In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

Search

Fulltext search of NIST's computer security publications:

Browse Publications

Publications By Security Control Family
(SP 800-53)

Browse FIPS, Special Publications (SP), NISTIRs and ITL Bulletins by security control family (from SP 800-53).

Note: Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.

Access Control

Number	Date	Title
FIPS 201-2	August 2013	Personal Identity Verification (PIV) of Federal Employees and Contractors FIPS 201-2 ^FAQ doi:10.6028/NIST.FIPS.201-2 [Direct Link]
		2012 Draft Comments and Dispositions
		2011 Draft Comments and Dispositions
		Revised Draft (July 2012)
		Draft FIPS 201-2 (March 2011)
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-192	June 2017	Verification and Test Methods for Access Control Policies/Models SP 800-192 ^FAQ doi:10.6028/NIST.SP.800-192 [Direct Link]
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-179	December 2016	Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-179 ^FAQ doi:10.6028/NIST.SP.800-179 [Direct Link]
		Supplemental Content (GitHub)
		National Checklist Program
SP 800-178	October 2016	A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) SP 800-178 ^FAQ doi:10.6028/NIST.SP.800-178 [Direct Link]
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-162	January 2014	Guide to Attribute Based Access Control (ABAC) Definition and Considerations SP 800-162 ^FAQ doi:10.6028/NIST.SP.800-162 [Direct Link]
		SP 800-162 (EPUB)^FAQ
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-153	February 2012	Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 ^FAQ doi:10.6028/NIST.SP.800-153 [Direct Link]
		Press Release (Mar. 6, 2012)
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-132	December 2010	Recommendation for Password-Based Key Derivation: Part 1: Storage Applications SP 800-132 ^FAQ doi:10.6028/NIST.SP.800-132 [Direct Link]
SP 800-127	September 2010	Guide to Securing WiMAX Wireless Communications SP 800-127 ^FAQ doi:10.6028/NIST.SP.800-127 [Direct Link]
		SP 800-127 (EPUB)^FAQ
		Press Release
SP 800-125	January 2011	Guide to Security for Full Virtualization Technologies SP 800-125 ^FAQ doi:10.6028/NIST.SP.800-125 [Direct Link]
		Press Release
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-121 Rev. 2	May 2017	Guide to Bluetooth Security SP 800-121 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-120	September 2009	Recommendation for EAP Methods Used in Wireless Network Access Authentication SP 800-120 ^FAQ doi:10.6028/NIST.SP.800-120 [Direct Link]
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-114 Rev. 1	July 2016	User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-97	February 2007	Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97 ^FAQ doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-96	September 2006	PIV Card to Reader Interoperability Guidelines SP 800-96 ^FAQ doi:10.6028/NIST.SP.800-96 [Direct Link]
SP 800-87 Rev. 1	April 2008	Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-87r1 [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-81-2	September 2013	Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 ^FAQ doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-77	December 2005	Guide to IPsec VPNs SP 800-77 ^FAQ doi:10.6028/NIST.SP.800-77 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73-4	May 2015 (Updated 2/8/2016)	Interfaces for Personal Identity Verification SP 800-73-4 (including updates as of 02-08-2016) ^FAQ doi:10.6028/NIST.SP.800-73-4 [Direct Link]
		Press Release (06-16-2015)
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
		Security Templates R1.2.1
		NIST Windows Security Baseline Database Application v0.2.7
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-63-3	June 2017	Digital Identity Guidelines SP 800-63-3 ^FAQ doi:10.6028/NIST.SP.800-63-3 [Direct Link]
		FAQ
		SP 800-63-3 (GitHub)
SP 800-58	January 2005	Security Considerations for Voice Over IP Systems SP 800-58 ^FAQ doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-57 Part 1 Rev. 4	January 2016	Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 ^FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
		Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2	August 2005	Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 ^FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link]
		Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1	January 2015	Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 ^FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-43	November 2002	Systems Administration Guidance for Securing Windows 2000 Professional System SP 800-43 ^FAQ doi:10.6028/NIST.SP.800-43 [Direct Link]
		Security Templates R1.2.3
SP 800-41 Rev. 1	September 2009	Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-28 Version 2	March 2008	Guidelines on Active Content and Mobile Code SP 800-28 Version 2 ^FAQ doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-24	April 2001	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 ^FAQ doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-19	October 1999	Mobile Agent Security SP 800-19 ^FAQ doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
SP 1800-5 (Draft)	October 2015	DRAFT IT Asset Management: Financial Services Announcement and Draft Publication
SP 1800-3 (Draft)	September 2015	DRAFT Attribute Based Access Control Announcement and Draft Publication
SP 1800-2 (Draft)	August 2015	DRAFT Identity and Access Management for Electric Utilities Announcement and Draft Publication
NISTIR 8176 (Draft)	August 2017	DRAFT Security Assurance Challenges for Container Deployment Announcement and Draft Publication
NISTIR 8149 (Draft)	October 2016	DRAFT Developing Trust Frameworks to Support Identity Federations Announcement and Draft Publication
NISTIR 8112 (Draft)	August 2016	DRAFT Attribute Metadata Announcement and Draft Publication
NISTIR 8103	September 2016	Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps NISTIR 8103 ^FAQ doi:10.6028/NIST.IR.8103 [Direct Link]
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7987 Rev. 1	October 2015	Policy Machine: Features, Architecture, and Specification NISTIR 7987 Revision 1 ^FAQ doi:10.6028/NIST.IR.7987r1 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7849	March 2014	A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification NISTIR 7849 ^FAQ doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7817	November 2012	A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 ^FAQ doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7815	July 2011	Access Control for SAR Systems NISTIR 7815 ^FAQ doi:10.6028/NIST.IR.7815 [Direct Link]
NISTIR 7665	January 2010	Proceedings of the Privilege Management Workshop, September 1-3, 2009 NISTIR 7665 ^FAQ doi:10.6028/NIST.IR.7665 [Direct Link]
NISTIR 7657	March 2010	A Report on the Privilege (Access) Management Workshop NISTIR 7657 ^FAQ doi:10.6028/NIST.IR.7657 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7611	August 2009	Use of ISO/IEC 24727 NISTIR 7611 ^FAQ doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7497	September 2010	Security Architecture Design Process for Health Information Exchanges (HIEs) NISTIR 7497 ^FAQ doi:10.6028/NIST.IR.7497 [Direct Link]
NISTIR 7452	November 2007	Secure Biometric Match-on-Card Feasibility Report NISTIR 7452 ^FAQ doi:10.6028/NIST.IR.7452 [Direct Link]
NISTIR 7316	September 2006	Assessment of Access Control Systems NISTIR 7316 ^FAQ doi:10.6028/NIST.IR.7316 [Direct Link]
NISTIR 7313	July 2006	5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings NISTIR 7313 ^FAQ doi:10.6028/NIST.IR.7313 [Direct Link]
NISTIR 6192	July 9, 1998	A Revised Model for Role Based Access Control NISTIR 6192 ^FAQ doi:10.6028/NIST.IR.6192 [Direct Link]
		Citation Page for NISTIR 6192
NISTIR 5820	April 1, 1996	Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications NISTIR 5820
ITL Bulletin	August 2017	Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines
ITL Bulletin	July 2017	Updated NIST Guidance for Bluetooth Security
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	November 2016	Exploring the Next Generation of Access Control Methodologies
ITL Bulletin	February 2016	Implementing Trusted Geolocation Services in the Cloud
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL Bulletin	August 2014	Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	March 2014	Attribute Based Access Control (ABAC) Definition and Considerations
ITL Bulletin	October 2013	ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	January 2006	Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL Bulletin	April 2004	Selecting Information Technology Security Products
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	April 28, 2017	DRAFT [Project Description] Securing Property Management Systems: Cybersecurity for the Hospitality Sector Announcement and Draft Publication
Whitepaper	March 2017	[Project Description] Capabilities Assessment for Securing Manufacturing Industrial Control Systems Project Description
		Project Homepage
Whitepaper (Draft)	September 2016	DRAFT [Project Description] Authentication for Law Enforcement Vehicle Systems Announcement and Draft Publication
Whitepaper	November 2016	[Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders Project Description (Final)
		Project Homepage
Whitepaper (Draft)	June 2016	DRAFT [Concept Paper] Identity and Access Management for Smart Home Devices Announcement and Draft Publication
Whitepaper (Draft)	May 9, 2016	DRAFT [Project Description] Securing Non-Credit Card, Sensitive Consumer Data: Consumer Data Security for the Retail Sector Announcement and Draft Publication
Whitepaper	September 2016	[Project Description] Multifactor Authentication for e-Commerce: Online Authentication for the Retail Sector Project Description (Final)
		Project Homepage
Whitepaper	April 21, 2016	Best Practices for Privileged User PIV Authentication Best Practices Paper
Whitepaper	3/1/2002	The Economic Impact of Role-Based Access Control Report
Building-Block V.2	April 1, 2015	[Project Description] Attribute Based Access Control Project Description
		Project homepage
Conference-Proceedings	April 11-15, 2016	Pseudo-Exhaustive Testing of Attribute Based Access Control Rules Preprint ^FAQ doi:10.1109/ICSTW.2016.35 [Direct Link]
Conference-Proceedings	March 11, 2016	Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) Paper ^FAQ doi:10.1145/2875491.2875496 [Direct Link]
Conference-Proceedings	October 16-19, 2000	Business Process Driven Framework for Defining an Access Control Service Based on Roles and Rules Paper
Conference-Proceedings	October 13-16, 1992	Role-Based Access Controls Paper
Conference-Proceedings	October 24-28, 2016	Restricting Insider Access through Efficient Implementation of Multi-Policy Access Control Systems Preprint ^FAQ doi:10.1145/2995959.2995961 [Direct Link]

