| Annual Reports |
|
| Back to Top |
| Audit & Accountability |
|
| FIPS 200 | March 2006 | Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link] |
| FIPS 199 | February 2004 | Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link] |
| FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
SP 800-190
(Draft) | July 2017 | DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication |
| SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
| SP 800-179 | December 2016 | Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link] |
| | Supplemental Content (GitHub) |
| | National Checklist Program |
| SP 800-171 Rev. 1 | December 2016 | Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-171r1 [Direct Link] |
| | Specific Changes to the Security Requirements in SP 800-171 |
| SP 800-171 | June 2015 (Updated 1/14/2016) | Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 (including updates as of 01-14-2016) FAQ
doi:10.6028/NIST.SP.800-171 [Direct Link] |
| | Press Release (06-19-2015) |
| SP 800-167 | October 2015 | Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
SP 800-126A
(Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication |
SP 800-126 Rev. 3
(Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
| SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
| SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link] |
SP 800-117 Rev. 1
(Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication |
| SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link] |
| SP 800-115 | September 2008 | Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link] |
| | SP 800-115 (EPUB) FAQ |
SP 800-94 Rev. 1
(Draft) | July 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication |
| SP 800-94 | February 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link] |
| SP 800-92 | September 2006 | Guide to Computer Security Log Management
SP 800-92 FAQ
doi:10.6028/NIST.SP.800-92 [Direct Link] |
| | SP 800-92 (EPUB) FAQ |
SP 800-70 Rev. 4
(Draft) | August 2017 | DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Announcement and Draft Publication |
| SP 800-68 Rev. 1 | October 2008 | Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link] |
| | Security Templates R1.2.1 |
| | NIST Windows Security Baseline Database Application v0.2.7 |
| SP 800-55 Rev. 1 | July 2008 | Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link] |
| SP 800-53A Rev. 4 | December 2014 (Updated 12/18/2014) | Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link] |
| | Word version of SP 800-53A Rev. 4 (12-18-2014) |
| | XML file for SP 800-53A Rev. 4 (06-16-2015) |
| | Press Release |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| | Press Release |
| SP 800-50 | October 2003 | Building an Information Technology Security Awareness and Training Program
SP 800-50 FAQ
doi:10.6028/NIST.SP.800-50 [Direct Link] |
| SP 800-41 Rev. 1 | September 2009 | Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link] |
| SP 800-37 Rev. 1 | February 2010 (Updated 6/5/2014) | Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link] |
| | Supplemental Guidance on Ongoing Authorization, (June 2014) |
| | Press Release |
| SP 800-30 Rev. 1 | September 2012 | Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link] |
| | SP 800-30 Rev. 1 (EPUB) FAQ |
| | Press Release |
| SP 800-18 Rev. 1 | February 2006 | Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link] |
SP 800-16 Rev. 1
(Draft) | March 2014 | DRAFT A Role-Based Model for Federal Information Technology/Cybersecurity Training
Announcement and Draft Publication |
| SP 800-16 | April 1998 | Information Technology Security Training Requirements: a Role- and Performance-Based Model
SP 800-16 FAQ
doi:10.6028/NIST.SP.800-16 [Direct Link] |
SP 1800-8
(Draft) | May 2017 | DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication |
NISTIR 8085
(Draft) | December 2015 | DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication |
| NISTIR 8060 | April 2016 | Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link] |
| | Guideline Summary for NISTIR 8060 |
| | Schema Definition for NISTIR 8060 |
| NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link] |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
| NISTIR 8011 Vol. 2 | June 2017 | Automation Support for Security Control Assessments: Hardware Asset Management
NISTIR 8011 Vol. 2 FAQ
doi:10.6028/NIST.IR.8011-2 [Direct Link] |
| NISTIR 8011 Vol. 1 | June 2017 | Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link] |
| NISTIR 7987 Rev. 1 | October 2015 | Policy Machine: Features, Architecture, and Specification
NISTIR 7987 Revision 1 FAQ
doi:10.6028/NIST.IR.7987r1 [Direct Link] |
| NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link] |
NISTIR 7848
(Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication |
| NISTIR 7802 | September 2011 | Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link] |
NISTIR 7800
(Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication |
NISTIR 7799
(Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication |
NISTIR 7756
(Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication |
| NISTIR 7698 | August 2011 | Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698 FAQ
doi:10.6028/NIST.IR.7698 [Direct Link] |
| | Press Release (for NISTIRs 7695-7698) |
| NISTIR 7697 | August 2011 | Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697 FAQ
doi:10.6028/NIST.IR.7697 [Direct Link] |
| | Press Release (for NISTIRs 7695-7698) |
| NISTIR 7696 | August 2011 | Common Platform Enumeration: Name Matching Specification Version 2.3
NISTIR 7696 FAQ
doi:10.6028/NIST.IR.7696 [Direct Link] |
| | Press Release (for NISTIRs 7695-7698) |
| NISTIR 7695 | August 2011 | Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695 FAQ
doi:10.6028/NIST.IR.7695 [Direct Link] |
| | Press Release (for NISTIRs 7695-7698) |
| NISTIR 7694 | June 2011 | Specification for Asset Reporting Format 1.1
NISTIR 7694 FAQ
doi:10.6028/NIST.IR.7694 [Direct Link] |
| NISTIR 7693 | June 2011 | Specification for Asset Identification 1.1
NISTIR 7693 FAQ
doi:10.6028/NIST.IR.7693 [Direct Link] |
| NISTIR 7692 | April 2011 | Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link] |
| NISTIR 7682 | September 2011 | Information System Security Best Practices for UOCAVA-Supporting Systems
NISTIR 7682 FAQ
doi:10.6028/NIST.IR.7682 [Direct Link] |
| NISTIR 7551 | December 2008 | A Threat Analysis on UOCAVA Voting Systems
NISTIR 7551 FAQ
doi:10.6028/NIST.IR.7551 [Direct Link] |
| NISTIR 7358 | January 2007 | Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358 FAQ
doi:10.6028/NIST.IR.7358 [Direct Link] |
| NISTIR 7316 | September 2006 | Assessment of Access Control Systems
NISTIR 7316 FAQ
doi:10.6028/NIST.IR.7316 [Direct Link] |
| NISTIR 7284 | January 2006 | Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link] |
| NISTIR 7275 Rev. 4 | March 2012 | Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4 |
| | NISTIR 7275 Rev. 4 (markup) |
| NISTIR 7275 Rev. 3 | January 2008 | Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3 FAQ
doi:10.6028/NIST.IR.7275r3 [Direct Link] |
| NISTIR 7275 | January 2006 | Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1
NISTIR 7275 FAQ
doi:10.6028/NIST.IR.7275 [Direct Link] |
| NISTIR 7188 | January 2005 | Specification for the Extensible Configuration Checklist Description Format (XCCDF)
NISTIR 7188 FAQ
doi:10.6028/NIST.IR.7188 [Direct Link] |
| NISTIR 6981 | April 2003 | Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link] |
| ITL Bulletin | February 2017 | Guide for Cybersecurity Incident Recovery |
| ITL Bulletin | July 2016 | Improving Security and Software Management Through the Use of SWID Tags |
| ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
| ITL Bulletin | December 2015 | Stopping Malware and Unauthorized Software through Application Whitelisting |
| ITL Bulletin | October 2015 | Protection of Controlled Unclassified Information |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | January 2015 | Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations |
| ITL Bulletin | August 2014 | Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment |
| ITL Bulletin | October 2006 | Log Management: Using Computer and Network Records to Improve Information Security |
| ITL Bulletin | March 2006 | Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce |
| ITL Bulletin | January 2006 | Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201 |
| ITL Bulletin | November 2004 | Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government |
| ITL Bulletin | March 2004 | Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems |
Whitepaper
(Draft) | January 2017 | DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication |
Whitepaper
(Draft) | March 20, 2017 | DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication |
|
| Back to Top |
| Authentication |
|
| FIPS 202 | August 2015 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
FIPS 202 FAQ
doi:10.6028/NIST.FIPS.202 [Direct Link] |
| | Federal Register Notice |
| | Press Release |
| | Comments received on Draft FIPS 202 |
| | Draft FIPS 202 (May 2014) |
| FIPS 186-4 | July 2013 | Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link] |
| | Comments received on FIPS 186-4 (Dec. 2015) |
| | Request for Comments on FIPS 186-4 (Oct. 2015) |
| | Press Release (07-23-2013) |
| | Proposed Change Notice for FIPS 186-3 (Apr. 2012) |
| | Request for Comments on Proposed Change Notice (Apr. 2012) |
| FIPS 180-4 | August 2015 | Secure Hash Standard (SHS)
FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ
doi:10.6028/NIST.FIPS.180-4 [Direct Link] |
| | Federal Register Notice |
| | Comments received on Draft FIPS 180-4 (Aug. 2014) |
| SP 800-185 | December 2016 | SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
SP 800-185 FAQ
doi:10.6028/NIST.SP.800-185 [Direct Link] |
| | Comments Received on Draft SP 800-185 |
| SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
| SP 800-179 | December 2016 | Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link] |
| | Supplemental Content (GitHub) |
| | National Checklist Program |
| SP 800-177 | September 2016 | Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link] |
| | High Assurance Domains project |
| SP 800-175A | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link] |
| | Comments Received from Final Draft |
| SP 800-175B | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link] |
| | Comments Received from Final Draft |
| SP 800-167 | October 2015 | Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
