Try the new and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

ITL Bulletins

ITL Bulletins are published monthly by NIST's Information Technology Laboratory, focusing on a single topic of significant interest to the computer security community. They often highlight a recently-published FIPS or NIST Special Publication of significance.

ITL Security Banner Icon
ITL BulletinJuly 2017Updated NIST Guidance for Bluetooth Security
ITL BulletinJune 2017Toward Standardizing Lightweight Cryptography
ITL BulletinMay 2017Cyber-Threat Intelligence and Information Sharing
ITL BulletinApril 2017Building the Bridge Between Privacy and Cybersecurity for Federal Systems
ITL BulletinMarch 2017Fundamentals of Small Business Information Security
ITL BulletinFebruary 2017Guide for Cybersecurity Incident Recovery
ITL BulletinJanuary 2017Dramatically Reducing Software Vulnerabilities
ITL BulletinDecember 2016Rethinking Security Through Systems Security Engineering
ITL BulletinNovember 2016Exploring the Next Generation of Access Control Methodologies
ITL BulletinOctober 2016Making Email Trustworthy
ITL BulletinSeptember 2016Demystifying the Internet of Things
ITL BulletinAugust 2016NIST Updates Personal Identity Verification (PIV) Guidelines
ITL BulletinJuly 2016Improving Security and Software Management Through the Use of SWID Tags
ITL BulletinJune 2016Extending Network Security into Virtualized Infrastructure
ITL BulletinDecember 2013The National Vulnerability Database (NVD): Overview
ITL BulletinMay 2016Combinatorial Testing for Cybersecurity and Reliability
ITL BulletinApril 2016New NIST Security Standard Can Protect Credit Cards, Health Information
ITL BulletinMarch 2016Updates to the NIST SCAP Validation Program and Associated Test Requirements
ITL BulletinFebruary 2016Implementing Trusted Geolocation Services in the Cloud
ITL BulletinJanuary 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL BulletinDecember 2015Stopping Malware and Unauthorized Software through Application Whitelisting
ITL BulletinNovember 2015Tailoring Security Controls for Industrial Control Systems
ITL BulletinOctober 2015Protection of Controlled Unclassified Information
ITL BulletinSeptember 2015Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection
ITL BulletinAugust 2015Recommendation for Random Number Generation Using Deterministic Random Bit Generators
ITL BulletinJuly 2015Improved Security and Mobility Through Updated Interfaces for PIV Cards
ITL BulletinJune 2015Increasing Visibility and Control of Your ICT Supply Chains
ITL BulletinMay 2015Authentication Considerations for Public Safety Mobile Networks
ITL BulletinApril 2015Is Your Replication Device Making An Extra Copy For Someone Else?
ITL BulletinMarch 2015Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL BulletinFebruary 2015NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization
ITL BulletinJanuary 2015Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL BulletinDecember 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL BulletinNovember 2014Cryptographic Module Validation Program (CMVP)
ITL BulletinOctober 2014Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers
ITL BulletinSeptember 2014Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity
ITL BulletinAugust 2014Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment
ITL BulletinJuly 2014Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL BulletinJune 2014ITL Forensic Science Program
ITL BulletinMay 2014Small and Medium-Size Business Information Security Outreach Program
ITL BulletinApril 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
ITL BulletinMarch 2014Attribute Based Access Control (ABAC) Definition and Considerations
ITL BulletinFebruary 2014Framework for Improving Critical Infrastructure Cybersecurity
ITL BulletinJanuary 2014A Profile of the Key Management Framework for the Federal Government
ITL BulletinNovember 2013ITL Releases Preliminary Cybersecurity Framework
ITL BulletinOctober 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL BulletinSeptember 2013ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL BulletinAugust 2013ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL BulletinJuly 2013ITL Issues Guidelines for Managing the Security of Mobile Devices
ITL BulletinJune 2013ITL Updated Glossary Of Key Information Security Terms
ITL BulletinMay 2013ITL Publishes Security And Privacy Controls For Federal Agencies
ITL BulletinApril 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
ITL BulletinMarch 2013NIST to Develop a Cybersecurity Framework to Protect Critical Infrastructure
ITL BulletinJanuary 2013Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy
ITL BulletinDecember 2012Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information
ITL BulletinNovember 2012Practices for Managing Supply Chain Risks to Protect Federal Information Systems
ITL BulletinOctober 2012Conducting Information Security-Related Risk Assessments: Updated Guidelines for Comprehensive Risk Management Programs
ITL BulletinSeptember 2012Revised Guide Helps Organizations Handle Security Related Incidents
ITL BulletinAugust 2012Security of Bluetooth Systems and Devices: Updated Guide Issued by the National Institute of Standards and Technology (NIST)
ITL BulletinJuly 2012Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance
ITL BulletinJune 2012Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations
ITL BulletinMay 2012Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4
ITL BulletinMarch 2012Guidelines for Improving Security and Privacy in Public Cloud Computing
ITL BulletinFebruary 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
ITL BulletinJanuary 2012Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)