Audit & Accountability

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
FIPS 198-1	July 2008	The Keyed-Hash Message Authentication Code (HMAC) FIPS 198-1 ^FAQ doi:10.6028/NIST.FIPS.198-1 [Direct Link]
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-115	September 2008	Technical Guide to Information Security Testing and Assessment SP 800-115 ^FAQ doi:10.6028/NIST.SP.800-115 [Direct Link]
		SP 800-115 (EPUB)^FAQ
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-92	September 2006	Guide to Computer Security Log Management SP 800-92 ^FAQ doi:10.6028/NIST.SP.800-92 [Direct Link]
		SP 800-92 (EPUB)^FAQ
SP 800-89	November 2006	Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89 ^FAQ doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-72	November 2004	Guidelines on PDA Forensics SP 800-72 ^FAQ doi:10.6028/NIST.SP.800-72 [Direct Link]
SP 800-70 Rev. 4 (Draft)	August 2017	DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers Announcement and Draft Publication
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
		Security Templates R1.2.1
		NIST Windows Security Baseline Database Application v0.2.7
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-57 Part 1 Rev. 4	January 2016	Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 ^FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
		Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2	August 2005	Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 ^FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link]
		Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1	January 2015	Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 ^FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-49	November 2002	Federal S/MIME V3 Client Profile SP 800-49 ^FAQ doi:10.6028/NIST.SP.800-49 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-41 Rev. 1	September 2009	Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-19	October 1999	Mobile Agent Security SP 800-19 ^FAQ doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 8011 Vol. 2	June 2017	Automation Support for Security Control Assessments: Hardware Asset Management NISTIR 8011 Vol. 2 ^FAQ doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1	June 2017	Automation Support for Security Control Assessments: Overview NISTIR 8011 Vol. 1 ^FAQ doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7987 Rev. 1	October 2015	Policy Machine: Features, Architecture, and Specification NISTIR 7987 Revision 1 ^FAQ doi:10.6028/NIST.IR.7987r1 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7817	November 2012	A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 ^FAQ doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7802	September 2011	Trust Model for Security Automation Data 1.0 (TMSAD) NISTIR 7802 ^FAQ doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7698	August 2011	Common Platform Enumeration: Applicability Language Specification Version 2.3 NISTIR 7698 ^FAQ doi:10.6028/NIST.IR.7698 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7697	August 2011	Common Platform Enumeration: Dictionary Specification Version 2.3 NISTIR 7697 ^FAQ doi:10.6028/NIST.IR.7697 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7696	August 2011	Common Platform Enumeration: Name Matching Specification Version 2.3 NISTIR 7696 ^FAQ doi:10.6028/NIST.IR.7696 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7695	August 2011	Common Platform Enumeration: Naming Specification Version 2.3 NISTIR 7695 ^FAQ doi:10.6028/NIST.IR.7695 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7694	June 2011	Specification for Asset Reporting Format 1.1 NISTIR 7694 ^FAQ doi:10.6028/NIST.IR.7694 [Direct Link]
NISTIR 7693	June 2011	Specification for Asset Identification 1.1 NISTIR 7693 ^FAQ doi:10.6028/NIST.IR.7693 [Direct Link]
NISTIR 7692	April 2011	Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 NISTIR 7692 ^FAQ doi:10.6028/NIST.IR.7692 [Direct Link]
NISTIR 7682	September 2011	Information System Security Best Practices for UOCAVA-Supporting Systems NISTIR 7682 ^FAQ doi:10.6028/NIST.IR.7682 [Direct Link]
NISTIR 7551	December 2008	A Threat Analysis on UOCAVA Voting Systems NISTIR 7551 ^FAQ doi:10.6028/NIST.IR.7551 [Direct Link]
NISTIR 7516	August 2008	Forensic Filtering of Cell Phone Protocols NISTIR 7516 ^FAQ doi:10.6028/NIST.IR.7516 [Direct Link]
NISTIR 7358	January 2007	Program Review for Information Security Management Assistance (PRISMA) NISTIR 7358 ^FAQ doi:10.6028/NIST.IR.7358 [Direct Link]
NISTIR 7275 Rev. 4	March 2012	Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2 NISTIR 7275 Rev. 4
		NISTIR 7275 Rev. 4 (markup)
NISTIR 7275 Rev. 3	January 2008	Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4 NISTIR 7275 Rev. 3 ^FAQ doi:10.6028/NIST.IR.7275r3 [Direct Link]
ITL Bulletin	July 2016	Improving Security and Software Management Through the Use of SWID Tags
ITL Bulletin	February 2016	Implementing Trusted Geolocation Services in the Cloud
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	December 2015	Stopping Malware and Unauthorized Software through Application Whitelisting
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	August 2014	Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	February 2007	Intrusion Detection and Prevention Systems
ITL Bulletin	October 2006	Log Management: Using Computer and Network Records to Improve Information Security
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	November 2004	Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL Bulletin	March 2004	Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	March 20, 2017	DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft) Announcement and Draft Publication

Awareness & Training

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-50	October 2003	Building an Information Technology Security Awareness and Training Program SP 800-50 ^FAQ doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-16 Rev. 1 (Draft)	March 2014	DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training Announcement and Draft Publication
SP 800-16	April 1998	Information Technology Security Training Requirements: a Role- and Performance-Based Model SP 800-16 ^FAQ doi:10.6028/NIST.SP.800-16 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7611	August 2009	Use of ISO/IEC 24727 NISTIR 7611 ^FAQ doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7359	January 2007	Information Security Guide for Government Executives NISTIR 7359 ^FAQ doi:10.6028/NIST.IR.7359 [Direct Link]
		Booklet
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	February 2006	Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL Bulletin	October 2003	Information Technology Security Awareness, Training, Education, and Certification
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication

Configuration Management

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-155 (Draft)	December 2011	DRAFT BIOS Integrity Measurement Guidelines Announcement and Draft Publication
SP 800-153	February 2012	Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 ^FAQ doi:10.6028/NIST.SP.800-153 [Direct Link]
		Press Release (Mar. 6, 2012)
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-128	August 2011	Guide for Security-Focused Configuration Management of Information Systems SP 800-128 ^FAQ doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125B	March 2016	Secure Virtual Network Configuration for Virtual Machine (VM) Protection SP 800-125B ^FAQ doi:10.6028/NIST.SP.800-125B [Direct Link]
SP 800-125	January 2011	Guide to Security for Full Virtualization Technologies SP 800-125 ^FAQ doi:10.6028/NIST.SP.800-125 [Direct Link]
		Press Release
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-114 Rev. 1	July 2016	User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-81-2	September 2013	Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 ^FAQ doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-70 Rev. 4 (Draft)	August 2017	DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers Announcement and Draft Publication
SP 800-70 Rev. 3	November 2015 (Updated 12/8/2016)	National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-70r3 [Direct Link]
		National Checklist Program
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
		Security Templates R1.2.1
		NIST Windows Security Baseline Database Application v0.2.7
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-43	November 2002	Systems Administration Guidance for Securing Windows 2000 Professional System SP 800-43 ^FAQ doi:10.6028/NIST.SP.800-43 [Direct Link]
		Security Templates R1.2.3
SP 800-40 Rev. 3	July 2013	Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link]
		Press Release
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
SP 800-35	October 2003	Guide to Information Technology Security Services SP 800-35 ^FAQ doi:10.6028/NIST.SP.800-35 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
NISTIR 8176 (Draft)	August 2017	DRAFT Security Assurance Challenges for Container Deployment Announcement and Draft Publication
NISTIR 8138 (Draft)	September 2016	DRAFT Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities Announcement and Draft Publication
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8058 (Draft)	May 1, 2015	DRAFT Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content Announcement and Draft Publication
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7946	April 2014	CVSS Implementation Guidance NISTIR 7946 ^FAQ doi:10.6028/NIST.IR.7946 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7864	July 2012	The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities NISTIR 7864 ^FAQ doi:10.6028/NIST.IR.7864 [Direct Link]
		Press Release
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7802	September 2011	Trust Model for Security Automation Data 1.0 (TMSAD) NISTIR 7802 ^FAQ doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7764	February 2011	Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition NISTIR 7764 ^FAQ doi:10.6028/NIST.IR.7764 [Direct Link]
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7698	August 2011	Common Platform Enumeration: Applicability Language Specification Version 2.3 NISTIR 7698 ^FAQ doi:10.6028/NIST.IR.7698 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7697	August 2011	Common Platform Enumeration: Dictionary Specification Version 2.3 NISTIR 7697 ^FAQ doi:10.6028/NIST.IR.7697 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7696	August 2011	Common Platform Enumeration: Name Matching Specification Version 2.3 NISTIR 7696 ^FAQ doi:10.6028/NIST.IR.7696 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7695	August 2011	Common Platform Enumeration: Naming Specification Version 2.3 NISTIR 7695 ^FAQ doi:10.6028/NIST.IR.7695 [Direct Link]
		Press Release (for NISTIRs 7695-7698)
NISTIR 7694	June 2011	Specification for Asset Reporting Format 1.1 NISTIR 7694 ^FAQ doi:10.6028/NIST.IR.7694 [Direct Link]
NISTIR 7693	June 2011	Specification for Asset Identification 1.1 NISTIR 7693 ^FAQ doi:10.6028/NIST.IR.7693 [Direct Link]
NISTIR 7692	April 2011	Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 NISTIR 7692 ^FAQ doi:10.6028/NIST.IR.7692 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7502	December 2010	The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities NISTIR 7502 ^FAQ doi:10.6028/NIST.IR.7502 [Direct Link]
NISTIR 7435	August 2007	The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems NISTIR 7435 ^FAQ doi:10.6028/NIST.IR.7435 [Direct Link]
NISTIR 7275 Rev. 4	March 2012	Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2 NISTIR 7275 Rev. 4
		NISTIR 7275 Rev. 4 (markup)
NISTIR 7275 Rev. 3	January 2008	Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4 NISTIR 7275 Rev. 3 ^FAQ doi:10.6028/NIST.IR.7275r3 [Direct Link]
NISTIR 7188	January 2005	Specification for the Extensible Configuration Checklist Description Format (XCCDF) NISTIR 7188 ^FAQ doi:10.6028/NIST.IR.7188 [Direct Link]
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	July 2016	Improving Security and Software Management Through the Use of SWID Tags
ITL Bulletin	December 2013	The National Vulnerability Database (NVD): Overview
ITL Bulletin	February 2016	Implementing Trusted Geolocation Services in the Cloud
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	July 2014	Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	February 2014	Framework for Improving Critical Infrastructure Cybersecurity
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	August 2013	ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	July 2007	Border Gateway Protocol (BGP) Security
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	February 2006	Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL Bulletin	June 2004	Information Technology Security Services: How to Select, Implement, and Manage
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	March 20, 2017	DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft) Announcement and Draft Publication

Contingency Planning

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-81-2	September 2013	Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 ^FAQ doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-57 Part 1 Rev. 4	January 2016	Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 ^FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
		Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2	August 2005	Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 ^FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link]
		Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1	January 2015	Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 ^FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-50	October 2003	Building an Information Technology Security Awareness and Training Program SP 800-50 ^FAQ doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-43	November 2002	Systems Administration Guidance for Securing Windows 2000 Professional System SP 800-43 ^FAQ doi:10.6028/NIST.SP.800-43 [Direct Link]
		Security Templates R1.2.3
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
SP 800-25	October 2000	Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 ^FAQ doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-24	April 2001	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 ^FAQ doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 800-13	October 1995	Telecommunications Security Guidelines for Telecommunications Management Network SP 800-13 ^FAQ doi:10.6028/NIST.SP.800-13 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	February 2014	Framework for Improving Critical Infrastructure Cybersecurity
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	December 2006	Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	March 20, 2017	DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft) Announcement and Draft Publication
Whitepaper	May 2016	[Project Description] Data Integrity: Recovering from a destructive malware attack Project Description
		Data Integrity homepage