| SP 800-166 | June 2016 | Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link] |
| SP 800-157 | December 2014 | Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link] |
| | Comments and resolutions on Draft SP 800-157 (Mar. 2014) |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
| SP 800-132 | December 2010 | Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link] |
| SP 800-127 | September 2010 | Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link] |
| | SP 800-127 (EPUB) FAQ |
| | Press Release |
| SP 800-121 Rev. 2 | May 2017 | Guide to Bluetooth Security
SP 800-121 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-121r2 [Direct Link] |
| SP 800-120 | September 2009 | Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link] |
SP 800-116 Rev. 1
(Draft) | December 2015 | DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication |
| SP 800-116 | November 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link] |
| SP 800-114 Rev. 1 | July 2016 | User's Guide to Telework and Bring Your Own Device (BYOD) Security
SP 800-114 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-114r1 [Direct Link] |
| SP 800-113 | July 2008 | Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link] |
| SP 800-102 | September 2009 | Recommendation for Digital Signature Timeliness
SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link] |
| SP 800-89 | November 2006 | Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link] |
| SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
| SP 800-73-4 | May 2015 (Updated 2/8/2016) | Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link] |
| | Press Release (06-16-2015) |
| SP 800-68 Rev. 1 | October 2008 | Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link] |
| | Security Templates R1.2.1 |
| | NIST Windows Security Baseline Database Application v0.2.7 |
| SP 800-63A | June 2017 | Digital Identity Guidelines: Enrollment and Identity Proofing
SP 800-63A FAQ
doi:10.6028/NIST.SP.800-63a [Direct Link] |
| | FAQ |
| | SP 800-63-3 (GitHub) |
| SP 800-63B | June 2017 | Digital Identity Guidelines: Authentication and Lifecycle Management
SP 800-63B FAQ
doi:10.6028/NIST.SP.800-63b [Direct Link] |
| | FAQ |
| | SP 800-63-3 (GitHub) |
| SP 800-63C | June 2017 | Digital Identity Guidelines: Federation and Assertions
SP 800-63C FAQ
doi:10.6028/NIST.SP.800-63c [Direct Link] |
| | FAQ |
| | SP 800-63-3 (GitHub) |
| SP 800-63-3 | June 2017 | Digital Identity Guidelines
SP 800-63-3 FAQ
doi:10.6028/NIST.SP.800-63-3 [Direct Link] |
| | FAQ |
| | SP 800-63-3 (GitHub) |
| SP 800-57 Part 1 Rev. 4 | January 2016 | Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link] |
| | Comments and resolutions for SP 800-57 Part 1, Rev. 4 |
| SP 800-57 Part 2 | August 2005 | Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link] |
| | Comments received on Draft (Apr. 2005) |
| SP 800-57 Part 3 Rev. 1 | January 2015 | Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link] |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
| SP 800-46 Rev. 2 | July 2016 | Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link] |
| SP 800-38A Addendum | October 2010 | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A Addendum FAQ
doi:10.6028/NIST.SP.800-38A-Add [Direct Link] |
| SP 800-38A | December 2001 | Recommendation for Block Cipher Modes of Operation: Methods and Techniques
SP 800-38A FAQ
doi:10.6028/NIST.SP.800-38A [Direct Link] |
| SP 800-38B | May 2005 (Updated 10/6/2016) | Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
SP 800-38B FAQ
doi:10.6028/NIST.SP.800-38B [Direct Link] |
| SP 800-38C | May 2004 (Updated 7/20/2007) | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (including updates as of 07-20-2007) FAQ
doi:10.6028/NIST.SP.800-38C [Direct Link] |
| SP 800-38D | November 2007 | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D FAQ
doi:10.6028/NIST.SP.800-38D [Direct Link] |
| SP 800-38E | January 2010 | Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E FAQ
doi:10.6028/NIST.SP.800-38E [Direct Link] |
| SP 800-38F | December 2012 | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link] |
| SP 800-38G | March 2016 | Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-38G FAQ
doi:10.6028/NIST.SP.800-38G [Direct Link] |
| | Press Release |
| SP 800-32 | February 26, 2001 | Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link] |
| SP 800-25 | October 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link] |
| SP 800-17 | February 1998 | Modes of Operation Validation System (MOVS): Requirements and Procedures
SP 800-17 FAQ
doi:10.6028/NIST.SP.800-17 [Direct Link] |
SP 1800-8
(Draft) | May 2017 | DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication |
SP 1800-6
(Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication |
SP 1800-3
(Draft) | September 2015 | DRAFT Attribute Based Access Control
Announcement and Draft Publication |
NISTIR 8149
(Draft) | October 2016 | DRAFT Developing Trust Frameworks to Support Identity Federations
Announcement and Draft Publication |
NISTIR 8112
(Draft) | August 2016 | DRAFT Attribute Metadata
Announcement and Draft Publication |
| NISTIR 8105 | April 2016 | Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link] |
| | Press Release |
| | Comments received on Draft NISTIR 8105 |
| NISTIR 8103 | September 2016 | Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps
NISTIR 8103 FAQ
doi:10.6028/NIST.IR.8103 [Direct Link] |
| NISTIR 8080 | July 2016 | Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link] |
| NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link] |
| NISTIR 8054 | April 2015 (Updated 9/20/2015) | NSTIC Pilots: Catalyzing the Identity Ecosystem
NISTIR 8054 (including updates as of 09-20-2015) FAQ
doi:10.6028/NIST.IR.8054 [Direct Link] |
| NISTIR 8040 | April 2016 | Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
NISTIR 8040 FAQ
doi:10.6028/NIST.IR.8040 [Direct Link] |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
| NISTIR 8014 | March 2015 | Considerations for Identity Management in Public Safety Mobile Networks
NISTIR 8014 FAQ
doi:10.6028/NIST.IR.8014 [Direct Link] |
| | Press Release |
| NISTIR 7987 Rev. 1 | October 2015 | Policy Machine: Features, Architecture, and Specification
NISTIR 7987 Revision 1 FAQ
doi:10.6028/NIST.IR.7987r1 [Direct Link] |
NISTIR 7981
(Draft) | March 2014 | DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication |
| NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link] |
| NISTIR 7849 | March 2014 | A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link] |
| NISTIR 7817 | November 2012 | A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link] |
| NISTIR 7802 | September 2011 | Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link] |
| NISTIR 7611 | August 2009 | Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link] |
| NISTIR 7601 | August 2010 | Framework for Emergency Response Officials (ERO): Authentication and Authorization Infrastructure
NISTIR 7601 FAQ
doi:10.6028/NIST.IR.7601 [Direct Link] |
| NISTIR 7452 | November 2007 | Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link] |
| NISTIR 7290 | March 2006 | Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
NISTIR 7290 FAQ
doi:10.6028/NIST.IR.7290 [Direct Link] |
| NISTIR 7206 | July 2005 | Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link] |
| NISTIR 7200 | June 2005 | Proximity Beacons and Mobile Device Authentication: an Overview and Implementation
NISTIR 7200 FAQ
doi:10.6028/NIST.IR.7200 [Direct Link] |
| NISTIR 7046 | August 2003 | A Framework for Multi-mode Authentication: Overview and Implementation Guide
NISTIR 7046 FAQ
doi:10.6028/NIST.IR.7046 [Direct Link] |
| NISTIR 7030 | July 2003 | Picture Password: A Visual Login Technique for Mobile Devices
NISTIR 7030 FAQ
doi:10.6028/NIST.IR.7030 [Direct Link] |
| NISTIR 6192 | July 9, 1998 | A Revised Model for Role Based Access Control
NISTIR 6192 FAQ
doi:10.6028/NIST.IR.6192 [Direct Link] |
| | Citation Page for NISTIR 6192 |
| NISTIR 5820 | April 1, 1996 | Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications
NISTIR 5820 |
| ITL Bulletin | August 2017 | Understanding the Major Update to NIST SP 800-63: Digital Identity Guidelines |
| ITL Bulletin | July 2017 | Updated NIST Guidance for Bluetooth Security |
| ITL Bulletin | February 2017 | Guide for Cybersecurity Incident Recovery |
| ITL Bulletin | October 2016 | Making Email Trustworthy |
| ITL Bulletin | August 2016 | NIST Updates Personal Identity Verification (PIV) Guidelines |
| ITL Bulletin | April 2016 | New NIST Security Standard Can Protect Credit Cards, Health Information |
| ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
| ITL Bulletin | December 2015 | Stopping Malware and Unauthorized Software through Application Whitelisting |
| ITL Bulletin | September 2015 | Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection |
| ITL Bulletin | May 2015 | Authentication Considerations for Public Safety Mobile Networks |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | December 2014 | Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | August 2014 | Policy Machine: Towards a General-Purpose Enterprise-Wide Operating Environment |
| ITL Bulletin | February 2007 | Intrusion Detection and Prevention Systems |
Whitepaper
(Draft) | April 28, 2017 | DRAFT [Project Description] Securing Property Management Systems: Cybersecurity for the Hospitality Sector
Announcement and Draft Publication |
| Whitepaper | March 2017 | [Project Description] Capabilities Assessment for Securing Manufacturing Industrial Control Systems
Project Description |
| | Project Homepage |
Whitepaper
(Draft) | September 2016 | DRAFT [Project Description] Authentication for Law Enforcement Vehicle Systems
Announcement and Draft Publication |
| Whitepaper | November 2016 | [Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders
Project Description (Final) |
| | Project Homepage |
Whitepaper
(Draft) | June 2016 | DRAFT [Concept Paper] Identity and Access Management for Smart Home Devices
Announcement and Draft Publication |
Whitepaper
(Draft) | May 9, 2016 | DRAFT [Project Description] Securing Non-Credit Card, Sensitive Consumer Data: Consumer Data Security for the Retail Sector
Announcement and Draft Publication |
| Whitepaper | September 2016 | [Project Description] Multifactor Authentication for e-Commerce: Online Authentication for the Retail Sector
Project Description (Final) |
| | Project Homepage |
| Whitepaper | April 21, 2016 | Best Practices for Privileged User PIV Authentication
