FIPS 201-2 | August 2013 | Personal Identity Verification (PIV) of Federal Employees and Contractors FIPS 201-2 FAQ doi:10.6028/NIST.FIPS.201-2 [Direct Link] |
| | 2012 Draft Comments and Dispositions |
| | Revised Draft (July 2012) |
| | 2011 Draft Comments and Dispositions |
| | Draft FIPS 201-2 (March 2011) |
FIPS 200 | March 2006 | Minimum Security Requirements for Federal Information and Information Systems FIPS 200 FAQ doi:10.6028/NIST.FIPS.200 [Direct Link] |
FIPS 198-1 | July 2008 | The Keyed-Hash Message Authentication Code (HMAC) FIPS 198-1 FAQ doi:10.6028/NIST.FIPS.198-1 [Direct Link] |
FIPS 197 | November 2001 | Advanced Encryption Standard (AES) FIPS 197 FAQ doi:10.6028/NIST.FIPS.197 [Direct Link] |
| | Comments received on Draft FIPS 197 |
FIPS 186-4 | July 2013 | Digital Signature Standard (DSS) FIPS 186-4 FAQ doi:10.6028/NIST.FIPS.186-4 [Direct Link] |
| | Comments received on FIPS 186-4 (Dec. 2015) |
| | Request for Comments on FIPS 186-4 (Oct. 2015) |
| | Press Release (07-23-2013) |
| | Proposed Change Notice for FIPS 186-3 (Apr. 2012) |
| | Request for Comments on Proposed Change Notice (Apr. 2012) |
FIPS 180-4 | August 2015 | Secure Hash Standard (SHS) FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ doi:10.6028/NIST.FIPS.180-4 [Direct Link] |
| | Federal Register Notice |
| | Comments received on Draft FIPS 180-4 (Aug. 2014) |
FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules FIPS 140-2 (including change notices as of 12-03-2002) FAQ doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
SP 800-190 (Draft) | July 2017 | DRAFT Application Container Security Guide (2nd Draft) Announcement and Draft Publication |
SP 800-188 (Draft) | December 2016 | DRAFT De-Identifying Government Datasets (2nd Draft) Announcement and Draft Publication |
SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery SP 800-184 FAQ doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
SP 800-177 | September 2016 | Trustworthy Email SP 800-177 FAQ doi:10.6028/NIST.SP.800-177 [Direct Link] |
| | High Assurance Domains project |
SP 800-175A | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies SP 800-175A FAQ doi:10.6028/NIST.SP.800-175A [Direct Link] |
| | Comments Received from Final Draft |
SP 800-175B | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms SP 800-175B FAQ doi:10.6028/NIST.SP.800-175B [Direct Link] |
| | Comments Received from Final Draft |
SP 800-171 Rev. 1 | December 2016 | Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 Rev. 1 FAQ doi:10.6028/NIST.SP.800-171r1 [Direct Link] |
| | Specific Changes to the Security Requirements in SP 800-171 |
SP 800-171 | June 2015 (Updated 1/14/2016) | Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations SP 800-171 (including updates as of 01-14-2016) FAQ doi:10.6028/NIST.SP.800-171 [Direct Link] |
| | Press Release (06-19-2015) |
SP 800-167 | October 2015 | Guide to Application Whitelisting SP 800-167 FAQ doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
SP 800-163 | January 2015 | Vetting the Security of Mobile Applications SP 800-163 FAQ doi:10.6028/NIST.SP.800-163 [Direct Link] |
| | Press Release |
SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations SP 800-161 FAQ doi:10.6028/NIST.SP.800-161 [Direct Link] |
SP 800-160 | November 2016 | Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems SP 800-160 FAQ doi:10.6028/NIST.SP.800-160 [Direct Link] |
| | "Rethinking Cybersecurity from the Inside Out" (blog post) |
SP 800-153 | February 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153 FAQ doi:10.6028/NIST.SP.800-153 [Direct Link] |
| | Press Release (Mar. 6, 2012) |
SP 800-127 | September 2010 | Guide to Securing WiMAX Wireless Communications SP 800-127 FAQ doi:10.6028/NIST.SP.800-127 [Direct Link] |
| | SP 800-127 (EPUB) FAQ |
| | Press Release |