Identification & Authentication

Number	Date	Title
FIPS 201-2	August 2013	Personal Identity Verification (PIV) of Federal Employees and Contractors FIPS 201-2 ^FAQ doi:10.6028/NIST.FIPS.201-2 [Direct Link]
		2012 Draft Comments and Dispositions
		2011 Draft Comments and Dispositions
		Revised Draft (July 2012)
		Draft FIPS 201-2 (March 2011)
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 140-2	May 25, 2001 (Change Notice 2, 12/3/2002)	Security Requirements for Cryptographic Modules FIPS 140-2 (including change notices as of 12-03-2002) ^FAQ doi:10.6028/NIST.FIPS.140-2 [Direct Link]
		Annex A: Approved Security Functions
		Annex B: Approved Protection Profiles
		Annex C: Approved Random Number Generators
		Annex D: Approved Key Establishment Techniques
		FIPS 140-2 (EPUB)^FAQ
		Comments on FIPS 140-1 (Oct. 1998)
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-185	December 2016	SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash SP 800-185 ^FAQ doi:10.6028/NIST.SP.800-185 [Direct Link]
		Comments Received on Draft SP 800-185
SP 800-175A	August 2016	Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies SP 800-175A ^FAQ doi:10.6028/NIST.SP.800-175A [Direct Link]
		Comments Received from Final Draft
SP 800-175B	August 2016	Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms SP 800-175B ^FAQ doi:10.6028/NIST.SP.800-175B [Direct Link]
		Comments Received from Final Draft
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-166	June 2016	Derived PIV Application and Data Model Test Guidelines SP 800-166 ^FAQ doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-157	December 2014	Guidelines for Derived Personal Identity Verification (PIV) Credentials SP 800-157 ^FAQ doi:10.6028/NIST.SP.800-157 [Direct Link]
		Comments and resolutions on Draft SP 800-157 (Mar. 2014)
SP 800-156	May 2016	Representation of PIV Chain-of-Trust for Import and Export SP 800-156 ^FAQ doi:10.6028/NIST.SP.800-156 [Direct Link]
		XSD Schema File for SP 800-156 Chain of Trust
SP 800-127	September 2010	Guide to Securing WiMAX Wireless Communications SP 800-127 ^FAQ doi:10.6028/NIST.SP.800-127 [Direct Link]
		SP 800-127 (EPUB)^FAQ
		Press Release
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-107 Rev. 1	August 2012	Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106	February 2009	Randomized Hashing for Digital Signatures SP 800-106 ^FAQ doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-97	February 2007	Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97 ^FAQ doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-96	September 2006	PIV Card to Reader Interoperability Guidelines SP 800-96 ^FAQ doi:10.6028/NIST.SP.800-96 [Direct Link]
SP 800-87 Rev. 1	April 2008	Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-87r1 [Direct Link]
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-81-2	September 2013	Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 ^FAQ doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-77	December 2005	Guide to IPsec VPNs SP 800-77 ^FAQ doi:10.6028/NIST.SP.800-77 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73-4	May 2015 (Updated 2/8/2016)	Interfaces for Personal Identity Verification SP 800-73-4 (including updates as of 02-08-2016) ^FAQ doi:10.6028/NIST.SP.800-73-4 [Direct Link]
		Press Release (06-16-2015)
SP 800-72	November 2004	Guidelines on PDA Forensics SP 800-72 ^FAQ doi:10.6028/NIST.SP.800-72 [Direct Link]
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
		Security Templates R1.2.1
		NIST Windows Security Baseline Database Application v0.2.7
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-63-3	June 2017	Digital Identity Guidelines SP 800-63-3 ^FAQ doi:10.6028/NIST.SP.800-63-3 [Direct Link]
		FAQ
		SP 800-63-3 (GitHub)
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-38C	May 2004 (Updated 7/20/2007)	Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality SP 800-38C (including updates as of 07-20-2007) ^FAQ doi:10.6028/NIST.SP.800-38C [Direct Link]
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-32	February 26, 2001	Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32 ^FAQ doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-25	October 2000	Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 ^FAQ doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-24	April 2001	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 ^FAQ doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 1800-5 (Draft)	October 2015	DRAFT IT Asset Management: Financial Services Announcement and Draft Publication
SP 1800-3 (Draft)	September 2015	DRAFT Attribute Based Access Control Announcement and Draft Publication
SP 1800-2 (Draft)	August 2015	DRAFT Identity and Access Management for Electric Utilities Announcement and Draft Publication
NISTIR 8149 (Draft)	October 2016	DRAFT Developing Trust Frameworks to Support Identity Federations Announcement and Draft Publication
NISTIR 8112 (Draft)	August 2016	DRAFT Attribute Metadata Announcement and Draft Publication
NISTIR 8105	April 2016	Report on Post-Quantum Cryptography NISTIR 8105 ^FAQ doi:10.6028/NIST.IR.8105 [Direct Link]
		Press Release
		Comments received on Draft NISTIR 8105
NISTIR 8103	September 2016	Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps NISTIR 8103 ^FAQ doi:10.6028/NIST.IR.8103 [Direct Link]
NISTIR 8080	July 2016	Usability and Security Considerations for Public Safety Mobile Authentication NISTIR 8080 ^FAQ doi:10.6028/NIST.IR.8080 [Direct Link]
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8054	April 2015 (Updated 9/20/2015)	NSTIC Pilots: Catalyzing the Identity Ecosystem NISTIR 8054 (including updates as of 09-20-2015) ^FAQ doi:10.6028/NIST.IR.8054 [Direct Link]
NISTIR 8040	April 2016	Measuring the Usability and Security of Permuted Passwords on Mobile Platforms NISTIR 8040 ^FAQ doi:10.6028/NIST.IR.8040 [Direct Link]
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 8014	March 2015	Considerations for Identity Management in Public Safety Mobile Networks NISTIR 8014 ^FAQ doi:10.6028/NIST.IR.8014 [Direct Link]
		Press Release
NISTIR 7987 Rev. 1	October 2015	Policy Machine: Features, Architecture, and Specification NISTIR 7987 Revision 1 ^FAQ doi:10.6028/NIST.IR.7987r1 [Direct Link]
NISTIR 7981 (Draft)	March 2014	DRAFT Mobile, PIV, and Authentication Announcement and Draft Publication
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7924 (Draft)	May 2014	DRAFT Reference Certificate Policy (2nd Draft) Announcement and Draft Publication
NISTIR 7849	March 2014	A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification NISTIR 7849 ^FAQ doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7802	September 2011	Trust Model for Security Automation Data 1.0 (TMSAD) NISTIR 7802 ^FAQ doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7770	February 2011	Security Considerations for Remote Electronic UOCAVA Voting NISTIR 7770 ^FAQ doi:10.6028/NIST.IR.7770 [Direct Link]
NISTIR 7711	September 2011	Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters NISTIR 7711 ^FAQ doi:10.6028/NIST.IR.7711 [Direct Link]
NISTIR 7682	September 2011	Information System Security Best Practices for UOCAVA-Supporting Systems NISTIR 7682 ^FAQ doi:10.6028/NIST.IR.7682 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7611	August 2009	Use of ISO/IEC 24727 NISTIR 7611 ^FAQ doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7601	August 2010	Framework for Emergency Response Officials (ERO): Authentication and Authorization Infrastructure NISTIR 7601 ^FAQ doi:10.6028/NIST.IR.7601 [Direct Link]
NISTIR 7551	December 2008	A Threat Analysis on UOCAVA Voting Systems NISTIR 7551 ^FAQ doi:10.6028/NIST.IR.7551 [Direct Link]
NISTIR 7539	December 2009	Symmetric Key Injection onto Smart Cards NISTIR 7539 ^FAQ doi:10.6028/NIST.IR.7539 [Direct Link]
NISTIR 7313	July 2006	5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings NISTIR 7313 ^FAQ doi:10.6028/NIST.IR.7313 [Direct Link]
ITL Bulletin	August 2017	Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	August 2016	NIST Updates Personal Identity Verification (PIV) Guidelines
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	May 2015	Authentication Considerations for Public Safety Mobile Networks
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	December 2014	Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL Bulletin	August 2014	Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	October 2013	ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	May 2007	Securing Radio Frequency Identification (RFID) Systems
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	January 2006	Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL Bulletin	April 2004	Selecting Information Technology Security Products
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	April 28, 2017	DRAFT [Project Description] Securing Property Management Systems: Cybersecurity for the Hospitality Sector Announcement and Draft Publication
Whitepaper	March 2017	[Project Description] Capabilities Assessment for Securing Manufacturing Industrial Control Systems Project Description
Whitepaper (Draft)	March 20, 2017	DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft) Announcement and Draft Publication
Whitepaper	March 2017	[Project Description] Capabilities Assessment for Securing Manufacturing Industrial Control Systems Project Homepage
Whitepaper (Draft)	September 2016	DRAFT [Project Description] Authentication for Law Enforcement Vehicle Systems Announcement and Draft Publication
Whitepaper	November 2016	[Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders Project Description (Final)
		Project Homepage
Whitepaper (Draft)	June 2016	DRAFT [Concept Paper] Identity and Access Management for Smart Home Devices Announcement and Draft Publication
Whitepaper	September 2016	[Project Description] Multifactor Authentication for e-Commerce: Online Authentication for the Retail Sector Project Description (Final)
		Project Homepage
Whitepaper	April 21, 2016	Best Practices for Privileged User PIV Authentication Best Practices Paper
Building-Block	March 4, 2016	[Project Description] Domain Name System-Based Security for Electronic Mail Project Description
Building-Block V.2	April 1, 2015	[Project Description] Attribute Based Access Control Project Description
Building-Block	March 4, 2016	[Project Description] Domain Name System-Based Security for Electronic Mail Project homepage
Building-Block V.2	April 1, 2015	[Project Description] Attribute Based Access Control Project homepage

Incident Response

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-150	October 2016	Guide to Cyber Threat Information Sharing SP 800-150 ^FAQ doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-92	September 2006	Guide to Computer Security Log Management SP 800-92 ^FAQ doi:10.6028/NIST.SP.800-92 [Direct Link]
		SP 800-92 (EPUB)^FAQ
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-61 Rev. 2	August 2012	Computer Security Incident Handling Guide SP 800-61 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-61r2 [Direct Link]
		Press Release
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-50	October 2003	Building an Information Technology Security Awareness and Training Program SP 800-50 ^FAQ doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-40 Rev. 3	July 2013	Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link]
		Press Release
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 1800-7 (Draft)	February 2017	DRAFT Situational Awareness for Electric Utilities Announcement and Draft Publication
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
SP 1800-5 (Draft)	October 2015	DRAFT IT Asset Management: Financial Services Announcement and Draft Publication
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7658	February 2010	Guide to SIMfill Use and Development NISTIR 7658 ^FAQ doi:10.6028/NIST.IR.7658 [Direct Link]
NISTIR 7387	March 2007	Cell Phone Forensic Tools: an Overview and Analysis Update NISTIR 7387 ^FAQ doi:10.6028/NIST.IR.7387 [Direct Link]
ITL Bulletin	May 2017	Cyber-Threat Intelligence and Information Sharing
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	August 2013	ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL Bulletin	September 2012	Revised Guide Helps Organizations Handle Security Related Incidents
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	June 2007	Forensic Techniques for Cell Phones
ITL Bulletin	February 2007	Intrusion Detection and Prevention Systems
ITL Bulletin	December 2006	Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL Bulletin	October 2006	Log Management: Using Computer and Network Records to Improve Information Security
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	April 2004	Selecting Information Technology Security Products
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper	May 2016	[Project Description] Data Integrity: Recovering from a destructive malware attack Project Description
		Data Integrity homepage