Best Practices Paper |
| Building-Block V.2 | April 1, 2015 | [Project Description] Attribute Based Access Control
Project Description |
| | Project homepage |
| Conference-Proceedings | May 30 - June 1, 2016 | inf-TESLA: Multicast Delayed Authentication for Streaming Sensor Data in Electric Power Systems
Preprint FAQ
doi:10.1007/978-3-319-33630-5_3 [Direct Link] |
|
| Back to Top |
| Awareness & Training |
|
| Back to Top |
| Biometrics |
|
| Back to Top |
| Certification & Accreditation (C&A) |
|
| FIPS 200 | March 2006 | Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link] |
| FIPS 199 | February 2004 | Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link] |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
| SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
| SP 800-128 | August 2011 | Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link] |
SP 800-126A
(Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication |
SP 800-126 Rev. 3
(Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
| SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
| SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link] |
SP 800-117 Rev. 1
(Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication |
| SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link] |
| SP 800-115 | September 2008 | Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link] |
| | SP 800-115 (EPUB) FAQ |
| SP 800-88 Rev. 1 | December 2014 | Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link] |
| SP 800-84 | September 2006 | Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link] |
| | SP 800-84 (EPUB) FAQ |
| SP 800-60 Vol. 2 Rev. 1 | August 2008 | Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
SP 800-60 Vol. 2, Rev. 1: Appendices FAQ
doi:10.6028/NIST.SP.800-60v2r1 [Direct Link] |
| SP 800-60 Vol. 1 Rev. 1 | August 2008 | Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-60 Vol. 1 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link] |
| SP 800-59 | August 2003 | Guideline for Identifying an Information System as a National Security System
SP 800-59 FAQ
doi:10.6028/NIST.SP.800-59 [Direct Link] |
| SP 800-55 Rev. 1 | July 2008 | Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link] |
| SP 800-53A Rev. 4 | December 2014 (Updated 12/18/2014) | Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link] |
| | Word version of SP 800-53A Rev. 4 (12-18-2014) |
| | XML file for SP 800-53A Rev. 4 (06-16-2015) |
| | Press Release |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-47 | August 2002 | Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link] |
| SP 800-37 Rev. 1 | February 2010 (Updated 6/5/2014) | Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link] |
| | Supplemental Guidance on Ongoing Authorization, (June 2014) |
| | Press Release |
| SP 800-34 Rev. 1 | May 2010 (Updated 11/11/2010) | Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link] |
| | Business Impact Analysis (BIA) Template |
| | Contingency Planning: Low Impact System Template |
| | Contingency Planning: Moderate Impact System Template |
| | Contingency Planning: High Impact System Template |
| SP 800-30 Rev. 1 | September 2012 | Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link] |
| | SP 800-30 Rev. 1 (EPUB) FAQ |
| | Press Release |
| SP 800-23 | August 2000 | Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-23 FAQ
doi:10.6028/NIST.SP.800-23 [Direct Link] |
| SP 800-18 Rev. 1 | February 2006 | Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link] |
SP 1800-5
(Draft) | October 2015 | DRAFT IT Asset Management: Financial Services
Announcement and Draft Publication |
| NISTIR 8011 Vol. 1 | June 2017 | Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link] |
NISTIR 7848
(Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication |
| NISTIR 7802 | September 2011 | Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link] |
NISTIR 7800
(Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication |
NISTIR 7799
(Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication |
NISTIR 7756
(Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication |
| NISTIR 7692 | April 2011 | Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link] |
| ITL Bulletin | February 2015 | NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization |
| ITL Bulletin | January 2015 | Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | December 2006 | Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs |
| ITL Bulletin | March 2006 | Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce |
| ITL Bulletin | November 2004 | Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government |
| ITL Bulletin | March 2004 | Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems |
| ITL Bulletin | February 2003 | Secure Interconnections for Information Technology Systems |
Whitepaper
(Draft) | January 2017 | DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication |
| Whitepaper | 6/3/2014 | Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management
Paper |
|
| Back to Top |
| Cloud Computing & Virtualization |
|
| Back to Top |
| Communications & Wireless |
|
| FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
SP 800-187
(Draft) | November 2016 | DRAFT Guide to LTE Security
Announcement and Draft Publication |
| SP 800-177 | September 2016 | Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link] |
| | High Assurance Domains project |
SP 800-164
(Draft) | October 2012 | DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
Announcement and Draft Publication |
| SP 800-157 | December 2014 | Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link] |
| | Comments and resolutions on Draft SP 800-157 (Mar. 2014) |
| SP 800-153 | February 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link] |
| | Press Release (Mar. 6, 2012) |
| SP 800-127 | September 2010 | Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link] |
| | SP 800-127 (EPUB) FAQ |
| | Press Release |
| SP 800-124 Rev. 1 | June 2013 | Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link] |
| | SP 800-124 Rev. 1 (EPUB) FAQ |
| | Press Release |
| SP 800-121 Rev. 2 | May 2017 | Guide to Bluetooth Security
SP 800-121 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-121r2 [Direct Link] |
| SP 800-120 | September 2009 | Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link] |
| SP 800-119 | December 2010 | Guidelines for the Secure Deployment of IPv6
SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link] |
| SP 800-115 | September 2008 | Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link] |
| | SP 800-115 (EPUB) FAQ |
| SP 800-114 Rev. 1 | July 2016 | User's Guide to Telework and Bring Your Own Device (BYOD) Security
SP 800-114 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-114r1 [Direct Link] |
| SP 800-113 | July 2008 | Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link] |
| SP 800-101 Rev. 1 | May 2014 | Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link] |
| SP 800-98 | April 2007 | Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link] |
| SP 800-97 | February 2007 | Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP 800-97 FAQ
doi:10.6028/NIST.SP.800-97 [Direct Link] |
| SP 800-81-2 | September 2013 | Secure Domain Name System (DNS) Deployment Guide
SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link] |
| SP 800-77 | December 2005 | Guide to IPsec VPNs
SP 800-77 FAQ
doi:10.6028/NIST.SP.800-77 [Direct Link] |
| SP 800-58 | January 2005 | Security Considerations for Voice Over IP Systems
SP 800-58 FAQ
doi:10.6028/NIST.SP.800-58 [Direct Link] |
| SP 800-54 | July 2007 | Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link] |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-52 Rev. 1 | April 2014 | Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link] |
| | Press Release |
| SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
| SP 800-46 Rev. 2 | July 2016 | Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link] |
| SP 800-45 Version 2 | February 2007 | Guidelines on Electronic Mail Security
SP 800-45 Version 2 FAQ
doi:10.6028/NIST.SP.800-45ver2 [Direct Link] |
| SP 800-41 Rev. 1 | September 2009 | Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link] |
| SP 800-24 | April 2001 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
SP 800-24 FAQ
doi:10.6028/NIST.SP.800-24 [Direct Link] |
SP 1800-8
(Draft) | May 2017 | DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication |
SP 1800-6
(Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication |
NISTIR 8144
(Draft) | September 2016 | DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue
Announcement and Draft Publication |
| NISTIR 8136 | January 2017 | An Overview of Mobile Application Vetting Services for Public Safety
NISTIR 8136 FAQ
doi:10.6028/NIST.IR.8136 [Direct Link] |
| NISTIR 8135 | May 2016 | Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report
NISTIR 8135 FAQ
doi:10.6028/NIST.IR.8135 [Direct Link] |
| NISTIR 8080 | July 2016 | Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link] |
| NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link] |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
| NISTIR 8018 | January 2015 | Public Safety Mobile Application Security Requirements Workshop Summary
NISTIR 8018 FAQ
doi:10.6028/NIST.IR.8018 [Direct Link] |
| NISTIR 8014 | March 2015 | Considerations for Identity Management in Public Safety Mobile Networks
NISTIR 8014 FAQ
doi:10.6028/NIST.IR.8014 [Direct Link] |
| | Press Release |
NISTIR 7981
(Draft) | March 2014 | DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication |
| NISTIR 7770 | February 2011 | Security Considerations for Remote Electronic UOCAVA Voting
NISTIR 7770 FAQ
doi:10.6028/NIST.IR.7770 [Direct Link] |
| NISTIR 7711 | September 2011 | Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters
NISTIR 7711 FAQ
doi:10.6028/NIST.IR.7711 [Direct Link] |
| NISTIR 7617 | October 2009 | Mobile Forensic Reference Materials: a Methodology and Reification
NISTIR 7617 FAQ
doi:10.6028/NIST.IR.7617 [Direct Link] |
| NISTIR 7516 | August 2008 | Forensic Filtering of Cell Phone Protocols
NISTIR 7516 FAQ
doi:10.6028/NIST.IR.7516 [Direct Link] |
| NISTIR 7452 | November 2007 | Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link] |
| NISTIR 7387 | March 2007 | Cell Phone Forensic Tools: an Overview and Analysis Update
NISTIR 7387 FAQ
doi:10.6028/NIST.IR.7387 [Direct Link] |
| NISTIR 7206 | July 2005 | Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link] |