SP 800-126 Rev. 3 (Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3 Announcement and Draft Publication |
SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP 800-126 Rev. 2 FAQ doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP 800-126 Rev. 1 FAQ doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 SP 800-126 FAQ doi:10.6028/NIST.SP.800-126 [Direct Link] |
SP 800-125A (Draft) | October 20, 2014 | DRAFT Security Recommendations for Hypervisor Deployment Announcement and Draft Publication |
SP 800-125 | January 2011 | Guide to Security for Full Virtualization Technologies SP 800-125 FAQ doi:10.6028/NIST.SP.800-125 [Direct Link] |
| | Press Release |
SP 800-124 Rev. 1 | June 2013 | Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-124 Rev. 1 FAQ doi:10.6028/NIST.SP.800-124r1 [Direct Link] |
| | SP 800-124 Rev. 1 (EPUB) FAQ |
| | Press Release |
SP 800-123 | July 2008 | Guide to General Server Security SP 800-123 FAQ doi:10.6028/NIST.SP.800-123 [Direct Link] |
| | SP 800-123 (EPUB) FAQ |
SP 800-122 | April 2010 | Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) SP 800-122 FAQ doi:10.6028/NIST.SP.800-122 [Direct Link] |
| | SP 800-122 (EPUB) FAQ |
SP 800-121 Rev. 2 | May 2017 | Guide to Bluetooth Security SP 800-121 Rev. 2 FAQ doi:10.6028/NIST.SP.800-121r2 [Direct Link] |
SP 800-119 | December 2010 | Guidelines for the Secure Deployment of IPv6 SP 800-119 FAQ doi:10.6028/NIST.SP.800-119 [Direct Link] |
SP 800-117 Rev. 1 (Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Announcement and Draft Publication |
SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 SP 800-117 FAQ doi:10.6028/NIST.SP.800-117 [Direct Link] |
SP 800-115 | September 2008 | Technical Guide to Information Security Testing and Assessment SP 800-115 FAQ doi:10.6028/NIST.SP.800-115 [Direct Link] |
| | SP 800-115 (EPUB) FAQ |
SP 800-114 Rev. 1 | July 2016 | User's Guide to Telework and Bring Your Own Device (BYOD) Security SP 800-114 Rev. 1 FAQ doi:10.6028/NIST.SP.800-114r1 [Direct Link] |
SP 800-113 | July 2008 | Guide to SSL VPNs SP 800-113 FAQ doi:10.6028/NIST.SP.800-113 [Direct Link] |
SP 800-111 | November 2007 | Guide to Storage Encryption Technologies for End User Devices SP 800-111 FAQ doi:10.6028/NIST.SP.800-111 [Direct Link] |
SP 800-107 Rev. 1 | August 2012 | Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Rev. 1 FAQ doi:10.6028/NIST.SP.800-107r1 [Direct Link] |
SP 800-106 | February 2009 | Randomized Hashing for Digital Signatures SP 800-106 FAQ doi:10.6028/NIST.SP.800-106 [Direct Link] |
SP 800-102 | September 2009 | Recommendation for Digital Signature Timeliness SP 800-102 FAQ doi:10.6028/NIST.SP.800-102 [Direct Link] |
SP 800-100 | October 2006 (Updated 3/7/2007) | Information Security Handbook: A Guide for Managers SP 800-100 (including updates as of 03-07-2007) FAQ doi:10.6028/NIST.SP.800-100 [Direct Link] |
SP 800-98 | April 2007 | Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98 FAQ doi:10.6028/NIST.SP.800-98 [Direct Link] |
SP 800-97 | February 2007 | Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97 FAQ doi:10.6028/NIST.SP.800-97 [Direct Link] |
SP 800-95 | August 2007 | Guide to Secure Web Services SP 800-95 FAQ doi:10.6028/NIST.SP.800-95 [Direct Link] |
SP 800-90A Rev. 1 | June 2015 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators SP 800-90A Revision 1 FAQ doi:10.6028/NIST.SP.800-90Ar1 [Direct Link] |
| | Press Release |
SP 800-90B (Draft) | January 2016 | DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation Announcement and Draft Publication |
SP 800-90C (Draft) | April 2016 | DRAFT Recommendation for Random Bit Generator (RBG) Constructions Announcement and Draft Publication |
SP 800-89 | November 2006 | Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89 FAQ doi:10.6028/NIST.SP.800-89 [Direct Link] |