Maintenance

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-88 Rev. 1	December 2014	Guidelines for Media Sanitization SP 800-88 Revision 1 ^FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-77	December 2005	Guide to IPsec VPNs SP 800-77 ^FAQ doi:10.6028/NIST.SP.800-77 [Direct Link]
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
		Security Templates R1.2.1
		NIST Windows Security Baseline Database Application v0.2.7
SP 800-55 Rev. 1	July 2008	Performance Measurement Guide for Information Security SP 800-55 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-40 Rev. 3	July 2013	Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link]
		Press Release
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
SP 800-24	April 2001	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 ^FAQ doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7823	March 2015	Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework NISTIR 7823 ^FAQ doi:10.6028/NIST.IR.7823 [Direct Link]
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7275 Rev. 4	March 2012	Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2 NISTIR 7275 Rev. 4
		NISTIR 7275 Rev. 4 (markup)
NISTIR 7275 Rev. 3	January 2008	Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4 NISTIR 7275 Rev. 3 ^FAQ doi:10.6028/NIST.IR.7275r3 [Direct Link]
ITL Bulletin	July 2016	Improving Security and Software Management Through the Use of SWID Tags
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	February 2015	NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL Bulletin	February 2014	Framework for Improving Critical Infrastructure Cybersecurity
ITL Bulletin	August 2013	ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	August 2006	Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication

Media Protection

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-92	September 2006	Guide to Computer Security Log Management SP 800-92 ^FAQ doi:10.6028/NIST.SP.800-92 [Direct Link]
		SP 800-92 (EPUB)^FAQ
SP 800-88 Rev. 1	December 2014	Guidelines for Media Sanitization SP 800-88 Revision 1 ^FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-72	November 2004	Guidelines on PDA Forensics SP 800-72 ^FAQ doi:10.6028/NIST.SP.800-72 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-57 Part 1 Rev. 4	January 2016	Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 ^FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
		Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2	August 2005	Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 ^FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link]
		Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1	January 2015	Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 ^FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-24	April 2001	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 ^FAQ doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	July 2016	Improving Security and Software Management Through the Use of SWID Tags
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	February 2015	NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	October 2006	Log Management: Using Computer and Network Records to Improve Information Security
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	August 2006	Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	April 2004	Selecting Information Technology Security Products
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication

Personnel Security

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication

Physical & Environmental Protection

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-96	September 2006	PIV Card to Reader Interoperability Guidelines SP 800-96 ^FAQ doi:10.6028/NIST.SP.800-96 [Direct Link]
SP 800-92	September 2006	Guide to Computer Security Log Management SP 800-92 ^FAQ doi:10.6028/NIST.SP.800-92 [Direct Link]
		SP 800-92 (EPUB)^FAQ
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73-4	May 2015 (Updated 2/8/2016)	Interfaces for Personal Identity Verification SP 800-73-4 (including updates as of 02-08-2016) ^FAQ doi:10.6028/NIST.SP.800-73-4 [Direct Link]
		Press Release (06-16-2015)
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-58	January 2005	Security Considerations for Voice Over IP Systems SP 800-58 ^FAQ doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-24	April 2001	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 ^FAQ doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 1800-7 (Draft)	February 2017	DRAFT Situational Awareness for Electric Utilities Announcement and Draft Publication
SP 1800-2 (Draft)	August 2015	DRAFT Identity and Access Management for Electric Utilities Announcement and Draft Publication
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	December 2013	The National Vulnerability Database (NVD): Overview
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	February 2014	Framework for Improving Critical Infrastructure Cybersecurity
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	May 2007	Securing Radio Frequency Identification (RFID) Systems
ITL Bulletin	October 2006	Log Management: Using Computer and Network Records to Improve Information Security
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	March 20, 2017	DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft) Announcement and Draft Publication

Planning

Number	Date	Title
FIPS 201-2	August 2013	Personal Identity Verification (PIV) of Federal Employees and Contractors FIPS 201-2 ^FAQ doi:10.6028/NIST.FIPS.201-2 [Direct Link]
		2012 Draft Comments and Dispositions
		2011 Draft Comments and Dispositions
		Revised Draft (July 2012)
		Draft FIPS 201-2 (March 2011)
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-163	January 2015	Vetting the Security of Mobile Applications SP 800-163 ^FAQ doi:10.6028/NIST.SP.800-163 [Direct Link]
		Press Release
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-153	February 2012	Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 ^FAQ doi:10.6028/NIST.SP.800-153 [Direct Link]
		Press Release (Mar. 6, 2012)
SP 800-144	December 2011	Guidelines on Security and Privacy in Public Cloud Computing SP 800-144 ^FAQ doi:10.6028/NIST.SP.800-144 [Direct Link]
		SP 800-144 (EPUB)^FAQ
		Press Release
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-125	January 2011	Guide to Security for Full Virtualization Technologies SP 800-125 ^FAQ doi:10.6028/NIST.SP.800-125 [Direct Link]
		Press Release
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-119	December 2010	Guidelines for the Secure Deployment of IPv6 SP 800-119 ^FAQ doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-116 Rev. 1 (Draft)	December 2015	DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) Announcement and Draft Publication
SP 800-116	November 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP 800-116 ^FAQ doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-95	August 2007	Guide to Secure Web Services SP 800-95 ^FAQ doi:10.6028/NIST.SP.800-95 [Direct Link]
SP 800-94 Rev. 1 (Draft)	July 2012	DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) Announcement and Draft Publication
SP 800-94	February 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94 ^FAQ doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-89	November 2006	Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89 ^FAQ doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-81-2	September 2013	Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 ^FAQ doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-65	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 ^FAQ doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-64 Rev. 2	October 2008	Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-64r2 [Direct Link]
SP 800-58	January 2005	Security Considerations for Voice Over IP Systems SP 800-58 ^FAQ doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-57 Part 1 Rev. 4	January 2016	Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 ^FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
		Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2	August 2005	Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 ^FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link]
		Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1	January 2015	Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 ^FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-55 Rev. 1	July 2008	Performance Measurement Guide for Information Security SP 800-55 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-41 Rev. 1	September 2009	Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
SP 800-33	December 2001	Underlying Technical Models for Information Technology Security SP 800-33 ^FAQ doi:10.6028/NIST.SP.800-33 [Direct Link]
SP 800-32	February 26, 2001	Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32 ^FAQ doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-30 Rev. 1	September 2012	Guide for Conducting Risk Assessments SP 800-30 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-30r1 [Direct Link]
		SP 800-30 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-27 Rev. A	June 2004	Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A SP 800-27 Rev. A ^FAQ doi:10.6028/NIST.SP.800-27rA [Direct Link]
SP 800-25	October 2000	Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 ^FAQ doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-19	October 1999	Mobile Agent Security SP 800-19 ^FAQ doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-18 Rev. 1	February 2006	Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8139 (Draft)	February 2017	DRAFT Identifying Uniformity with Entropy and Divergence Announcement and Draft Publication
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7817	November 2012	A Credential Reliability and Revocation Model for Federated Identities NISTIR 7817 ^FAQ doi:10.6028/NIST.IR.7817 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7611	August 2009	Use of ISO/IEC 24727 NISTIR 7611 ^FAQ doi:10.6028/NIST.IR.7611 [Direct Link]
NISTIR 7497	September 2010	Security Architecture Design Process for Health Information Exchanges (HIEs) NISTIR 7497 ^FAQ doi:10.6028/NIST.IR.7497 [Direct Link]
NISTIR 7387	March 2007	Cell Phone Forensic Tools: an Overview and Analysis Update NISTIR 7387 ^FAQ doi:10.6028/NIST.IR.7387 [Direct Link]
NISTIR 7359	January 2007	Information Security Guide for Government Executives NISTIR 7359 ^FAQ doi:10.6028/NIST.IR.7359 [Direct Link]
		Booklet
NISTIR 7358	January 2007	Program Review for Information Security Management Assistance (PRISMA) NISTIR 7358 ^FAQ doi:10.6028/NIST.IR.7358 [Direct Link]
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	July 2016	Improving Security and Software Management Through the Use of SWID Tags
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	March 2015	Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	February 2014	Framework for Improving Critical Infrastructure Cybersecurity
ITL Bulletin	October 2013	ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	July 2007	Border Gateway Protocol (BGP) Security
ITL Bulletin	June 2007	Forensic Techniques for Cell Phones
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	February 2006	Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL Bulletin	January 2006	Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL Bulletin	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process
ITL Bulletin	November 2004	Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL Bulletin	March 2004	Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication

Program Management

Number	Date	Title
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-188 (Draft)	December 2016	DRAFT De-Identifying Government Datasets (2nd Draft) Announcement and Draft Publication
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-154 (Draft)	March 2016	DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-65	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 ^FAQ doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-60 Vol. 2 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices SP 800-60 Vol. 2, Rev. 1: Appendices ^FAQ doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol. 1 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-55 Rev. 1	July 2008	Performance Measurement Guide for Information Security SP 800-55 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-53A Rev. 4	December 2014 (Updated 12/18/2014)	Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans SP 800-53A Revision 4 ^FAQ doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
		Word version of SP 800-53A Rev. 4 (12-18-2014)
		XML file for SP 800-53A Rev. 4 (06-16-2015)
		Press Release
SP 800-39	March 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP 800-39 ^FAQ doi:10.6028/NIST.SP.800-39 [Direct Link]
		Press Release
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
SP 800-30 Rev. 1	September 2012	Guide for Conducting Risk Assessments SP 800-30 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-30r1 [Direct Link]
		SP 800-30 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-16 Rev. 1 (Draft)	March 2014	DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training Announcement and Draft Publication
SP 800-16	April 1998	Information Technology Security Training Requirements: a Role- and Performance-Based Model SP 800-16 ^FAQ doi:10.6028/NIST.SP.800-16 [Direct Link]
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	January 2015	Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL Bulletin	November 2014	Cryptographic Module Validation Program (CMVP)
ITL Bulletin	February 2014	Framework for Improving Critical Infrastructure Cybersecurity
ITL Bulletin	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process
ITL Bulletin	November 2004	Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL Bulletin	March 2004	Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication

Risk Assessment

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-188 (Draft)	December 2016	DRAFT De-Identifying Government Datasets (2nd Draft) Announcement and Draft Publication
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-183	July 2016	Networks of 'Things' SP 800-183 ^FAQ doi:10.6028/NIST.SP.800-183 [Direct Link]
		Press Release
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-163	January 2015	Vetting the Security of Mobile Applications SP 800-163 ^FAQ doi:10.6028/NIST.SP.800-163 [Direct Link]
		Press Release
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-154 (Draft)	March 2016	DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication
SP 800-153	February 2012	Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 ^FAQ doi:10.6028/NIST.SP.800-153 [Direct Link]
		Press Release (Mar. 6, 2012)
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125	January 2011	Guide to Security for Full Virtualization Technologies SP 800-125 ^FAQ doi:10.6028/NIST.SP.800-125 [Direct Link]
		Press Release
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-115	September 2008	Technical Guide to Information Security Testing and Assessment SP 800-115 ^FAQ doi:10.6028/NIST.SP.800-115 [Direct Link]
		SP 800-115 (EPUB)^FAQ
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-88 Rev. 1	December 2014	Guidelines for Media Sanitization SP 800-88 Revision 1 ^FAQ doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-65	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 ^FAQ doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-60 Vol. 2 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices SP 800-60 Vol. 2, Rev. 1: Appendices ^FAQ doi:10.6028/NIST.SP.800-60v2r1 [Direct Link]
SP 800-60 Vol. 1 Rev. 1	August 2008	Guide for Mapping Types of Information and Information Systems to Security Categories SP 800-60 Vol. 1 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
SP 800-59	August 2003	Guideline for Identifying an Information System as a National Security System SP 800-59 ^FAQ doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-53A Rev. 4	December 2014 (Updated 12/18/2014)	Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans SP 800-53A Revision 4 ^FAQ doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
		Word version of SP 800-53A Rev. 4 (12-18-2014)
		XML file for SP 800-53A Rev. 4 (06-16-2015)
		Press Release
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-40 Rev. 3	July 2013	Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link]
		Press Release
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
SP 800-32	February 26, 2001	Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32 ^FAQ doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-30 Rev. 1	September 2012	Guide for Conducting Risk Assessments SP 800-30 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-30r1 [Direct Link]
		SP 800-30 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-28 Version 2	March 2008	Guidelines on Active Content and Mobile Code SP 800-28 Version 2 ^FAQ doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-25	October 2000	Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 ^FAQ doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-24	April 2001	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does SP 800-24 ^FAQ doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-23	August 2000	Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products SP 800-23 ^FAQ doi:10.6028/NIST.SP.800-23 [Direct Link]
SP 800-19	October 1999	Mobile Agent Security SP 800-19 ^FAQ doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 800-13	October 1995	Telecommunications Security Guidelines for Telecommunications Management Network SP 800-13 ^FAQ doi:10.6028/NIST.SP.800-13 [Direct Link]
SP 1800-5 (Draft)	October 2015	DRAFT IT Asset Management: Financial Services Announcement and Draft Publication
SP 1800-1 (Draft)	July 2015	DRAFT Securing Electronic Health Records on Mobile Devices Announcement and Draft Publication
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8139 (Draft)	February 2017	DRAFT Identifying Uniformity with Entropy and Divergence Announcement and Draft Publication
NISTIR 8136	January 2017	An Overview of Mobile Application Vetting Services for Public Safety NISTIR 8136 ^FAQ doi:10.6028/NIST.IR.8136 [Direct Link]
NISTIR 8135	May 2016	Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report NISTIR 8135 ^FAQ doi:10.6028/NIST.IR.8135 [Direct Link]
NISTIR 8062	January 2017	An Introduction to Privacy Engineering and Risk Management in Federal Systems NISTIR 8062 ^FAQ doi:10.6028/NIST.IR.8062 [Direct Link]
		"Making Privacy Concrete (three words not usually found together)" (blog post)
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 8018	January 2015	Public Safety Mobile Application Security Requirements Workshop Summary NISTIR 8018 ^FAQ doi:10.6028/NIST.IR.8018 [Direct Link]
NISTIR 8011 Vol. 2	June 2017	Automation Support for Security Control Assessments: Hardware Asset Management NISTIR 8011 Vol. 2 ^FAQ doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1	June 2017	Automation Support for Security Control Assessments: Overview NISTIR 8011 Vol. 1 ^FAQ doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7864	July 2012	The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities NISTIR 7864 ^FAQ doi:10.6028/NIST.IR.7864 [Direct Link]
		Press Release
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7692	April 2011	Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 NISTIR 7692 ^FAQ doi:10.6028/NIST.IR.7692 [Direct Link]
NISTIR 7564	April 2009	Directions in Security Metrics Research NISTIR 7564 ^FAQ doi:10.6028/NIST.IR.7564 [Direct Link]
NISTIR 7502	December 2010	The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities NISTIR 7502 ^FAQ doi:10.6028/NIST.IR.7502 [Direct Link]
NISTIR 7497	September 2010	Security Architecture Design Process for Health Information Exchanges (HIEs) NISTIR 7497 ^FAQ doi:10.6028/NIST.IR.7497 [Direct Link]
ITL Bulletin	April 2017	Building the Bridge Between Privacy and Cybersecurity for Federal Systems
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	September 2016	Demystifying the Internet of Things
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	December 2015	Stopping Malware and Unauthorized Software through Application Whitelisting
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	March 2015	Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL Bulletin	January 2015	Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL Bulletin	February 2014	Framework for Improving Critical Infrastructure Cybersecurity
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	August 2013	ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	February 2006	Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL Bulletin	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process
ITL Bulletin	November 2004	Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL Bulletin	April 2004	Selecting Information Technology Security Products
ITL Bulletin	March 2004	Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper	6/3/2014	Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management Paper
Whitepaper	March 2017	Baldrige Cybersecurity Excellence Builder: Key questions for improving your organization's cybersecurity performance Baldridge Cybersecurity Excellence Builder v1.0
		BCEB Categories 1–7 Questions and Notes Only
		BCEB Self-Analysis Worksheet
		Baldrige Cybersecurity Initiative Homepage (and FAQs)

Security Assessment & Authorization

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 199	February 2004	Standards for Security Categorization of Federal Information and Information Systems FIPS 199 ^FAQ doi:10.6028/NIST.FIPS.199 [Direct Link]
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-154 (Draft)	March 2016	DRAFT Guide to Data-Centric System Threat Modeling Announcement and Draft Publication
SP 800-137	September 2011	Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations SP 800-137 ^FAQ doi:10.6028/NIST.SP.800-137 [Direct Link]
		Press Release
SP 800-126A (Draft)	July 2016	DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3 Announcement and Draft Publication
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-115	September 2008	Technical Guide to Information Security Testing and Assessment SP 800-115 ^FAQ doi:10.6028/NIST.SP.800-115 [Direct Link]
		SP 800-115 (EPUB)^FAQ
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-85A-4	April 2016	PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) SP 800-85A-4 ^FAQ doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 (Draft)	August 2014	DRAFT PIV Data Model Test Guidelines Announcement and Draft Publication
SP 800-85B	July 2006	PIV Data Model Test Guidelines SP 800-85B ^FAQ doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-79-2	July 2015	Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) SP 800-79-2 ^FAQ doi:10.6028/NIST.SP.800-79-2 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-65	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 ^FAQ doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-55 Rev. 1	July 2008	Performance Measurement Guide for Information Security SP 800-55 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-53A Rev. 4	December 2014 (Updated 12/18/2014)	Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans SP 800-53A Revision 4 ^FAQ doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
		Word version of SP 800-53A Rev. 4 (12-18-2014)
		XML file for SP 800-53A Rev. 4 (06-16-2015)
		Press Release
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-47	August 2002	Security Guide for Interconnecting Information Technology Systems SP 800-47 ^FAQ doi:10.6028/NIST.SP.800-47 [Direct Link]
SP 800-37 Rev. 1	February 2010 (Updated 6/5/2014)	Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach SP 800-37 Rev. 1 (including updates as of 6-05-2014) ^FAQ doi:10.6028/NIST.SP.800-37r1 [Direct Link]
		Supplemental Guidance on Ongoing Authorization, (June 2014)
		Press Release
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-35	October 2003	Guide to Information Technology Security Services SP 800-35 ^FAQ doi:10.6028/NIST.SP.800-35 [Direct Link]
SP 800-30 Rev. 1	September 2012	Guide for Conducting Risk Assessments SP 800-30 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-30r1 [Direct Link]
		SP 800-30 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-23	August 2000	Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products SP 800-23 ^FAQ doi:10.6028/NIST.SP.800-23 [Direct Link]
SP 800-22 Rev. 1a	April 2010	A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications SP 800-22 Rev. 1a ^FAQ doi:10.6028/NIST.SP.800-22r1a [Direct Link]
SP 800-20	October 1999 (Updated 3/1/2012)	Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures SP 800-20 (including updates as of 03-2012) ^FAQ doi:10.6028/NIST.SP.800-20 [Direct Link]
SP 800-18 Rev. 1	February 2006	Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 800-17	February 1998	Modes of Operation Validation System (MOVS): Requirements and Procedures SP 800-17 ^FAQ doi:10.6028/NIST.SP.800-17 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 1800-5 (Draft)	October 2015	DRAFT IT Asset Management: Financial Services Announcement and Draft Publication
NISTIR 8011 Vol. 2	June 2017	Automation Support for Security Control Assessments: Hardware Asset Management NISTIR 8011 Vol. 2 ^FAQ doi:10.6028/NIST.IR.8011-2 [Direct Link]
NISTIR 8011 Vol. 1	June 2017	Automation Support for Security Control Assessments: Overview NISTIR 8011 Vol. 1 ^FAQ doi:10.6028/NIST.IR.8011-1 [Direct Link]
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7802	September 2011	Trust Model for Security Automation Data 1.0 (TMSAD) NISTIR 7802 ^FAQ doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7692	April 2011	Specification for the Open Checklist Interactive Language (OCIL) Version 2.0 NISTIR 7692 ^FAQ doi:10.6028/NIST.IR.7692 [Direct Link]
NISTIR 7511 Rev. 4	January 2016	Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements NISTIR 7511 Rev. 4 ^FAQ doi:10.6028/NIST.IR.7511r4 [Direct Link]
NISTIR 7358	January 2007	Program Review for Information Security Management Assistance (PRISMA) NISTIR 7358 ^FAQ doi:10.6028/NIST.IR.7358 [Direct Link]
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	March 2016	Updates to the NIST SCAP Validation Program and Associated Test Requirements
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	January 2015	Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process
ITL Bulletin	November 2004	Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL Bulletin	June 2004	Information Technology Security Services: How to Select, Implement, and Manage
ITL Bulletin	April 2004	Selecting Information Technology Security Products
ITL Bulletin	March 2004	Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper	6/3/2014	Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management Paper
Whitepaper	March 2017	Baldrige Cybersecurity Excellence Builder: Key questions for improving your organization's cybersecurity performance Baldridge Cybersecurity Excellence Builder v1.0
		BCEB Categories 1–7 Questions and Notes Only
		BCEB Self-Analysis Worksheet
		Baldrige Cybersecurity Initiative Homepage (and FAQs)