| NISTIR 7046 | August 2003 | A Framework for Multi-mode Authentication: Overview and Implementation Guide
NISTIR 7046 FAQ
doi:10.6028/NIST.IR.7046 [Direct Link] |
| ITL Bulletin | July 2017 | Updated NIST Guidance for Bluetooth Security |
| ITL Bulletin | October 2016 | Making Email Trustworthy |
| ITL Bulletin | May 2015 | Authentication Considerations for Public Safety Mobile Networks |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | December 2014 | Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials |
| ITL Bulletin | April 2014 | Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations |
| ITL Bulletin | July 2007 | Border Gateway Protocol (BGP) Security |
| ITL Bulletin | June 2007 | Forensic Techniques for Cell Phones |
| ITL Bulletin | May 2007 | Securing Radio Frequency Identification (RFID) Systems |
| ITL Bulletin | March 2007 | Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST |
| ITL Bulletin | April 2006 | Protecting Sensitive Information Transmitted in Public Networks |
| ITL Bulletin | October 2004 | Securing Voice Over Internet Protocol (IP) Networks |
| Whitepaper | November 2016 | [Project Description] Mobile Application Single Sign-On: for Public Safety and First Responders
Project Description (Final) |
| | Project Homepage |
| Building-Block | March 4, 2016 | [Project Description] Domain Name System-Based Security for Electronic Mail
Project Description |
| | Project homepage |
| Use-Case | December 2015 | [Project Description] Wireless Medical Infusion Pumps: Medical Device Security
Project description |
| | Project homepage |
| Conference-Paper | May 10-12, 2016 | Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry
Preprint |
|
| Back to Top |
| Conferences & Workshops |
|
| NISTIR 8135 | May 2016 | Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report
NISTIR 8135 FAQ
doi:10.6028/NIST.IR.8135 [Direct Link] |
| NISTIR 8103 | September 2016 | Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps
NISTIR 8103 FAQ
doi:10.6028/NIST.IR.8103 [Direct Link] |
NISTIR 8050
(Draft) | April 2, 2015 | DRAFT Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy: Summary and Next Steps
Announcement and Draft Publication |
| NISTIR 8041 | April 2015 | Proceedings of the Cybersecurity for Direct Digital Manufacturing (DDM) Symposium
NISTIR 8041 FAQ
doi:10.6028/NIST.IR.8041 [Direct Link] |
| NISTIR 8018 | January 2015 | Public Safety Mobile Application Security Requirements Workshop Summary
NISTIR 8018 FAQ
doi:10.6028/NIST.IR.8018 [Direct Link] |
| NISTIR 7916 | February 2013 | Proceedings of the Cybersecurity in Cyber-Physical Systems Workshop, April 23-24, 2012
NISTIR 7916 FAQ
doi:10.6028/NIST.IR.7916 [Direct Link] |
| NISTIR 7665 | January 2010 | Proceedings of the Privilege Management Workshop, September 1-3, 2009
NISTIR 7665 FAQ
doi:10.6028/NIST.IR.7665 [Direct Link] |
| NISTIR 7657 | March 2010 | A Report on the Privilege (Access) Management Workshop
NISTIR 7657 FAQ
doi:10.6028/NIST.IR.7657 [Direct Link] |
| NISTIR 7609 | January 2010 | Cryptographic Key Management Workshop Summary -- June 8-9, 2009
NISTIR 7609 FAQ
doi:10.6028/NIST.IR.7609 [Direct Link] |
| NISTIR 7427 | September 2007 | 6th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427 FAQ
doi:10.6028/NIST.IR.7427 [Direct Link] |
| NISTIR 7313 | July 2006 | 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link] |
| NISTIR 7224 | August 2005 | 4th Annual PKI R&D Workshop "Multiple Paths to Trust" Proceedings
NISTIR 7224 FAQ
doi:10.6028/NIST.IR.7224 [Direct Link] |
| NISTIR 7085 | April 2004 | 2nd Annual PKI Research Workshop Proceedings
NISTIR 7085 FAQ
doi:10.6028/NIST.IR.7085 [Direct Link] |
| NISTIR 7059 | November 2003 | 1st Annual PKI Research Workshop Proceedings
Proceedings from Dartmouth (August 2002) |
| NISTIR 5472 | March 1994 | A Head Start on Assurance: Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness, March 21-23, 1994
NISTIR 5472 |
|
| Back to Top |
| Contingency Planning |
|
| Back to Top |
| Cryptography |
|
| FIPS 202 | August 2015 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
FIPS 202 FAQ
doi:10.6028/NIST.FIPS.202 [Direct Link] |
| | Federal Register Notice |
| | Press Release |
| | Comments received on Draft FIPS 202 |
| | Draft FIPS 202 (May 2014) |
| FIPS 198-1 | July 2008 | The Keyed-Hash Message Authentication Code (HMAC)
FIPS 198-1 FAQ
doi:10.6028/NIST.FIPS.198-1 [Direct Link] |
| FIPS 197 | November 2001 | Advanced Encryption Standard (AES)
FIPS 197 FAQ
doi:10.6028/NIST.FIPS.197 [Direct Link] |
| | Comments received on Draft FIPS 197 |
| FIPS 186-4 | July 2013 | Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link] |
| | Comments received on FIPS 186-4 (Dec. 2015) |
| | Request for Comments on FIPS 186-4 (Oct. 2015) |
| | Press Release (07-23-2013) |
| | Proposed Change Notice for FIPS 186-3 (Apr. 2012) |
| | Request for Comments on Proposed Change Notice (Apr. 2012) |
| FIPS 180-4 | August 2015 | Secure Hash Standard (SHS)
FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ
doi:10.6028/NIST.FIPS.180-4 [Direct Link] |
| | Federal Register Notice |
| | Comments received on Draft FIPS 180-4 (Aug. 2014) |
| FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
| SP 800-185 | December 2016 | SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
SP 800-185 FAQ
doi:10.6028/NIST.SP.800-185 [Direct Link] |
| | Comments Received on Draft SP 800-185 |
| SP 800-175A | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link] |
| | Comments Received from Final Draft |
| SP 800-175B | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link] |
| | Comments Received from Final Draft |
| SP 800-167 | October 2015 | Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
| SP 800-152 | October 2015 | A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)
SP 800-152 FAQ
doi:10.6028/NIST.SP.800-152 [Direct Link] |
| | Comments received on final (3rd) Draft (Dec. 2014) |
| | Draft 3 (Dec. 2014) |
| | Draft 2 (Jan. 2014) |
| | Draft (Aug. 2012) |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
| SP 800-135 Rev. 1 | December 2011 | Recommendation for Existing Application-Specific Key Derivation Functions
SP 800-135 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-135r1 [Direct Link] |
| | Informative Note (09-19-2016) |
| SP 800-133 | December 2012 | Recommendation for Cryptographic Key Generation
SP 800-133 FAQ
doi:10.6028/NIST.SP.800-133 [Direct Link] |
| | SP 800-133 (EPUB) FAQ |
| | Press Release |
| SP 800-132 | December 2010 | Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link] |
| SP 800-131A Rev. 1 | November 2015 | Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
SP 800-131A Rev. 1 FAQ
doi:10.6028/NIST.SP.800-131Ar1 [Direct Link] |
| | Comments and resolutions on Draft (July 2015) |
| SP 800-130 | August 2013 | A Framework for Designing Cryptographic Key Management Systems
SP 800-130 FAQ
doi:10.6028/NIST.SP.800-130 [Direct Link] |
| SP 800-127 | September 2010 | Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link] |
| | SP 800-127 (EPUB) FAQ |
| | Press Release |
| SP 800-120 | September 2009 | Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link] |
SP 800-116 Rev. 1
(Draft) | December 2015 | DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication |
| SP 800-116 | November 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link] |
| SP 800-113 | July 2008 | Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link] |
| SP 800-111 | November 2007 | Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link] |
| SP 800-108 | October 2009 | Recommendation for Key Derivation Using Pseudorandom Functions (Revised)
SP 800-108 FAQ
doi:10.6028/NIST.SP.800-108 [Direct Link] |
| | Comments received on Draft (Apr. 2008) |
| SP 800-107 Rev. 1 | August 2012 | Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link] |
| SP 800-106 | February 2009 | Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link] |
| SP 800-102 | September 2009 | Recommendation for Digital Signature Timeliness
SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link] |
| SP 800-90A Rev. 1 | June 2015 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP 800-90A Revision 1 FAQ
doi:10.6028/NIST.SP.800-90Ar1 [Direct Link] |
| | Press Release |
SP 800-90B
(Draft) | January 2016 | DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation
Announcement and Draft Publication |
SP 800-90C
(Draft) | April 2016 | DRAFT Recommendation for Random Bit Generator (RBG) Constructions
Announcement and Draft Publication |
| SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
| SP 800-73-4 | May 2015 (Updated 2/8/2016) | Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link] |
| | Press Release (06-16-2015) |
SP 800-67 Rev. 2
(Draft) | July 2017 | DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
Announcement and Draft Publication |
| SP 800-67 Rev. 1 | January 2012 | Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
SP 800-67 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-67r1 [Direct Link] |
| SP 800-57 Part 1 Rev. 4 | January 2016 | Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link] |
| | Comments and resolutions for SP 800-57 Part 1, Rev. 4 |
| SP 800-57 Part 2 | August 2005 | Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link] |
| | Comments received on Draft (Apr. 2005) |
| SP 800-57 Part 3 Rev. 1 | January 2015 | Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link] |
SP 800-56A Rev. 3
(Draft) | August 2017 | DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
Announcement and Draft Publication |
| SP 800-56A Rev. 2 | May 2013 | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
SP 800-56A Revision 2 FAQ
doi:10.6028/NIST.SP.800-56Ar2 [Direct Link] |
| | Comments received on Draft (Aug. 2012) |
| SP 800-56B Rev. 1 | September 2014 | Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography
SP 800-56B Rev. 1 FAQ
doi:10.6028/NIST.SP.800-56Br1 [Direct Link] |
SP 800-56C Rev. 1
(Draft) | August 2017 | DRAFT Recommendation for Key Derivation through Extraction-then-Expansion
Announcement and Draft Publication |
| SP 800-56C | November 2011 | Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C FAQ
doi:10.6028/NIST.SP.800-56C [Direct Link] |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-52 Rev. 1 | April 2014 | Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link] |
| | Press Release |
| SP 800-49 | November 2002 | Federal S/MIME V3 Client Profile
SP 800-49 FAQ
doi:10.6028/NIST.SP.800-49 [Direct Link] |
| SP 800-38A Addendum | October 2010 | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A Addendum FAQ