SP 800-83 Rev. 1 | July 2013 | Guide to Malware Incident Prevention and Handling for Desktops and Laptops SP 800-83 Rev. 1 FAQ doi:10.6028/NIST.SP.800-83r1 [Direct Link] |
SP 800-81-2 | September 2013 | Secure Domain Name System (DNS) Deployment Guide SP 800-81-2 FAQ doi:10.6028/NIST.SP.800-81-2 [Direct Link] |
SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification SP 800-78-4 FAQ doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
SP 800-77 | December 2005 | Guide to IPsec VPNs SP 800-77 FAQ doi:10.6028/NIST.SP.800-77 [Direct Link] |
SP 800-73-4 | May 2015 (Updated 2/8/2016) | Interfaces for Personal Identity Verification SP 800-73-4 (including updates as of 02-08-2016) FAQ doi:10.6028/NIST.SP.800-73-4 [Direct Link] |
| | Press Release (06-16-2015) |
SP 800-70 Rev. 4 (Draft) | August 2017 | DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers Announcement and Draft Publication |
SP 800-70 Rev. 3 | November 2015 (Updated 12/8/2016) | National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP 800-70 Rev. 3 FAQ doi:10.6028/NIST.SP.800-70r3 [Direct Link] |
| | National Checklist Program |
SP 800-68 Rev. 1 | October 2008 | Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist SP 800-68 Rev. 1 FAQ doi:10.6028/NIST.SP.800-68r1 [Direct Link] |
| | SP 800-68 Rev. 1 |
| | Security Templates R1.2.1 |
| | Security Templates R1.2.1 |
| | NIST Windows Security Baseline Database Application v0.2.7 |
| | NIST Windows Security Baseline Database Application v0.2.7 |
SP 800-67 Rev. 2 (Draft) | July 2017 | DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher Announcement and Draft Publication |
SP 800-67 Rev. 1 | January 2012 | Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP 800-67 Rev. 1 FAQ doi:10.6028/NIST.SP.800-67r1 [Direct Link] |
SP 800-66 Rev. 1 | October 2008 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP 800-66 Rev. 1 FAQ doi:10.6028/NIST.SP.800-66r1 [Direct Link] |
SP 800-58 | January 2005 | Security Considerations for Voice Over IP Systems SP 800-58 FAQ doi:10.6028/NIST.SP.800-58 [Direct Link] |
SP 800-57 Part 1 Rev. 4 | January 2016 | Recommendation for Key Management, Part 1: General SP 800-57 Part 1, Revision 4 FAQ doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link] |
| | Comments and resolutions for SP 800-57 Part 1, Rev. 4 |
SP 800-57 Part 2 | August 2005 | Recommendation for Key Management, Part 2: Best Practices for Key Management Organization SP 800-57 Part 2 FAQ doi:10.6028/NIST.SP.800-57p2 [Direct Link] |
| | Comments received on Draft (Apr. 2005) |
SP 800-57 Part 3 Rev. 1 | January 2015 | Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance SP 800-57 Part 3, Revision 1 FAQ doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link] |
SP 800-56A Rev. 3 (Draft) | August 2017 | DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Announcement and Draft Publication |
SP 800-56A Rev. 2 | May 2013 | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography SP 800-56A Revision 2 FAQ doi:10.6028/NIST.SP.800-56Ar2 [Direct Link] |
| | Comments received on Draft (Aug. 2012) |
SP 800-56B Rev. 1 | September 2014 | Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography SP 800-56B Rev. 1 FAQ doi:10.6028/NIST.SP.800-56Br1 [Direct Link] |
SP 800-56C Rev. 1 (Draft) | August 2017 | DRAFT Recommendation for Key Derivation through Extraction-then-Expansion Announcement and Draft Publication |
SP 800-56C | November 2011 | Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56C FAQ doi:10.6028/NIST.SP.800-56C [Direct Link] |
SP 800-54 | July 2007 | Border Gateway Protocol Security SP 800-54 FAQ doi:10.6028/NIST.SP.800-54 [Direct Link] |
SP 800-53 Rev. 5 (Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations Announcement and Draft Publication |
SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
SP 800-52 Rev. 1 | April 2014 | Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations SP 800-52 Rev. 1 FAQ doi:10.6028/NIST.SP.800-52r1 [Direct Link] |