System & Communications Protection

Number	Date	Title
FIPS 201-2	August 2013	Personal Identity Verification (PIV) of Federal Employees and Contractors FIPS 201-2 ^FAQ doi:10.6028/NIST.FIPS.201-2 [Direct Link]
		2012 Draft Comments and Dispositions
		Revised Draft (July 2012)
		2011 Draft Comments and Dispositions
		Draft FIPS 201-2 (March 2011)
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 198-1	July 2008	The Keyed-Hash Message Authentication Code (HMAC) FIPS 198-1 ^FAQ doi:10.6028/NIST.FIPS.198-1 [Direct Link]
FIPS 197	November 2001	Advanced Encryption Standard (AES) FIPS 197 ^FAQ doi:10.6028/NIST.FIPS.197 [Direct Link]
		Comments received on Draft FIPS 197
FIPS 186-4	July 2013	Digital Signature Standard (DSS) FIPS 186-4 ^FAQ doi:10.6028/NIST.FIPS.186-4 [Direct Link]
		Comments received on FIPS 186-4 (Dec. 2015)
		Request for Comments on FIPS 186-4 (Oct. 2015)
		Press Release (07-23-2013)
		Proposed Change Notice for FIPS 186-3 (Apr. 2012)
		Request for Comments on Proposed Change Notice (Apr. 2012)
FIPS 180-4	August 2015	Secure Hash Standard (SHS) FIPS 180-4 (revised Applicability Clause, Aug. 2015) ^FAQ doi:10.6028/NIST.FIPS.180-4 [Direct Link]
		Federal Register Notice
		Comments received on Draft FIPS 180-4 (Aug. 2014)
FIPS 140-2	May 25, 2001 (Change Notice 2, 12/3/2002)	Security Requirements for Cryptographic Modules FIPS 140-2 (including change notices as of 12-03-2002) ^FAQ doi:10.6028/NIST.FIPS.140-2 [Direct Link]
		Annex A: Approved Security Functions
		Annex B: Approved Protection Profiles
		Annex C: Approved Random Number Generators
		Annex D: Approved Key Establishment Techniques
		FIPS 140-2 (EPUB)^FAQ
		Comments on FIPS 140-1 (Oct. 1998)
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-188 (Draft)	December 2016	DRAFT De-Identifying Government Datasets (2nd Draft) Announcement and Draft Publication
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-177	September 2016	Trustworthy Email SP 800-177 ^FAQ doi:10.6028/NIST.SP.800-177 [Direct Link]
		High Assurance Domains project
SP 800-175A	August 2016	Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies SP 800-175A ^FAQ doi:10.6028/NIST.SP.800-175A [Direct Link]
		Comments Received from Final Draft
SP 800-175B	August 2016	Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms SP 800-175B ^FAQ doi:10.6028/NIST.SP.800-175B [Direct Link]
		Comments Received from Final Draft
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-167	October 2015	Guide to Application Whitelisting SP 800-167 ^FAQ doi:10.6028/NIST.SP.800-167 [Direct Link]
		Press Release
SP 800-163	January 2015	Vetting the Security of Mobile Applications SP 800-163 ^FAQ doi:10.6028/NIST.SP.800-163 [Direct Link]
		Press Release
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-153	February 2012	Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 ^FAQ doi:10.6028/NIST.SP.800-153 [Direct Link]
		Press Release (Mar. 6, 2012)
SP 800-127	September 2010	Guide to Securing WiMAX Wireless Communications SP 800-127 ^FAQ doi:10.6028/NIST.SP.800-127 [Direct Link]
		SP 800-127 (EPUB)^FAQ
		Press Release
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125A (Draft)	October 20, 2014	DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication
SP 800-125	January 2011	Guide to Security for Full Virtualization Technologies SP 800-125 ^FAQ doi:10.6028/NIST.SP.800-125 [Direct Link]
		Press Release
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-122	April 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 ^FAQ doi:10.6028/NIST.SP.800-122 [Direct Link]
		SP 800-122 (EPUB)^FAQ
SP 800-121 Rev. 2	May 2017	Guide to Bluetooth Security SP 800-121 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-119	December 2010	Guidelines for the Secure Deployment of IPv6 SP 800-119 ^FAQ doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-117 Rev. 1 (Draft)	January 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-115	September 2008	Technical Guide to Information Security Testing and Assessment SP 800-115 ^FAQ doi:10.6028/NIST.SP.800-115 [Direct Link]
		SP 800-115 (EPUB)^FAQ
SP 800-114 Rev. 1	July 2016	User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link]
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-107 Rev. 1	August 2012	Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106	February 2009	Randomized Hashing for Digital Signatures SP 800-106 ^FAQ doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-102	September 2009	Recommendation for Digital Signature Timeliness SP 800-102 ^FAQ doi:10.6028/NIST.SP.800-102 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-97	February 2007	Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97 ^FAQ doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-95	August 2007	Guide to Secure Web Services SP 800-95 ^FAQ doi:10.6028/NIST.SP.800-95 [Direct Link]
SP 800-90A Rev. 1	June 2015	Recommendation for Random Number Generation Using Deterministic Random Bit Generators SP 800-90A Revision 1 ^FAQ doi:10.6028/NIST.SP.800-90Ar1 [Direct Link]
		Press Release
SP 800-90B (Draft)	January 2016	DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation Announcement and Draft Publication
SP 800-90C (Draft)	April 2016	DRAFT Recommendation for Random Bit Generator (RBG) Constructions Announcement and Draft Publication
SP 800-89	November 2006	Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89 ^FAQ doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-81-2	September 2013	Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 ^FAQ doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-78-4	May 2015	Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 ^FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-77	December 2005	Guide to IPsec VPNs SP 800-77 ^FAQ doi:10.6028/NIST.SP.800-77 [Direct Link]
SP 800-73-4	May 2015 (Updated 2/8/2016)	Interfaces for Personal Identity Verification SP 800-73-4 (including updates as of 02-08-2016) ^FAQ doi:10.6028/NIST.SP.800-73-4 [Direct Link]
		Press Release (06-16-2015)
SP 800-70 Rev. 4 (Draft)	August 2017	DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers Announcement and Draft Publication
SP 800-70 Rev. 3	November 2015 (Updated 12/8/2016)	National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-70r3 [Direct Link]
		National Checklist Program
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
		SP 800-68 Rev. 1
		Security Templates R1.2.1
		Security Templates R1.2.1
		NIST Windows Security Baseline Database Application v0.2.7
		NIST Windows Security Baseline Database Application v0.2.7
SP 800-67 Rev. 2 (Draft)	July 2017	DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Announcement and Draft Publication
SP 800-67 Rev. 1	January 2012	Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP 800-67 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-67r1 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-58	January 2005	Security Considerations for Voice Over IP Systems SP 800-58 ^FAQ doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-57 Part 1 Rev. 4	January 2016	Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 ^FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
		Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2	August 2005	Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 ^FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link]
		Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1	January 2015	Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 ^FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-56A Rev. 3 (Draft)	August 2017	DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Announcement and Draft Publication
SP 800-56A Rev. 2	May 2013	Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography SP 800-56A Revision 2 ^FAQ doi:10.6028/NIST.SP.800-56Ar2 [Direct Link]
		Comments received on Draft (Aug. 2012)
SP 800-56B Rev. 1	September 2014	Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography SP 800-56B Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-56Br1 [Direct Link]
SP 800-56C Rev. 1 (Draft)	August 2017	DRAFT Recommendation for Key Derivation through Extraction-then-Expansion Announcement and Draft Publication
SP 800-56C	November 2011	Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56C ^FAQ doi:10.6028/NIST.SP.800-56C [Direct Link]
SP 800-54	July 2007	Border Gateway Protocol Security SP 800-54 ^FAQ doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-52 Rev. 1	April 2014	Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations SP 800-52 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-52r1 [Direct Link]
		Press Release
SP 800-49	November 2002	Federal S/MIME V3 Client Profile SP 800-49 ^FAQ doi:10.6028/NIST.SP.800-49 [Direct Link]
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2	September 2007	Guidelines on Securing Public Web Servers SP 800-44 Version 2 ^FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-41 Rev. 1	September 2009	Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-38A Addendum	October 2010	Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode SP 800-38A Addendum ^FAQ doi:10.6028/NIST.SP.800-38A-Add [Direct Link]
SP 800-38A	December 2001	Recommendation for Block Cipher Modes of Operation: Methods and Techniques SP 800-38A ^FAQ doi:10.6028/NIST.SP.800-38A [Direct Link]
SP 800-38B	May 2005 (Updated 10/6/2016)	Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication SP 800-38B ^FAQ doi:10.6028/NIST.SP.800-38B [Direct Link]
SP 800-38C	May 2004 (Updated 7/20/2007)	Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality SP 800-38C (including updates as of 07-20-2007) ^FAQ doi:10.6028/NIST.SP.800-38C [Direct Link]
SP 800-38D	November 2007	Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC SP 800-38D ^FAQ doi:10.6028/NIST.SP.800-38D [Direct Link]
SP 800-38E	January 2010	Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices SP 800-38E ^FAQ doi:10.6028/NIST.SP.800-38E [Direct Link]
SP 800-38F	December 2012	Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping SP 800-38F ^FAQ doi:10.6028/NIST.SP.800-38F [Direct Link]
SP 800-38G	March 2016	Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption SP 800-38G ^FAQ doi:10.6028/NIST.SP.800-38G [Direct Link]
		Press Release
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-32	February 26, 2001	Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32 ^FAQ doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-29	June 2001	A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 SP 800-29 ^FAQ doi:10.6028/NIST.SP.800-29 [Direct Link]
SP 800-28 Version 2	March 2008	Guidelines on Active Content and Mobile Code SP 800-28 Version 2 ^FAQ doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-25	October 2000	Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 ^FAQ doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-22 Rev. 1a	April 2010	A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications SP 800-22 Rev. 1a ^FAQ doi:10.6028/NIST.SP.800-22r1a [Direct Link]
SP 800-20	October 1999 (Updated 3/1/2012)	Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures SP 800-20 (including updates as of 03-2012) ^FAQ doi:10.6028/NIST.SP.800-20 [Direct Link]
SP 800-19	October 1999	Mobile Agent Security SP 800-19 ^FAQ doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-17	February 1998	Modes of Operation Validation System (MOVS): Requirements and Procedures SP 800-17 ^FAQ doi:10.6028/NIST.SP.800-17 [Direct Link]
SP 800-15	January 1998	MISPC Minimum Interoperability Specification for PKI Components, Version 1 SP 800-15 ^FAQ doi:10.6028/NIST.SP.800-15 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
NISTIR 8176 (Draft)	August 2017	DRAFT Security Assurance Challenges for Container Deployment Announcement and Draft Publication
NISTIR 8144 (Draft)	September 2016	DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue Announcement and Draft Publication
NISTIR 8136	January 2017	An Overview of Mobile Application Vetting Services for Public Safety NISTIR 8136 ^FAQ doi:10.6028/NIST.IR.8136 [Direct Link]
NISTIR 8135	May 2016	Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report NISTIR 8135 ^FAQ doi:10.6028/NIST.IR.8135 [Direct Link]
NISTIR 8114	March 2017	Report on Lightweight Cryptography NISTIR 8114 ^FAQ doi:10.6028/NIST.IR.8114 [Direct Link]
		Comments received on Draft (Aug. 2016)
NISTIR 8105	April 2016	Report on Post-Quantum Cryptography NISTIR 8105 ^FAQ doi:10.6028/NIST.IR.8105 [Direct Link]
		Press Release
		Comments received on Draft NISTIR 8105
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8055	January 2016	Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 ^FAQ doi:10.6028/NIST.IR.8055 [Direct Link]
NISTIR 8040	April 2016	Measuring the Usability and Security of Permuted Passwords on Mobile Platforms NISTIR 8040 ^FAQ doi:10.6028/NIST.IR.8040 [Direct Link]
NISTIR 8018	January 2015	Public Safety Mobile Application Security Requirements Workshop Summary NISTIR 8018 ^FAQ doi:10.6028/NIST.IR.8018 [Direct Link]
NISTIR 7981 (Draft)	March 2014	DRAFT Mobile, PIV, and Authentication Announcement and Draft Publication
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7849	March 2014	A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification NISTIR 7849 ^FAQ doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7848 (Draft)	May 2012	DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication
NISTIR 7800 (Draft)	January 2012	DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication
NISTIR 7799 (Draft)	January 2012	DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication
NISTIR 7770	February 2011	Security Considerations for Remote Electronic UOCAVA Voting NISTIR 7770 ^FAQ doi:10.6028/NIST.IR.7770 [Direct Link]
NISTIR 7756 (Draft)	January 2012	DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication
NISTIR 7711	September 2011	Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters NISTIR 7711 ^FAQ doi:10.6028/NIST.IR.7711 [Direct Link]
NISTIR 7682	September 2011	Information System Security Best Practices for UOCAVA-Supporting Systems NISTIR 7682 ^FAQ doi:10.6028/NIST.IR.7682 [Direct Link]
NISTIR 7676	June 2010	Maintaining and Using Key History on Personal Identity Verification (PIV) Cards NISTIR 7676 ^FAQ doi:10.6028/NIST.IR.7676 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7581	September 2009	System and Network Security Acronyms and Abbreviations NISTIR 7581 ^FAQ doi:10.6028/NIST.IR.7581 [Direct Link]
NISTIR 7551	December 2008	A Threat Analysis on UOCAVA Voting Systems NISTIR 7551 ^FAQ doi:10.6028/NIST.IR.7551 [Direct Link]
ITL Bulletin	July 2017	Updated NIST Guidance for Bluetooth Security
ITL Bulletin	June 2017	Toward Standardizing Lightweight Cryptography
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	October 2016	Making Email Trustworthy
ITL Bulletin	July 2016	Improving Security and Software Management Through the Use of SWID Tags
ITL Bulletin	April 2016	New NIST Security Standard Can Protect Credit Cards, Health Information
ITL Bulletin	February 2016	Implementing Trusted Geolocation Services in the Cloud
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	December 2015	Stopping Malware and Unauthorized Software through Application Whitelisting
ITL Bulletin	September 2015	Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection
ITL Bulletin	August 2015	Recommendation for Random Number Generation Using Deterministic Random Bit Generators
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	March 2015	Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	April 2014	Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
ITL Bulletin	October 2013	ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	July 2007	Border Gateway Protocol (BGP) Security
ITL Bulletin	May 2007	Securing Radio Frequency Identification (RFID) Systems
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	November 2006	Guide to Securing Computers Using Windows XP Home Edition
ITL Bulletin	April 2006	Protecting Sensitive Information Transmitted in Public Networks
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	January 2006	Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL Bulletin	April 2004	Selecting Information Technology Security Products
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	April 26, 2017	DRAFT Profiles for the Lightweight Cryptography Standardization Process Announcement and Draft Publication
Whitepaper (Draft)	May 9, 2016	DRAFT [Project Description] Securing Non-Credit Card, Sensitive Consumer Data: Consumer Data Security for the Retail Sector Announcement and Draft Publication
Whitepaper	April 21, 2016	Best Practices for Privileged User PIV Authentication Best Practices Paper
Whitepaper	August 23, 2012	The Role of the National Institute of Standards and Technology in Mobile Security The Role of NIST in Mobile Security
Whitepaper	10/1/2001	The Economic Impacts of NIST's Data Encryption Standard (DES) Program Report
Building-Block	March 4, 2016	[Project Description] Domain Name System-Based Security for Electronic Mail Project Description
Building-Block V.2	April 1, 2015	[Project Description] Attribute Based Access Control Project Description
Building-Block V.2	September 12, 2014	[Project Description] Mobile Device Security for Enterprises Project Description
Building-Block	March 4, 2016	[Project Description] Domain Name System-Based Security for Electronic Mail Project homepage
Building-Block V.2	April 1, 2015	[Project Description] Attribute Based Access Control Project homepage
Building-Block V.2	September 12, 2014	[Project Description] Mobile Device Security for Enterprises Project homepage