doi:10.6028/NIST.SP.800-38A-Add [Direct Link] |
| SP 800-38A | December 2001 | Recommendation for Block Cipher Modes of Operation: Methods and Techniques
SP 800-38A FAQ
doi:10.6028/NIST.SP.800-38A [Direct Link] |
| SP 800-38B | May 2005 (Updated 10/6/2016) | Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
SP 800-38B FAQ
doi:10.6028/NIST.SP.800-38B [Direct Link] |
| SP 800-38C | May 2004 (Updated 7/20/2007) | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (including updates as of 07-20-2007) FAQ
doi:10.6028/NIST.SP.800-38C [Direct Link] |
| SP 800-38D | November 2007 | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D FAQ
doi:10.6028/NIST.SP.800-38D [Direct Link] |
| SP 800-38E | January 2010 | Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E FAQ
doi:10.6028/NIST.SP.800-38E [Direct Link] |
| SP 800-38F | December 2012 | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link] |
| SP 800-38G | March 2016 | Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-38G FAQ
doi:10.6028/NIST.SP.800-38G [Direct Link] |
| | Press Release |
| SP 800-32 | February 26, 2001 | Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link] |
| SP 800-25 | October 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link] |
| SP 800-22 Rev. 1a | April 2010 | A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
SP 800-22 Rev. 1a FAQ
doi:10.6028/NIST.SP.800-22r1a [Direct Link] |
| SP 800-20 | October 1999 (Updated 3/1/2012) | Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures
SP 800-20 (including updates as of 03-2012) FAQ
doi:10.6028/NIST.SP.800-20 [Direct Link] |
| SP 800-17 | February 1998 | Modes of Operation Validation System (MOVS): Requirements and Procedures
SP 800-17 FAQ
doi:10.6028/NIST.SP.800-17 [Direct Link] |
| SP 800-15 | January 1998 | MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link] |
SP 1800-6
(Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication |
NISTIR 8139
(Draft) | February 2017 | DRAFT Identifying Uniformity with Entropy and Divergence
Announcement and Draft Publication |
| NISTIR 8114 | March 2017 | Report on Lightweight Cryptography
NISTIR 8114 FAQ
doi:10.6028/NIST.IR.8114 [Direct Link] |
| | Comments received on Draft (Aug. 2016) |
| NISTIR 8105 | April 2016 | Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link] |
| | Press Release |
| | Comments received on Draft NISTIR 8105 |
| NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link] |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
| NISTIR 7977 | March 2016 | NIST Cryptographic Standards and Guidelines Development Process
NISTIR 7977 FAQ
doi:10.6028/NIST.IR.7977 [Direct Link] |
| | Press Release |
| | Summary of Second Draft Comments (released Jan. 2016) |
| | Comments received on Second Draft (Jan. 2015) |
| | Second Draft NISTIR 7977 (Jan. 2015) |
| | Summary of First Draft Comments |
| | Comments received on First Draft (Feb. 2014) |
| | First Draft NISTIR 7977 (Feb. 2014) |
| NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link] |
| NISTIR 7956 | September 2013 | Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link] |
NISTIR 7924
(Draft) | May 2014 | DRAFT Reference Certificate Policy (2nd Draft)
Announcement and Draft Publication |
| NISTIR 7896 | November 2012 | Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7896 FAQ
doi:10.6028/NIST.IR.7896 [Direct Link] |
| NISTIR 7849 | March 2014 | A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link] |
| NISTIR 7817 | November 2012 | A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link] |
| NISTIR 7802 | September 2011 | Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link] |
| NISTIR 7764 | February 2011 | Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7764 FAQ
doi:10.6028/NIST.IR.7764 [Direct Link] |
| NISTIR 7676 | June 2010 | Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 FAQ
doi:10.6028/NIST.IR.7676 [Direct Link] |
| NISTIR 7620 | September 2009 | Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7620 FAQ
doi:10.6028/NIST.IR.7620 [Direct Link] |
| NISTIR 7611 | August 2009 | Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link] |
| NISTIR 7609 | January 2010 | Cryptographic Key Management Workshop Summary -- June 8-9, 2009
NISTIR 7609 FAQ
doi:10.6028/NIST.IR.7609 [Direct Link] |
| NISTIR 7452 | November 2007 | Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link] |
| NISTIR 7206 | July 2005 | Smart Cards and Mobile Device Authentication: an Overview and Implementation
NISTIR 7206 FAQ
doi:10.6028/NIST.IR.7206 [Direct Link] |
| NISTIR 7046 | August 2003 | A Framework for Multi-mode Authentication: Overview and Implementation Guide
NISTIR 7046 FAQ
doi:10.6028/NIST.IR.7046 [Direct Link] |
| NISTIR 6977 | May 2003 | Vulnerabilities in Quantum Key Distribution Protocols
NISTIR 6977 |
| NISTIR 6483 | April 2000 | Randomness Testing of the Advanced Encryption Standard Finalist Candidates
NISTIR 6483 |
| NISTIR 6390 | September 1999 | Randomness Testing of the Advanced Encryption Standard Candidate Algorithms
NISTIR 6390 |
| ITL Bulletin | June 2017 | Toward Standardizing Lightweight Cryptography |
| ITL Bulletin | April 2016 | New NIST Security Standard Can Protect Credit Cards, Health Information |
| ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
| ITL Bulletin | December 2015 | Stopping Malware and Unauthorized Software through Application Whitelisting |
| ITL Bulletin | September 2015 | Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection |
| ITL Bulletin | August 2015 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | November 2014 | Cryptographic Module Validation Program (CMVP) |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | April 2014 | Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations |
| ITL Bulletin | March 2014 | Attribute Based Access Control (ABAC) Definition and Considerations |
| ITL Bulletin | January 2014 | A Profile of the Key Management Framework for the Federal Government |
| ITL Bulletin | December 2012 | Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information |
Whitepaper
(Draft) | April 26, 2017 | DRAFT Profiles for the Lightweight Cryptography Standardization Process
Announcement and Draft Publication |
| Whitepaper | May 12, 2016 | User's Guide to Running the Draft NIST SP 800-90B Entropy Estimation Suite
Paper |
| | GitHub site |
| Building-Block | March 4, 2016 | [Project Description] Domain Name System-Based Security for Electronic Mail
Project Description |
| | Project homepage |
| Journal-Article | September 2016 | Entropy as a Service: Unlocking Cryptography's Full Potential
Preprint FAQ
doi:10.1109/MC.2016.275 [Direct Link] |
| Conference-Paper | May 10-12, 2016 | Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry
Preprint |
|
| Back to Top |
| Cyber-Physical Systems & Smart Grid |
|
| Back to Top |
| Digital Signatures |
|
| FIPS 202 | August 2015 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
FIPS 202 FAQ
doi:10.6028/NIST.FIPS.202 [Direct Link] |
| | Federal Register Notice |
| | Press Release |
| | Comments received on Draft FIPS 202 |
| | Draft FIPS 202 (May 2014) |
| FIPS 186-4 | July 2013 | Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link] |
| | Comments received on FIPS 186-4 (Dec. 2015) |
| | Request for Comments on FIPS 186-4 (Oct. 2015) |
| | Press Release (07-23-2013) |
| | Proposed Change Notice for FIPS 186-3 (Apr. 2012) |
| | Request for Comments on Proposed Change Notice (Apr. 2012) |
| FIPS 180-4 | August 2015 | Secure Hash Standard (SHS)
FIPS 180-4 (revised Applicability Clause, Aug. 2015) FAQ
doi:10.6028/NIST.FIPS.180-4 [Direct Link] |
| | Federal Register Notice |
| | Comments received on Draft FIPS 180-4 (Aug. 2014) |
| FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
| SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
| SP 800-175A | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link] |
| | Comments Received from Final Draft |
| SP 800-175B | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link] |
| | Comments Received from Final Draft |
| SP 800-157 | December 2014 | Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link] |
| | Comments and resolutions on Draft SP 800-157 (Mar. 2014) |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-126 Rev. 3
(Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
| SP 800-107 Rev. 1 | August 2012 | Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link] |
| SP 800-106 | February 2009 | Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link] |
| SP 800-102 | September 2009 | Recommendation for Digital Signature Timeliness
SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link] |
| SP 800-89 | November 2006 | Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link] |
| SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
| SP 800-57 Part 1 Rev. 4 | January 2016 | Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link] |
| | Comments and resolutions for SP 800-57 Part 1, Rev. 4 |
| SP 800-57 Part 2 | August 2005 | Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link] |
| | Comments received on Draft (Apr. 2005) |
| SP 800-57 Part 3 Rev. 1 | January 2015 | Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link] |
| SP 800-49 | November 2002 | Federal S/MIME V3 Client Profile
SP 800-49 FAQ
doi:10.6028/NIST.SP.800-49 [Direct Link] |
| SP 800-32 | February 26, 2001 | Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link] |
| SP 800-25 | October 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link] |
| SP 800-15 | January 1998 | MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link] |
SP 1800-8
(Draft) | May 2017 | DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication |
SP 1800-6
(Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication |
| NISTIR 8105 | April 2016 | Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link] |
| | Press Release |
| | Comments received on Draft NISTIR 8105 |
| NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link] |
| NISTIR 7896 | November 2012 | Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7896 FAQ
doi:10.6028/NIST.IR.7896 [Direct Link] |
| NISTIR 7802 | September 2011 | Trust Model for Security Automation Data 1.0 (TMSAD)
NISTIR 7802 FAQ
doi:10.6028/NIST.IR.7802 [Direct Link] |
| NISTIR 7764 | February 2011 | Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7764 FAQ
doi:10.6028/NIST.IR.7764 [Direct Link] |
| NISTIR 7611 | August 2009 | Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link] |
| NISTIR 7313 | July 2006 | 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link] |