| | Press Release |
SP 800-49 | November 2002 | Federal S/MIME V3 Client Profile SP 800-49 FAQ doi:10.6028/NIST.SP.800-49 [Direct Link] |
SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1 FAQ doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
SP 800-46 Rev. 2 | July 2016 | Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security SP 800-46 Rev. 2 FAQ doi:10.6028/NIST.SP.800-46r2 [Direct Link] |
SP 800-45 Version 2 | February 2007 | Guidelines on Electronic Mail Security SP 800-45 Version 2 FAQ doi:10.6028/NIST.SP.800-45ver2 [Direct Link] |
SP 800-44 Version 2 | September 2007 | Guidelines on Securing Public Web Servers SP 800-44 Version 2 FAQ doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
SP 800-41 Rev. 1 | September 2009 | Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1 FAQ doi:10.6028/NIST.SP.800-41r1 [Direct Link] |
SP 800-38A Addendum | October 2010 | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode SP 800-38A Addendum FAQ doi:10.6028/NIST.SP.800-38A-Add [Direct Link] |
SP 800-38A | December 2001 | Recommendation for Block Cipher Modes of Operation: Methods and Techniques SP 800-38A FAQ doi:10.6028/NIST.SP.800-38A [Direct Link] |
SP 800-38B | May 2005 (Updated 10/6/2016) | Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication SP 800-38B FAQ doi:10.6028/NIST.SP.800-38B [Direct Link] |
SP 800-38C | May 2004 (Updated 7/20/2007) | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality SP 800-38C (including updates as of 07-20-2007) FAQ doi:10.6028/NIST.SP.800-38C [Direct Link] |
SP 800-38D | November 2007 | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC SP 800-38D FAQ doi:10.6028/NIST.SP.800-38D [Direct Link] |
SP 800-38E | January 2010 | Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices SP 800-38E FAQ doi:10.6028/NIST.SP.800-38E [Direct Link] |
SP 800-38F | December 2012 | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping SP 800-38F FAQ doi:10.6028/NIST.SP.800-38F [Direct Link] |
SP 800-38G | March 2016 | Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption SP 800-38G FAQ doi:10.6028/NIST.SP.800-38G [Direct Link] |
| | Press Release |
SP 800-36 | October 2003 | Guide to Selecting Information Technology Security Products SP 800-36 FAQ doi:10.6028/NIST.SP.800-36 [Direct Link] |
SP 800-32 | February 26, 2001 | Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32 FAQ doi:10.6028/NIST.SP.800-32 [Direct Link] |
SP 800-29 | June 2001 | A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 SP 800-29 FAQ doi:10.6028/NIST.SP.800-29 [Direct Link] |
SP 800-28 Version 2 | March 2008 | Guidelines on Active Content and Mobile Code SP 800-28 Version 2 FAQ doi:10.6028/NIST.SP.800-28ver2 [Direct Link] |
SP 800-25 | October 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication SP 800-25 FAQ doi:10.6028/NIST.SP.800-25 [Direct Link] |
SP 800-22 Rev. 1a | April 2010 | A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications SP 800-22 Rev. 1a FAQ doi:10.6028/NIST.SP.800-22r1a [Direct Link] |
SP 800-20 | October 1999 (Updated 3/1/2012) | Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures SP 800-20 (including updates as of 03-2012) FAQ doi:10.6028/NIST.SP.800-20 [Direct Link] |
SP 800-19 | October 1999 | Mobile Agent Security SP 800-19 FAQ doi:10.6028/NIST.SP.800-19 [Direct Link] |
SP 800-17 | February 1998 | Modes of Operation Validation System (MOVS): Requirements and Procedures SP 800-17 FAQ doi:10.6028/NIST.SP.800-17 [Direct Link] |
SP 800-15 | January 1998 | MISPC Minimum Interoperability Specification for PKI Components, Version 1 SP 800-15 FAQ doi:10.6028/NIST.SP.800-15 [Direct Link] |
SP 800-14 | September 1996 | Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-14 FAQ doi:10.6028/NIST.SP.800-14 [Direct Link] |