System & Information Integrity

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
FIPS 198-1	July 2008	The Keyed-Hash Message Authentication Code (HMAC) FIPS 198-1 ^FAQ doi:10.6028/NIST.FIPS.198-1 [Direct Link]
FIPS 180-4	August 2015	Secure Hash Standard (SHS) FIPS 180-4 (revised Applicability Clause, Aug. 2015) ^FAQ doi:10.6028/NIST.FIPS.180-4 [Direct Link]
		Federal Register Notice
		Comments received on Draft FIPS 180-4 (Aug. 2014)
FIPS 140-2	May 25, 2001 (Change Notice 2, 12/3/2002)	Security Requirements for Cryptographic Modules FIPS 140-2 (including change notices as of 12-03-2002) ^FAQ doi:10.6028/NIST.FIPS.140-2 [Direct Link]
		Annex A: Approved Security Functions
		Annex B: Approved Protection Profiles
		Annex C: Approved Random Number Generators
		Annex D: Approved Key Establishment Techniques
		FIPS 140-2 (EPUB)^FAQ
		Comments on FIPS 140-1 (Oct. 1998)
SP 800-190 (Draft)	July 2017	DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication
SP 800-185	December 2016	SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash SP 800-185 ^FAQ doi:10.6028/NIST.SP.800-185 [Direct Link]
		Comments Received on Draft SP 800-185
SP 800-184	December 2016	Guide for Cybersecurity Event Recovery SP 800-184 ^FAQ doi:10.6028/NIST.SP.800-184 [Direct Link]
		Press Release (12-22-2016)
SP 800-175A	August 2016	Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies SP 800-175A ^FAQ doi:10.6028/NIST.SP.800-175A [Direct Link]
		Comments Received from Final Draft
SP 800-175B	August 2016	Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms SP 800-175B ^FAQ doi:10.6028/NIST.SP.800-175B [Direct Link]
		Comments Received from Final Draft
SP 800-171 Rev. 1	December 2016	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link]
		Specific Changes to the Security Requirements in SP 800-171
SP 800-171	June 2015 (Updated 1/14/2016)	Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) ^FAQ doi:10.6028/NIST.SP.800-171 [Direct Link]
		Press Release (06-19-2015)
SP 800-164 (Draft)	October 2012	DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices Announcement and Draft Publication
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-155 (Draft)	December 2011	DRAFT BIOS Integrity Measurement Guidelines Announcement and Draft Publication
SP 800-150	October 2016	Guide to Cyber Threat Information Sharing SP 800-150 ^FAQ doi:10.6028/NIST.SP.800-150 [Direct Link]
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-125	January 2011	Guide to Security for Full Virtualization Technologies SP 800-125 ^FAQ doi:10.6028/NIST.SP.800-125 [Direct Link]
		Press Release
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-123	July 2008	Guide to General Server Security SP 800-123 ^FAQ doi:10.6028/NIST.SP.800-123 [Direct Link]
		SP 800-123 (EPUB)^FAQ
SP 800-121 Rev. 2	May 2017	Guide to Bluetooth Security SP 800-121 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-119	December 2010	Guidelines for the Secure Deployment of IPv6 SP 800-119 ^FAQ doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-115	September 2008	Technical Guide to Information Security Testing and Assessment SP 800-115 ^FAQ doi:10.6028/NIST.SP.800-115 [Direct Link]
		SP 800-115 (EPUB)^FAQ
SP 800-113	July 2008	Guide to SSL VPNs SP 800-113 ^FAQ doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111	November 2007	Guide to Storage Encryption Technologies for End User Devices SP 800-111 ^FAQ doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-107 Rev. 1	August 2012	Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106	February 2009	Randomized Hashing for Digital Signatures SP 800-106 ^FAQ doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-92	September 2006	Guide to Computer Security Log Management SP 800-92 ^FAQ doi:10.6028/NIST.SP.800-92 [Direct Link]
		SP 800-92 (EPUB)^FAQ
SP 800-86	August 2006	Guide to Integrating Forensic Techniques into Incident Response SP 800-86 ^FAQ doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-85A-4	April 2016	PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) SP 800-85A-4 ^FAQ doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 (Draft)	August 2014	DRAFT PIV Data Model Test Guidelines Announcement and Draft Publication
SP 800-85B	July 2006	PIV Data Model Test Guidelines SP 800-85B ^FAQ doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-68 Rev. 1	October 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link]
		Security Templates R1.2.1
		NIST Windows Security Baseline Database Application v0.2.7
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-61 Rev. 2	August 2012	Computer Security Incident Handling Guide SP 800-61 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-61r2 [Direct Link]
		Press Release
SP 800-57 Part 1 Rev. 4	January 2016	Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 ^FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
		Comments and resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2	August 2005	Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 ^FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link]
		Comments received on Draft (Apr. 2005)
SP 800-57 Part 3 Rev. 1	January 2015	Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 ^FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-46 Rev. 2	July 2016	Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link]
SP 800-45 Version 2	February 2007	Guidelines on Electronic Mail Security SP 800-45 Version 2 ^FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-43	November 2002	Systems Administration Guidance for Securing Windows 2000 Professional System SP 800-43 ^FAQ doi:10.6028/NIST.SP.800-43 [Direct Link]
		Security Templates R1.2.3
SP 800-40 Rev. 3	July 2013	Guide to Enterprise Patch Management Technologies SP 800-40 Rev. 3 ^FAQ doi:10.6028/NIST.SP.800-40r3 [Direct Link]
		Press Release
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-28 Version 2	March 2008	Guidelines on Active Content and Mobile Code SP 800-28 Version 2 ^FAQ doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-19	October 1999	Mobile Agent Security SP 800-19 ^FAQ doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 1800-6 (Draft)	November 2016	DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8176 (Draft)	August 2017	DRAFT Security Assurance Challenges for Container Deployment Announcement and Draft Publication
NISTIR 8114	March 2017	Report on Lightweight Cryptography NISTIR 8114 ^FAQ doi:10.6028/NIST.IR.8114 [Direct Link]
		Comments received on Draft (Aug. 2016)
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 7966	October 2015	Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 ^FAQ doi:10.6028/NIST.IR.7966 [Direct Link]
NISTIR 7904	December 2015	Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 ^FAQ doi:10.6028/NIST.IR.7904 [Direct Link]
NISTIR 7815	July 2011	Access Control for SAR Systems NISTIR 7815 ^FAQ doi:10.6028/NIST.IR.7815 [Direct Link]
NISTIR 7802	September 2011	Trust Model for Security Automation Data 1.0 (TMSAD) NISTIR 7802 ^FAQ doi:10.6028/NIST.IR.7802 [Direct Link]
NISTIR 7773	November 2010	An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events NISTIR 7773 ^FAQ doi:10.6028/NIST.IR.7773 [Direct Link]
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7452	November 2007	Secure Biometric Match-on-Card Feasibility Report NISTIR 7452 ^FAQ doi:10.6028/NIST.IR.7452 [Direct Link]
ITL Bulletin	July 2017	Updated NIST Guidance for Bluetooth Security
ITL Bulletin	June 2017	Toward Standardizing Lightweight Cryptography
ITL Bulletin	May 2017	Cyber-Threat Intelligence and Information Sharing
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	February 2017	Guide for Cybersecurity Incident Recovery
ITL Bulletin	July 2016	Improving Security and Software Management Through the Use of SWID Tags
ITL Bulletin	February 2016	Implementing Trusted Geolocation Services in the Cloud
ITL Bulletin	January 2016	Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	September 2015	Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	February 2014	Framework for Improving Critical Infrastructure Cybersecurity
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	August 2013	ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL Bulletin	October 2008	Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL Bulletin	March 2007	Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL Bulletin	October 2006	Log Management: Using Computer and Network Records to Improve Information Security
ITL Bulletin	September 2006	Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	April 2004	Selecting Information Technology Security Products
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication
Whitepaper (Draft)	April 26, 2017	DRAFT Profiles for the Lightweight Cryptography Standardization Process Announcement and Draft Publication
Whitepaper	May 2016	[Project Description] Data Integrity: Recovering from a destructive malware attack Project Description
		Data Integrity homepage