| ITL Bulletin | February 2017 | Guide for Cybersecurity Incident Recovery |
| ITL Bulletin | September 2015 | Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection |
| ITL Bulletin | December 2014 | Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
|
| Back to Top |
| Forensics |
|
| Back to Top |
| General IT Security |
|
| FIPS 200 | March 2006 | Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link] |
| SP 800-192 | June 2017 | Verification and Test Methods for Access Control Policies/Models
SP 800-192 FAQ
doi:10.6028/NIST.SP.800-192 [Direct Link] |
| SP 800-177 | September 2016 | Trustworthy Email
SP 800-177 FAQ
doi:10.6028/NIST.SP.800-177 [Direct Link] |
| | High Assurance Domains project |
| SP 800-160 | November 2016 | Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link] |
| | "Rethinking Cybersecurity from the Inside Out" (blog post) |
| SP 800-157 | December 2014 | Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link] |
| | Comments and resolutions on Draft SP 800-157 (Mar. 2014) |
| SP 800-153 | February 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link] |
| | Press Release (Mar. 6, 2012) |
| SP 800-150 | October 2016 | Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link] |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
| SP 800-142 | October 2010 | Practical Combinatorial Testing
SP 800-142 FAQ
doi:10.6028/NIST.SP.800-142 [Direct Link] |
| SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
| SP 800-132 | December 2010 | Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link] |
| SP 800-128 | August 2011 | Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link] |
| SP 800-123 | July 2008 | Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link] |
| | SP 800-123 (EPUB) FAQ |
| SP 800-120 | September 2009 | Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link] |
| SP 800-119 | December 2010 | Guidelines for the Secure Deployment of IPv6
SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link] |
| SP 800-111 | November 2007 | Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link] |
| SP 800-108 | October 2009 | Recommendation for Key Derivation Using Pseudorandom Functions (Revised)
SP 800-108 FAQ
doi:10.6028/NIST.SP.800-108 [Direct Link] |
| | Comments received on Draft (Apr. 2008) |
| SP 800-100 | October 2006 (Updated 3/7/2007) | Information Security Handbook: A Guide for Managers
SP 800-100 (including updates as of 03-07-2007) FAQ
doi:10.6028/NIST.SP.800-100 [Direct Link] |
| SP 800-95 | August 2007 | Guide to Secure Web Services
SP 800-95 FAQ
doi:10.6028/NIST.SP.800-95 [Direct Link] |
| SP 800-88 Rev. 1 | December 2014 | Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link] |
| SP 800-64 Rev. 2 | October 2008 | Security Considerations in the System Development Life Cycle
SP 800-64 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-64r2 [Direct Link] |
| SP 800-56C | November 2011 | Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C FAQ
doi:10.6028/NIST.SP.800-56C [Direct Link] |
| SP 800-52 Rev. 1 | April 2014 | Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link] |
| | Press Release |
| SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| | Press Release |
| SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
| SP 800-47 | August 2002 | Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link] |
| SP 800-44 Version 2 | September 2007 | Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
| SP 800-33 | December 2001 | Underlying Technical Models for Information Technology Security
SP 800-33 FAQ
doi:10.6028/NIST.SP.800-33 [Direct Link] |
| SP 800-27 Rev. A | June 2004 | Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A
SP 800-27 Rev. A FAQ
doi:10.6028/NIST.SP.800-27rA [Direct Link] |
| SP 800-14 | September 1996 | Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-14 FAQ
doi:10.6028/NIST.SP.800-14 [Direct Link] |
| SP 800-12 Rev. 1 | June 2017 | An Introduction to Information Security
SP 800-12 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-12r1 [Direct Link] |
| SP 800-1 | December 1990 | Bibliography of Selected Computer Security Publications, January 1980 - October 1989
SP 800-1 FAQ
doi:10.6028/NIST.SP.800-1 [Direct Link] |
NISTIR 8170
(Draft) | May 2017 | DRAFT The Cybersecurity Framework: Implementation Guidance for Federal Agencies
Announcement and Draft Publication |
| NISTIR 8074 Vol. 2 | December 2015 | Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 2 FAQ
doi:10.6028/NIST.IR.8074v2 [Direct Link] |
| NISTIR 8074 Vol. 1 | December 2015 | Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 1 FAQ
doi:10.6028/NIST.IR.8074v1 [Direct Link] |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
| NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link] |
| NISTIR 7946 | April 2014 | CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link] |
| NISTIR 7864 | July 2012 | The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities
NISTIR 7864 FAQ
doi:10.6028/NIST.IR.7864 [Direct Link] |
| | Press Release |
| NISTIR 7817 | November 2012 | A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link] |
| NISTIR 7611 | August 2009 | Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link] |
| NISTIR 7581 | September 2009 | System and Network Security Acronyms and Abbreviations
NISTIR 7581 FAQ
doi:10.6028/NIST.IR.7581 [Direct Link] |
| NISTIR 7564 | April 2009 | Directions in Security Metrics Research
NISTIR 7564 FAQ
doi:10.6028/NIST.IR.7564 [Direct Link] |
| NISTIR 7559 | June 2010 | Forensics Web Services (FWS)
NISTIR 7559 FAQ
doi:10.6028/NIST.IR.7559 [Direct Link] |
| NISTIR 7435 | August 2007 | The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems
NISTIR 7435 FAQ
doi:10.6028/NIST.IR.7435 [Direct Link] |
| NISTIR 7359 | January 2007 | Information Security Guide for Government Executives
NISTIR 7359 FAQ
doi:10.6028/NIST.IR.7359 [Direct Link] |
| | Booklet |
| NISTIR 7358 | January 2007 | Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358 FAQ
doi:10.6028/NIST.IR.7358 [Direct Link] |
| NISTIR 7298 Rev. 2 | May 2013 | Glossary of Key Information Security Terms
NISTIR 7298 Rev. 2 FAQ
doi:10.6028/NIST.IR.7298r2 [Direct Link] |
| NISTIR 4545 | April 1991 | Computer Security: Selected Articles
NISTIR 4545 |
| ITL Bulletin | May 2017 | Cyber-Threat Intelligence and Information Sharing |
| ITL Bulletin | October 2016 | Making Email Trustworthy |
| ITL Bulletin | December 2013 | The National Vulnerability Database (NVD): Overview |
| ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | February 2015 | NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization |
| ITL Bulletin | December 2014 | Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | July 2014 | Release of NIST Interagency Report 7946, CVSS Implementation Guidance |
| ITL Bulletin | May 2014 | Small and Medium-Size Business Information Security Outreach Program |
| ITL Bulletin | April 2014 | Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations |
| ITL Bulletin | February 2014 | Framework for Improving Critical Infrastructure Cybersecurity |
| ITL Bulletin | June 2013 | ITL Updated Glossary Of Key Information Security Terms |
| ITL Bulletin | October 2008 | Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices |
| ITL Bulletin | November 2006 | Guide to Securing Computers Using Windows XP Home Edition |
| ITL Bulletin | March 2006 | Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce |
| ITL Bulletin | September 2004 | Information Security Within the System Development Life Cycle (SDLC) |
Whitepaper
(Draft) | January 2017 | DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication |
Whitepaper
(Draft) | April 28, 2017 | DRAFT [Project Description] Securing Property Management Systems: Cybersecurity for the Hospitality Sector
Announcement and Draft Publication |
| Whitepaper | March 2017 | Baldrige Cybersecurity Excellence Builder: Key questions for improving your organization's cybersecurity performance
Baldridge Cybersecurity Excellence Builder v1.0 |
| Whitepaper | August 23, 2012 | The Role of the National Institute of Standards and Technology in Mobile Security
The Role of NIST in Mobile Security |
| Whitepaper | 2/19/2014 | Summary of NIST SP 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations
Paper |
| Whitepaper | March 2017 | Baldrige Cybersecurity Excellence Builder: Key questions for improving your organization's cybersecurity performance
BCEB Categories 1–7 Questions and Notes Only |
| | BCEB Self-Analysis Worksheet |
| | Baldrige Cybersecurity Initiative Homepage (and FAQs) |
| Building-Block | September 16, 2015 | [Project Description] Software Asset Management: Continuous Monitoring
Project Description |
| | Project homepage |
| Journal-Article | May 2016 | Insights on Formal Methods of Cybersecurity
Preprint FAQ
doi:10.1109/MC.2016.131 [Direct Link] |
| Conference-Proceedings | June 10-14, 2016 | Estimating t-Way Fault Profile Evolution During Testing
Preprint FAQ
doi:10.1109/COMPSAC.2016.110 [Direct Link] |
|
| Back to Top |
| Healthcare |
|
| Back to Top |
| Historical Archives |
|
| SP 800-29 | June 2001 | A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
SP 800-29 FAQ
doi:10.6028/NIST.SP.800-29 [Direct Link] |
| SP 800-13 | October 1995 | Telecommunications Security Guidelines for Telecommunications Management Network
SP 800-13 FAQ
doi:10.6028/NIST.SP.800-13 [Direct Link] |
| SP 800-1 | December 1990 | Bibliography of Selected Computer Security Publications, January 1980 - October 1989
SP 800-1 FAQ
doi:10.6028/NIST.SP.800-1 [Direct Link] |
| NISTIR 6390 | September 1999 | Randomness Testing of the Advanced Encryption Standard Candidate Algorithms
NISTIR 6390 |
| NISTIR 5495 | September 1994 | Computer Security Training & Awareness Course Compendium
NISTIR 5495 |
| NISTIR 5472 | March 1994 | A Head Start on Assurance: Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness, March 21-23, 1994
NISTIR 5472 |
| NISTIR 5308 | December 1993 | General Procedures for Registering Computer Security Objects
NISTIR 5308 |
| NISTIR 5153 | March 1993 | Minimum Security Requirements for Multi-User Operating Systems
NISTIR 5153 |
| NISTIR 4976 | November 1992 | Assessing Federal and Commercial Information Security Needs
NISTIR 4976 |
| NISTIR 4939 | October 1992 | Threat Assessment of Malicious Code and External Attacks
NISTIR 4939 (TXT) |
| NISTIR 4749 | December 1991 | Sample Statement of Work for Federal Computer Security Services: For use In-House or Contracting Out
NISTIR 4749 |
