800-16 [Direct Link]
NISTIR 8058 (Draft)	May 1, 2015	DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication

Develop Contingency Plans & Procedures

Number	Date	Title
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-88 Rev. 1	December 2014	Guidelines for Media Sanitization SP 800-88 Revision 1 ^FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
NISTIR 8058 (Draft)	May 1, 2015	DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication
ITL Bulletin	February 2015	NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers

Manage System Configurations & Security throughout the System Development Life Cycle

Number	Date	Title
SP 800-192	June 2017	Verification and Test Methods for Access Control Policies/Models SP 800-192 ^FAQ doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-180 (Draft)	February 2016	DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines Announcement and Draft Publication
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-153	February 2012	Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 ^FAQ doi:10.6028/NIST.SP.800-153 [Direct Link]
		Press Release (Mar. 6, 2012)
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-146	May 2012	Cloud Computing Synopsis and Recommendations SP 800-146 ^FAQ doi:10.6028/NIST.SP.800-146 [Direct Link]
		SP 800-146 (EPUB)^FAQ
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-128	August 2011	Guide for Security-Focused Configuration Management of Information Systems SP 800-128 ^FAQ doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-127	September 2010	Guide to Securing WiMAX Wireless Communications SP 800-127 ^FAQ doi:10.6028/NIST.SP.800-127 [Direct Link]
		SP 800-127 (EPUB)^FAQ
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-114 Rev. 1	July 2016	User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-107 Rev. 1	August 2012	Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106	February 2009	Randomized Hashing for Digital Signatures SP 800-106 ^FAQ doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-70 Rev. 3	November 2015 (Updated 12/8/2016)	National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-70r3 [Direct Link]
		National Checklist Program
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
SP 800-64 Rev. 2	October 2008	Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-64r2 [Direct Link]
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-40 Rev. 3	July 2013	Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link]
		Press Release
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8062	January 2017	An Introduction to Privacy Engineering and Risk Management in Federal Systems NISTIR 8062 ^FAQ doi:10.6028/NIST.IR.8062 [Direct Link]
		"Making Privacy Concrete (three words not usually found together)" (blog post)
NISTIR 8058 (Draft)	May 1, 2015	DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7694	June 2011	Specification for Asset Reporting Format 1.1 NISTIR 7694 ^FAQ doi:10.6028/NIST.IR.7694 [Direct Link]
NISTIR 7693	June 2011	Specification for Asset Identification 1.1 NISTIR 7693 ^FAQ doi:10.6028/NIST.IR.7693 [Direct Link]
NISTIR 7511 Rev. 4	January 2016	Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements NISTIR 7511 Rev. 4 ^FAQ doi:10.6028/NIST.IR.7511r4 [Direct Link]
NISTIR 7316	September 2006	Assessment of Access Control Systems NISTIR 7316 ^FAQ doi:10.6028/NIST.IR.7316 [Direct Link]
ITL Bulletin	April 2017	Building the Bridge Between Privacy and Cybersecurity for Federal Systems
ITL Bulletin	March 2016	Updates to the NIST SCAP Validation Program and Associated Test Requirements
ITL Bulletin	May 2011	Using Security Configuration Checklists and the National Checklist Program
ITL Bulletin	November 2009	Cybersecurity Fundamentals for Small Business Owners
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices

Mandates Agency-Wide Information Security Program Development & Implementation

Number	Date	Title
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-145	September 2011	The NIST Definition of Cloud Computing SP 800-145 ^FAQ doi:10.6028/NIST.SP.800-145 [Direct Link]
		SP 800-145 (EPUB)^FAQ
		Press Release
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 800-18 Rev. 1	February 2006	Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-18r1 [Direct Link]
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8058 (Draft)	May 1, 2015	DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication

NIST, Computer Security Resource Center