System & Services Acquisition

Number	Date	Title
FIPS 200	March 2006	Minimum Security Requirements for Federal Information and Information Systems FIPS 200 ^FAQ doi:10.6028/NIST.FIPS.200 [Direct Link]
SP 800-161	April 2015	Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 ^FAQ doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160	November 2016	Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 ^FAQ doi:10.6028/NIST.SP.800-160 [Direct Link]
		"Rethinking Cybersecurity from the Inside Out" (blog post)
SP 800-147B	August 2014	BIOS Protection Guidelines for Servers SP 800-147B ^FAQ doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147	April 2011	BIOS Protection Guidelines SP 800-147 ^FAQ doi:10.6028/NIST.SP.800-147 [Direct Link]
		Press Release
SP 800-142	October 2010	Practical Combinatorial Testing SP 800-142 ^FAQ doi:10.6028/NIST.SP.800-142 [Direct Link]
SP 800-127	September 2010	Guide to Securing WiMAX Wireless Communications SP 800-127 ^FAQ doi:10.6028/NIST.SP.800-127 [Direct Link]
		SP 800-127 (EPUB)^FAQ
		Press Release
SP 800-126 Rev. 3 (Draft)	July 2016	DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication
SP 800-126 Rev. 2	September 2011 (Updated 3/19/2012)	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link]
		NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1	February 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126	November 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 ^FAQ doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-124 Rev. 1	June 2013	Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link]
		SP 800-124 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-121 Rev. 2	May 2017	Guide to Bluetooth Security SP 800-121 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-121r2 [Direct Link]
SP 800-119	December 2010	Guidelines for the Secure Deployment of IPv6 SP 800-119 ^FAQ doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 ^FAQ doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-115	September 2008	Technical Guide to Information Security Testing and Assessment SP 800-115 ^FAQ doi:10.6028/NIST.SP.800-115 [Direct Link]
		SP 800-115 (EPUB)^FAQ
SP 800-101 Rev. 1	May 2014	Guidelines on Mobile Device Forensics SP 800-101 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-100	October 2006 (Updated 3/7/2007)	Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) ^FAQ doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-98	April 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 ^FAQ doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-97	February 2007	Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97 ^FAQ doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-85A-4	April 2016	PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) SP 800-85A-4 ^FAQ doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-85B-4 (Draft)	August 2014	DRAFT PIV Data Model Test Guidelines Announcement and Draft Publication
SP 800-85B	July 2006	PIV Data Model Test Guidelines SP 800-85B ^FAQ doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-83 Rev. 1	July 2013	Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-76-2	July 2013	Biometric Specifications for Personal Identity Verification SP 800-76-2 ^FAQ doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-66 Rev. 1	October 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-65	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process SP 800-65 ^FAQ doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-64 Rev. 2	October 2008	Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2 ^FAQ doi:10.6028/NIST.SP.800-64r2 [Direct Link]
SP 800-53 Rev. 5 (Draft)	August 2017	DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication
SP 800-53 Rev. 4	April 2013 (Updated 1/22/2015)	Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) ^FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link]
		Word version of SP 800-53 Rev. 4 (01-22-2015)
		XML file for SP 800-53 Rev. 4 (01-15-2014)
		Summary of NIST SP 800-53 Revision 4
		Press Release (04-30-2013)
		Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-51 Rev. 1	February 2011	Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-51r1 [Direct Link]
		Press Release
SP 800-48 Rev. 1	July 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-36	October 2003	Guide to Selecting Information Technology Security Products SP 800-36 ^FAQ doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-35	October 2003	Guide to Information Technology Security Services SP 800-35 ^FAQ doi:10.6028/NIST.SP.800-35 [Direct Link]
SP 800-34 Rev. 1	May 2010 (Updated 11/11/2010)	Contingency Planning Guide for Federal Information Systems SP 800-34 Rev. 1 (including updates as of 11-11-2010) ^FAQ doi:10.6028/NIST.SP.800-34r1 [Direct Link]
		Business Impact Analysis (BIA) Template
		Contingency Planning: Low Impact System Template
		Contingency Planning: Moderate Impact System Template
		Contingency Planning: High Impact System Template
SP 800-33	December 2001	Underlying Technical Models for Information Technology Security SP 800-33 ^FAQ doi:10.6028/NIST.SP.800-33 [Direct Link]
SP 800-30 Rev. 1	September 2012	Guide for Conducting Risk Assessments SP 800-30 Rev. 1 ^FAQ doi:10.6028/NIST.SP.800-30r1 [Direct Link]
		SP 800-30 Rev. 1 (EPUB)^FAQ
		Press Release
SP 800-27 Rev. A	June 2004	Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A SP 800-27 Rev. A ^FAQ doi:10.6028/NIST.SP.800-27rA [Direct Link]
SP 800-23	August 2000	Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products SP 800-23 ^FAQ doi:10.6028/NIST.SP.800-23 [Direct Link]
SP 800-14	September 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 ^FAQ doi:10.6028/NIST.SP.800-14 [Direct Link]
NISTIR 8179 (Draft)	July 2017	DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components Announcement and Draft Publication
NISTIR 8085 (Draft)	December 2015	DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication
NISTIR 8060	April 2016	Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 ^FAQ doi:10.6028/NIST.IR.8060 [Direct Link]
		Guideline Summary for NISTIR 8060
		Schema Definition for NISTIR 8060
NISTIR 8023	February 2015	Risk Management for Replication Devices NISTIR 8023 ^FAQ doi:10.6028/NIST.IR.8023 [Direct Link]
NISTIR 7849	March 2014	A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification NISTIR 7849 ^FAQ doi:10.6028/NIST.IR.7849 [Direct Link]
NISTIR 7622	October 2012	Notional Supply Chain Risk Management Practices for Federal Information Systems NISTIR 7622 ^FAQ doi:10.6028/NIST.IR.7622 [Direct Link]
		Press Release
NISTIR 7621 Rev. 1	November 2016	Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 ^FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link]
		Press Release
		"Ignoring Cybersecurity is Risky Business" (blog post)
NISTIR 7511 Rev. 4	January 2016	Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements NISTIR 7511 Rev. 4 ^FAQ doi:10.6028/NIST.IR.7511r4 [Direct Link]
NISTIR 7497	September 2010	Security Architecture Design Process for Health Information Exchanges (HIEs) NISTIR 7497 ^FAQ doi:10.6028/NIST.IR.7497 [Direct Link]
NISTIR 7387	March 2007	Cell Phone Forensic Tools: an Overview and Analysis Update NISTIR 7387 ^FAQ doi:10.6028/NIST.IR.7387 [Direct Link]
NISTIR 7313	July 2006	5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings NISTIR 7313 ^FAQ doi:10.6028/NIST.IR.7313 [Direct Link]
ITL Bulletin	July 2017	Updated NIST Guidance for Bluetooth Security
ITL Bulletin	March 2017	Fundamentals of Small Business Information Security
ITL Bulletin	July 2016	Improving Security and Software Management Through the Use of SWID Tags
ITL Bulletin	May 2016	Combinatorial Testing for Cybersecurity and Reliability
ITL Bulletin	March 2016	Updates to the NIST SCAP Validation Program and Associated Test Requirements
ITL Bulletin	October 2015	Protection of Controlled Unclassified Information
ITL Bulletin	June 2015	Increasing Visibility and Control of Your ICT Supply Chains
ITL Bulletin	April 2015	Is Your Replication Device Making An Extra Copy For Someone Else?
ITL Bulletin	October 2014	Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL Bulletin	May 2014	Small and Medium-Size Business Information Security Outreach Program
ITL Bulletin	September 2013	ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL Bulletin	June 2007	Forensic Techniques for Cell Phones
ITL Bulletin	May 2007	Securing Radio Frequency Identification (RFID) Systems
ITL Bulletin	March 2006	Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL Bulletin	January 2005	Integrating IT Security into the Capital Planning and Investment Control Process
ITL Bulletin	June 2004	Information Technology Security Services: How to Select, Implement, and Manage
ITL Bulletin	April 2004	Selecting Information Technology Security Products
Whitepaper (Draft)	January 2017	DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication

NIST, Computer Security Resource Center

Search

Browse Publications

NEW Publications

By Technical Series

By Category

Historical Papers and Archives

Publications By Security Control Family
(SP 800-53)

NIST, Computer Security Resource Center

Search

Browse Publications

NEW Publications

By Technical Series

By Category

Historical Papers and Archives

Publications By Security Control Family (SP 800-53)

Publications By Security Control Family
(SP 800-53)