| NISTIR 4734 | February 1992 | Foundations of a Security Policy for Use of the National Research and Educational Network
NISTIR 4734 |
| NISTIR 4545 | April 1991 | Computer Security: Selected Articles
NISTIR 4545 |
| NISTIR 4228 | January 1990 | Prototyping SP4: a Secure Data Network System Transport Protocol Interoperability Demonstration Project
NISTIR 4228 |
|
| Back to Top |
| Incident Response |
|
SP 800-190
(Draft) | July 2017 | DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication |
| SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
| SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link] |
| SP 800-150 | October 2016 | Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link] |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-126A
(Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication |
SP 800-126 Rev. 3
(Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-117 Rev. 1
(Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication |
| SP 800-101 Rev. 1 | May 2014 | Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link] |
SP 800-94 Rev. 1
(Draft) | July 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication |
| SP 800-94 | February 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link] |
| SP 800-86 | August 2006 | Guide to Integrating Forensic Techniques into Incident Response
SP 800-86 FAQ
doi:10.6028/NIST.SP.800-86 [Direct Link] |
| SP 800-84 | September 2006 | Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link] |
| | SP 800-84 (EPUB) FAQ |
| SP 800-83 Rev. 1 | July 2013 | Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link] |
| SP 800-61 Rev. 2 | August 2012 | Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link] |
| | Press Release |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| | Press Release |
| SP 800-40 Rev. 3 | July 2013 | Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link] |
| | Press Release |
| SP 800-34 Rev. 1 | May 2010 (Updated 11/11/2010) | Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link] |
| | Business Impact Analysis (BIA) Template |
| | Contingency Planning: Low Impact System Template |
| | Contingency Planning: Moderate Impact System Template |
| | Contingency Planning: High Impact System Template |
SP 1800-7
(Draft) | February 2017 | DRAFT Situational Awareness for Electric Utilities
Announcement and Draft Publication |
SP 1800-6
(Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication |
SP 1800-5
(Draft) | October 2015 | DRAFT IT Asset Management: Financial Services
Announcement and Draft Publication |
NISTIR 8179
(Draft) | July 2017 | DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication |
NISTIR 7848
(Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication |
NISTIR 7800
(Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication |
NISTIR 7799
(Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication |
NISTIR 7756
(Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication |
| NISTIR 7387 | March 2007 | Cell Phone Forensic Tools: an Overview and Analysis Update
NISTIR 7387 FAQ
doi:10.6028/NIST.IR.7387 [Direct Link] |
| NISTIR 7250 | October 2005 | Cell Phone Forensic Tools: an Overview and Analysis
NISTIR 7250 FAQ
doi:10.6028/NIST.IR.7250 [Direct Link] |
| NISTIR 7100 | August 2004 | PDA Forensic Tools: an Overview and Analysis
NISTIR 7100 FAQ
doi:10.6028/NIST.IR.7100 [Direct Link] |
| NISTIR 6981 | April 2003 | Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link] |
| NISTIR 6416 | October 1999 | Applying Mobile Agents to Intrusion Detection and Response
NISTIR 6416 |
| ITL Bulletin | May 2017 | Cyber-Threat Intelligence and Information Sharing |
| ITL Bulletin | February 2017 | Guide for Cybersecurity Incident Recovery |
| ITL Bulletin | June 2015 | Increasing Visibility and Control of Your ICT Supply Chains |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | February 2014 | Framework for Improving Critical Infrastructure Cybersecurity |
| ITL Bulletin | September 2013 | ITL Publishes Guidance on Preventing and Handling Malware Incidents |
| ITL Bulletin | August 2013 | ITL Publishes Guidance on Enterprise Patch Management Technologies |
| ITL Bulletin | September 2012 | Revised Guide Helps Organizations Handle Security Related Incidents |
| ITL Bulletin | June 2007 | Forensic Techniques for Cell Phones |
| ITL Bulletin | February 2007 | Intrusion Detection and Prevention Systems |
| ITL Bulletin | December 2006 | Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs |
| ITL Bulletin | September 2006 | Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents |
| ITL Bulletin | February 2006 | Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security |
| ITL Bulletin | April 2002 | Techniques for System and Data Recovery |
Whitepaper
(Draft) | January 2017 | DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication |
| Whitepaper | May 2016 | [Project Description] Data Integrity: Recovering from a destructive malware attack
Project Description |
| | Data Integrity homepage |
|
| Back to Top |
| Internet of Things (IoT) |
|
| Back to Top |
| Maintenance |
|
| SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
| SP 800-171 Rev. 1 | December 2016 | Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-171r1 [Direct Link] |
| | Specific Changes to the Security Requirements in SP 800-171 |
| SP 800-171 | June 2015 (Updated 1/14/2016) | Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 (including updates as of 01-14-2016) FAQ
doi:10.6028/NIST.SP.800-171 [Direct Link] |
| | Press Release (06-19-2015) |
| SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link] |
SP 800-155
(Draft) | December 2011 | DRAFT BIOS Integrity Measurement Guidelines
Announcement and Draft Publication |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
| SP 800-128 | August 2011 | Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link] |
SP 800-126A
(Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication |
SP 800-126 Rev. 3
(Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
| SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
| SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link] |
| SP 800-123 | July 2008 | Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link] |
| | SP 800-123 (EPUB) FAQ |
SP 800-117 Rev. 1
(Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication |
| SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link] |
| SP 800-88 Rev. 1 | December 2014 | Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link] |
| SP 800-84 | September 2006 | Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link] |
| | SP 800-84 (EPUB) FAQ |
| SP 800-83 Rev. 1 | July 2013 | Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link] |
| SP 800-69 | September 2006 | Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
SP 800-69 FAQ
doi:10.6028/NIST.SP.800-69 [Direct Link] |
| SP 800-68 Rev. 1 | October 2008 | Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link] |
| | Security Templates R1.2.1 |
| | NIST Windows Security Baseline Database Application v0.2.7 |
| SP 800-61 Rev. 2 | August 2012 | Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link] |
| | Press Release |
| SP 800-55 Rev. 1 | July 2008 | Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link] |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-43 | November 2002 | Systems Administration Guidance for Securing Windows 2000 Professional System
SP 800-43 FAQ
doi:10.6028/NIST.SP.800-43 [Direct Link] |
| | Security Templates R1.2.3 |
| SP 800-40 Rev. 3 | July 2013 | Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link] |
| | Press Release |
| SP 800-24 | April 2001 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
SP 800-24 FAQ
doi:10.6028/NIST.SP.800-24 [Direct Link] |
SP 1800-8
(Draft) | May 2017 | DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication |
NISTIR 8179
(Draft) | July 2017 | DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
NISTIR 7848
(Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication |
| NISTIR 7823 | March 2015 | Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
NISTIR 7823 FAQ
doi:10.6028/NIST.IR.7823 [Direct Link] |
NISTIR 7800
(Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication |
NISTIR 7799
(Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication |
NISTIR 7756
(Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication |
| NISTIR 7284 | January 2006 | Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link] |
| NISTIR 7275 Rev. 4 | March 2012 | Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4 |
| | NISTIR 7275 Rev. 4 (markup) |
| NISTIR 7275 Rev. 3 | January 2008 | Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3 FAQ
doi:10.6028/NIST.IR.7275r3 [Direct Link] |
| NISTIR 7275 | January 2006 | Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1
NISTIR 7275 FAQ
doi:10.6028/NIST.IR.7275 [Direct Link] |
| NISTIR 7188 | January 2005 | Specification for the Extensible Configuration Checklist Description Format (XCCDF)
NISTIR 7188 FAQ
doi:10.6028/NIST.IR.7188 [Direct Link] |
| NISTIR 6985 | April 2003 | COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP) Version 1.0
NISTIR 6985 FAQ
doi:10.6028/nist.ir.6985 [Direct Link] |
| NISTIR 6462 | December 1999 | CSPP - Guidance for COTS Security Protection Profiles (Formerly: CS2 - Protection Profile Guidance for Near-Term COTS) Version 1.0
NISTIR 6462 |
| ITL Bulletin | February 2017 | Guide for Cybersecurity Incident Recovery |
| ITL Bulletin | December 2013 | The National Vulnerability Database (NVD): Overview |
| ITL Bulletin | October 2015 | Protection of Controlled Unclassified Information |
| ITL Bulletin | June 2015 | Increasing Visibility and Control of Your ICT Supply Chains |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | February 2015 | NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | February 2014 | Framework for Improving Critical Infrastructure Cybersecurity |
| ITL Bulletin | September 2013 | ITL Publishes Guidance on Preventing and Handling Malware Incidents |
| ITL Bulletin | August 2013 | ITL Publishes Guidance on Enterprise Patch Management Technologies |
| ITL Bulletin | October 2008 | Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices |
| ITL Bulletin | December 2006 | Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs |
| ITL Bulletin | November 2006 | Guide to Securing Computers Using Windows XP Home Edition |
| ITL Bulletin | August 2006 | Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems |
| ITL Bulletin | February 2006 | Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security |