SP 1800-6 (Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security Announcement and Draft Publication |
NISTIR 8176 (Draft) | August 2017 | DRAFT Security Assurance Challenges for Container Deployment Announcement and Draft Publication |
NISTIR 8144 (Draft) | September 2016 | DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue Announcement and Draft Publication |
NISTIR 8136 | January 2017 | An Overview of Mobile Application Vetting Services for Public Safety NISTIR 8136 FAQ doi:10.6028/NIST.IR.8136 [Direct Link] |
NISTIR 8135 | May 2016 | Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report NISTIR 8135 FAQ doi:10.6028/NIST.IR.8135 [Direct Link] |
NISTIR 8114 | March 2017 | Report on Lightweight Cryptography NISTIR 8114 FAQ doi:10.6028/NIST.IR.8114 [Direct Link] |
| | Comments received on Draft (Aug. 2016) |
NISTIR 8105 | April 2016 | Report on Post-Quantum Cryptography NISTIR 8105 FAQ doi:10.6028/NIST.IR.8105 [Direct Link] |
| | Press Release |
| | Comments received on Draft NISTIR 8105 |
NISTIR 8085 (Draft) | December 2015 | DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags Announcement and Draft Publication |
NISTIR 8060 | April 2016 | Guidelines for the Creation of Interoperable Software Identification (SWID) Tags NISTIR 8060 FAQ doi:10.6028/NIST.IR.8060 [Direct Link] |
| | Guideline Summary for NISTIR 8060 |
| | Schema Definition for NISTIR 8060 |
NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research NISTIR 8055 FAQ doi:10.6028/NIST.IR.8055 [Direct Link] |
NISTIR 8040 | April 2016 | Measuring the Usability and Security of Permuted Passwords on Mobile Platforms NISTIR 8040 FAQ doi:10.6028/NIST.IR.8040 [Direct Link] |
NISTIR 8018 | January 2015 | Public Safety Mobile Application Security Requirements Workshop Summary NISTIR 8018 FAQ doi:10.6028/NIST.IR.8018 [Direct Link] |
NISTIR 7981 (Draft) | March 2014 | DRAFT Mobile, PIV, and Authentication Announcement and Draft Publication |
NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH) NISTIR 7966 FAQ doi:10.6028/NIST.IR.7966 [Direct Link] |
NISTIR 7904 | December 2015 | Trusted Geolocation in the Cloud: Proof of Concept Implementation NISTIR 7904 FAQ doi:10.6028/NIST.IR.7904 [Direct Link] |
NISTIR 7849 | March 2014 | A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification NISTIR 7849 FAQ doi:10.6028/NIST.IR.7849 [Direct Link] |
NISTIR 7848 (Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0 Announcement and Draft Publication |
NISTIR 7800 (Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains Announcement and Draft Publication |
NISTIR 7799 (Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications Announcement and Draft Publication |
NISTIR 7770 | February 2011 | Security Considerations for Remote Electronic UOCAVA Voting NISTIR 7770 FAQ doi:10.6028/NIST.IR.7770 [Direct Link] |
NISTIR 7756 (Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture Announcement and Draft Publication |
NISTIR 7711 | September 2011 | Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters NISTIR 7711 FAQ doi:10.6028/NIST.IR.7711 [Direct Link] |
NISTIR 7682 | September 2011 | Information System Security Best Practices for UOCAVA-Supporting Systems NISTIR 7682 FAQ doi:10.6028/NIST.IR.7682 [Direct Link] |
NISTIR 7676 | June 2010 | Maintaining and Using Key History on Personal Identity Verification (PIV) Cards NISTIR 7676 FAQ doi:10.6028/NIST.IR.7676 [Direct Link] |
NISTIR 7621 Rev. 1 | November 2016 | Small Business Information Security: the Fundamentals NISTIR 7621 Rev. 1 FAQ doi:10.6028/NIST.IR.7621r1 [Direct Link] |
| | Press Release |
| | "Ignoring Cybersecurity is Risky Business" (blog post) |
NISTIR 7581 | September 2009 | System and Network Security Acronyms and Abbreviations NISTIR 7581 FAQ doi:10.6028/NIST.IR.7581 [Direct Link] |
NISTIR 7551 | December 2008 | A Threat Analysis on UOCAVA Voting Systems NISTIR 7551 FAQ doi:10.6028/NIST.IR.7551 [Direct Link] |