ITL BulletinDecember 2011Revised Guideline for Electronic Authentication of Users Helps Organizations Protect the Security of Their Information Systems
ITL BulletinOctober 2011Continuous Monitoring of Information Security: An Essential Component of Risk Management
ITL BulletinSeptember 2011Managing the Configuration of Information Systems with a Focus on Security
ITL BulletinAugust 2011Protecting Industrial Control Systems – Key Components of Our Nation's Critical Infrastructures
ITL BulletinJune 2011Guidelines for Protecting Basic Input/Output System (BIOS) Firmware
ITL BulletinMay 2011Using Security Configuration Checklists and the National Checklist Program
ITL BulletinApril 2011Full Virtualization Technologies: Guidelines for Secure Implementation and Management
ITL BulletinMarch 2011Managing Information Security Risk: Organization, Mission and Information System View
ITL BulletinJanuary 2011Internet Protocol Version 6 (IPv6): NIST Guidelines Help Organizations Manage the Secure Deployment of the New Network Protocol
ITL BulletinDecember 2010Securing WiMAX Wireless Communications
ITL BulletinNovember 2010The Exchange of Health Information: Designing a Security Architecture to Provide Information Security and Privacy
ITL BulletinSeptember 2010Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of Their Information Systems
ITL BulletinJuly 2010Contingency Planning for Information Systems: Updated Guide for Federal Organizations
ITL BulletinJune 2010How to Identify Personnel with Significant Responsibilities for Information Security
ITL BulletinApril 2010Guide to Protecting Personally Identifiable Information
ITL BulletinMarch 2010Revised Guide Helps Federal Organizations Improve Their Risk Management Practices and Information System Security
ITL BulletinFebruary 2010Secure Management of Keys in Cryptographic Applications: Guidance for Organizations
ITL BulletinJanuary 2010Security Metrics: Measurements to Support the Continued Development of Information Security Technology
ITL BulletinNovember 2009Cybersecurity Fundamentals for Small Business Owners
ITL BulletinOctober 2009Protecting Information Systems with Firewalls: Revised Guidelines on Firewall Technologies and Policies
ITL BulletinJuly 2009Risk Management Framework: Helping Organizations Implement Effective Information Security Programs
ITL BulletinJune 2009Security for Enterprise Telework and Remote Access Solutions
ITL BulletinApril 2009The System Development Life Cycle (SDLC)
ITL BulletinMarch 2009The Cryptographic Hash Algorithm Family: Revision of the Secure Hash Standard and Ongoing Competition for New Hash Algorithms
ITL BulletinFebruary 2009Using Personal Identity Verification (Piv) Credentials in Physical Access Control Systems (PACS)
ITL BulletinDecember 2008Guide to Information Security Testing and Assessment
ITL BulletinOctober 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL BulletinSeptember 2008Using Performance Measurements to Evaluate and Strengthen Information System Security
ITL BulletinJuly 2008Guidelines on Implementing A Secure Sockets Layer (SSL) Virtual Private Network (VPN)
ITL BulletinMay 2008New Cryptographic Hash Algorithm Family: NIST Holds a Public Competition to Find New Algorithms
ITL BulletinApril 2008Using Active Content and Mobile Code and Safeguarding the Security of Information Technology Systems
ITL BulletinFebruary 2008Federal Desktop Core Configuration (FDCC): Improving Security for Windows Desktop Operating Systems
ITL BulletinJanuary 2008Secure Web Servers Protecting Web Sites that are Accessed by the Public
ITL BulletinDecember 2007Securing External Computers and Other Devices Used by Teleworkers
ITL BulletinNovember 2007Using Storage Encryption Technologies to Protect End User Devices
ITL BulletinOctober 2007The Common Vulnerability Scoring System (CVSS)
ITL BulletinJuly 2007Border Gateway Protocol (BGP) Security
ITL BulletinJune 2007Forensic Techniques for Cell Phones
ITL BulletinMay 2007Securing Radio Frequency Identification (RFID) Systems
ITL BulletinMarch 2007Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL BulletinFebruary 2007Intrusion Detection and Prevention Systems
ITL BulletinDecember 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL BulletinNovember 2006Guide to Securing Computers Using Windows XP Home Edition
ITL BulletinOctober 2006Log Management: Using Computer and Network Records to Improve Information Security
ITL BulletinSeptember 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL BulletinAugust 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL BulletinApril 2006Protecting Sensitive Information Transmitted in Public Networks
ITL BulletinMarch 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL BulletinFebruary 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL BulletinJanuary 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL BulletinJanuary 2005Integrating IT Security into the Capital Planning and Investment Control Process
ITL BulletinNovember 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL BulletinOctober 2004Securing Voice Over Internet Protocol (IP) Networks
ITL BulletinSeptember 2004Information Security Within the System Development Life Cycle (SDLC)
ITL BulletinJune 2004Information Technology Security Services: How to Select, Implement, and Manage
ITL BulletinApril 2004Selecting Information Technology Security Products
ITL BulletinMarch 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
ITL BulletinOctober 2003Information Technology Security Awareness, Training, Education, and Certification
ITL BulletinFebruary 2003Secure Interconnections for Information Technology Systems
ITL BulletinApril 2002Techniques for System and Data Recovery
Back to Top