ITL Bulletin | July 2017 | Updated NIST Guidance for Bluetooth Security |
ITL Bulletin | June 2017 | Toward Standardizing Lightweight Cryptography |
ITL Bulletin | March 2017 | Fundamentals of Small Business Information Security |
ITL Bulletin | October 2016 | Making Email Trustworthy |
ITL Bulletin | July 2016 | Improving Security and Software Management Through the Use of SWID Tags |
ITL Bulletin | April 2016 | New NIST Security Standard Can Protect Credit Cards, Health Information |
ITL Bulletin | February 2016 | Implementing Trusted Geolocation Services in the Cloud |
ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
ITL Bulletin | December 2015 | Stopping Malware and Unauthorized Software through Application Whitelisting |
ITL Bulletin | September 2015 | Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection |
ITL Bulletin | August 2015 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators |
ITL Bulletin | June 2015 | Increasing Visibility and Control of Your ICT Supply Chains |
ITL Bulletin | March 2015 | Guidance for Secure Authorization of Mobile Applications in the Corporate Environment |
ITL Bulletin | May 2014 | Small and Medium-Size Business Information Security Outreach Program |
ITL Bulletin | April 2014 | Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations |
ITL Bulletin | October 2013 | ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors |
ITL Bulletin | September 2013 | ITL Publishes Guidance on Preventing and Handling Malware Incidents |
ITL Bulletin | October 2008 | Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices |
ITL Bulletin | July 2007 | Border Gateway Protocol (BGP) Security |
ITL Bulletin | May 2007 | Securing Radio Frequency Identification (RFID) Systems |
ITL Bulletin | March 2007 | Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST |
ITL Bulletin | November 2006 | Guide to Securing Computers Using Windows XP Home Edition |
ITL Bulletin | April 2006 | Protecting Sensitive Information Transmitted in Public Networks |
ITL Bulletin | March 2006 | Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce |
ITL Bulletin | January 2006 | Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201 |
ITL Bulletin | April 2004 | Selecting Information Technology Security Products |
Whitepaper (Draft) | January 2017 | DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 Announcement and Draft Publication |
Whitepaper (Draft) | April 26, 2017 | DRAFT Profiles for the Lightweight Cryptography Standardization Process Announcement and Draft Publication |
Whitepaper (Draft) | May 9, 2016 | DRAFT [Project Description] Securing Non-Credit Card, Sensitive Consumer Data: Consumer Data Security for the Retail Sector Announcement and Draft Publication |
Whitepaper | April 21, 2016 | Best Practices for Privileged User PIV Authentication Best Practices Paper |
Whitepaper | August 23, 2012 | The Role of the National Institute of Standards and Technology in Mobile Security The Role of NIST in Mobile Security |
Whitepaper | 10/1/2001 | The Economic Impacts of NIST's Data Encryption Standard (DES) Program Report |
Building-Block | March 4, 2016 | [Project Description] Domain Name System-Based Security for Electronic Mail Project Description |
Building-Block V.2 | April 1, 2015 | [Project Description] Attribute Based Access Control Project Description |
Building-Block V.2 | September 12, 2014 | [Project Description] Mobile Device Security for Enterprises Project Description |
Building-Block | March 4, 2016 | [Project Description] Domain Name System-Based Security for Electronic Mail Project homepage |
Building-Block V.2 | April 1, 2015 | [Project Description] Attribute Based Access Control Project homepage |
Building-Block V.2 | September 12, 2014 | [Project Description] Mobile Device Security for Enterprises Project homepage |