| ITL Bulletin | October 2004 | Securing Voice Over Internet Protocol (IP) Networks |
Whitepaper
(Draft) | January 2017 | DRAFT Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1
Announcement and Draft Publication |
|
| Back to Top |
| Mobile |
|
| Back to Top |
| Personal Identity Verification (PIV) |
|
| Back to Top |
| PKI |
|
| FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
| SP 800-175A | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A FAQ
doi:10.6028/NIST.SP.800-175A [Direct Link] |
| | Comments Received from Final Draft |
| SP 800-175B | August 2016 | Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B FAQ
doi:10.6028/NIST.SP.800-175B [Direct Link] |
| | Comments Received from Final Draft |
| SP 800-166 | June 2016 | Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link] |
| SP 800-157 | December 2014 | Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link] |
| | Comments and resolutions on Draft SP 800-157 (Mar. 2014) |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-116 Rev. 1
(Draft) | December 2015 | DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication |
| SP 800-116 | November 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link] |
| SP 800-89 | November 2006 | Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link] |
| SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
| SP 800-73-4 | May 2015 (Updated 2/8/2016) | Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link] |
| | Press Release (06-16-2015) |
| SP 800-57 Part 1 Rev. 4 | January 2016 | Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link] |
| | Comments and resolutions for SP 800-57 Part 1, Rev. 4 |
| SP 800-57 Part 2 | August 2005 | Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link] |
| | Comments received on Draft (Apr. 2005) |
| SP 800-57 Part 3 Rev. 1 | January 2015 | Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link] |
| SP 800-52 Rev. 1 | April 2014 | Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link] |
| | Press Release |
| SP 800-32 | February 26, 2001 | Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link] |
| SP 800-25 | October 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link] |
| SP 800-15 | January 1998 | MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link] |
SP 1800-8
(Draft) | May 2017 | DRAFT Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
Announcement and Draft Publication |
SP 1800-6
(Draft) | November 2016 | DRAFT Domain Name Systems-Based Electronic Mail Security
Announcement and Draft Publication |
| NISTIR 8105 | April 2016 | Report on Post-Quantum Cryptography
NISTIR 8105 FAQ
doi:10.6028/NIST.IR.8105 [Direct Link] |
| | Press Release |
| | Comments received on Draft NISTIR 8105 |
| NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link] |
NISTIR 7981
(Draft) | March 2014 | DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication |
| NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link] |
| NISTIR 7956 | September 2013 | Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link] |
NISTIR 7924
(Draft) | May 2014 | DRAFT Reference Certificate Policy (2nd Draft)
Announcement and Draft Publication |
| NISTIR 7849 | March 2014 | A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link] |
| NISTIR 7817 | November 2012 | A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link] |
| NISTIR 7676 | June 2010 | Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 FAQ
doi:10.6028/NIST.IR.7676 [Direct Link] |
| NISTIR 7611 | August 2009 | Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link] |
| NISTIR 7609 | January 2010 | Cryptographic Key Management Workshop Summary -- June 8-9, 2009
NISTIR 7609 FAQ
doi:10.6028/NIST.IR.7609 [Direct Link] |
| NISTIR 7452 | November 2007 | Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452 FAQ
doi:10.6028/NIST.IR.7452 [Direct Link] |
| NISTIR 7427 | September 2007 | 6th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427 FAQ
doi:10.6028/NIST.IR.7427 [Direct Link] |
| NISTIR 7313 | July 2006 | 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link] |
| NISTIR 7224 | August 2005 | 4th Annual PKI R&D Workshop "Multiple Paths to Trust" Proceedings
NISTIR 7224 FAQ
doi:10.6028/NIST.IR.7224 [Direct Link] |
| NISTIR 7085 | April 2004 | 2nd Annual PKI Research Workshop Proceedings
NISTIR 7085 FAQ
doi:10.6028/NIST.IR.7085 [Direct Link] |
| NISTIR 7059 | November 2003 | 1st Annual PKI Research Workshop Proceedings
Proceedings from Dartmouth (August 2002) |
| ITL Bulletin | August 2016 | NIST Updates Personal Identity Verification (PIV) Guidelines |
| ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
| ITL Bulletin | December 2014 | Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | April 2014 | Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations |
|
| Back to Top |
| Planning |
|
| FIPS 200 | March 2006 | Minimum Security Requirements for Federal Information and Information Systems
FIPS 200 FAQ
doi:10.6028/NIST.FIPS.200 [Direct Link] |
| FIPS 199 | February 2004 | Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link] |
| FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
| SP 800-184 | December 2016 | Guide for Cybersecurity Event Recovery
SP 800-184 FAQ
doi:10.6028/NIST.SP.800-184 [Direct Link] |
| | Press Release (12-22-2016) |
| SP 800-179 | December 2016 | Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
SP 800-179 FAQ
doi:10.6028/NIST.SP.800-179 [Direct Link] |
| | Supplemental Content (GitHub) |
| | National Checklist Program |
| SP 800-167 | October 2015 | Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
| SP 800-163 | January 2015 | Vetting the Security of Mobile Applications
SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link] |
| | Press Release |
| SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link] |
| SP 800-160 | November 2016 | Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link] |
| | "Rethinking Cybersecurity from the Inside Out" (blog post) |
| SP 800-153 | February 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link] |
| | Press Release (Mar. 6, 2012) |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
| SP 800-146 | May 2012 | Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link] |
| | SP 800-146 (EPUB) FAQ |
| | Press Release |
| SP 800-145 | September 2011 | The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link] |
| | SP 800-145 (EPUB) FAQ |
| | Press Release |
| SP 800-144 | December 2011 | Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link] |
| | SP 800-144 (EPUB) FAQ |
| | Press Release |
| SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
SP 800-125A
(Draft) | October 20, 2014 | DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication |
| SP 800-125 | January 2011 | Guide to Security for Full Virtualization Technologies
SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link] |
| | Press Release |
| SP 800-124 Rev. 1 | June 2013 | Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link] |
| | SP 800-124 Rev. 1 (EPUB) FAQ |
| | Press Release |
| SP 800-123 | July 2008 | Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link] |
| | SP 800-123 (EPUB) FAQ |
| SP 800-122 | April 2010 | Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link] |
| | SP 800-122 (EPUB) FAQ |
| SP 800-119 | December 2010 | Guidelines for the Secure Deployment of IPv6
SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link] |
SP 800-116 Rev. 1
(Draft) | December 2015 | DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication |
| SP 800-116 | November 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link] |
| SP 800-113 | July 2008 | Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link] |
| SP 800-98 | April 2007 | Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link] |
| SP 800-95 | August 2007 | Guide to Secure Web Services
SP 800-95 FAQ
doi:10.6028/NIST.SP.800-95 [Direct Link] |
SP 800-94 Rev. 1
(Draft) | July 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication |
| SP 800-94 | February 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link] |
| SP 800-81-2 | September 2013 | Secure Domain Name System (DNS) Deployment Guide
SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link] |
| SP 800-65 | January 2005 | Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65 FAQ
doi:10.6028/NIST.SP.800-65 [Direct Link] |
| SP 800-57 Part 1 Rev. 4 | January 2016 | Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link] |
| | Comments and resolutions for SP 800-57 Part 1, Rev. 4 |
| SP 800-57 Part 2 | August 2005 | Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link] |
| | Comments received on Draft (Apr. 2005) |
| SP 800-57 Part 3 Rev. 1 | January 2015 | Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link] |
| SP 800-55 Rev. 1 | July 2008 | Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link] |
| SP 800-54 | July 2007 | Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link] |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
| SP 800-47 | August 2002 | Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link] |
| SP 800-44 Version 2 | September 2007 | Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link] |
| SP 800-43 | November 2002 | Systems Administration Guidance for Securing Windows 2000 Professional System
SP 800-43 FAQ
doi:10.6028/NIST.SP.800-43 [Direct Link] |
| | Security Templates R1.2.3 |
| SP 800-41 Rev. 1 | September 2009 | Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link] |
| SP 800-39 | March 2011 | Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link] |
| | Press Release |
| SP 800-37 Rev. 1 | February 2010 (Updated 6/5/2014) | Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link] |
| | Supplemental Guidance on Ongoing Authorization, (June 2014) |
| | Press Release |
| SP 800-36 | October 2003 | Guide to Selecting Information Technology Security Products
SP 800-36 FAQ
doi:10.6028/NIST.SP.800-36 [Direct Link] |
| SP 800-35 | October 2003 | Guide to Information Technology Security Services
SP 800-35 FAQ
doi:10.6028/NIST.SP.800-35 [Direct Link] |
| SP 800-33 | December 2001 | Underlying Technical Models for Information Technology Security
SP 800-33 FAQ
doi:10.6028/NIST.SP.800-33 [Direct Link] |
| SP 800-32 | February 26, 2001 | Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link] |
| SP 800-30 Rev. 1 | September 2012 | Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link] |
| | SP 800-30 Rev. 1 (EPUB) FAQ |
| | Press Release |
| SP 800-27 Rev. A | June 2004 | Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A
SP 800-27 Rev. A FAQ
doi:10.6028/NIST.SP.800-27rA [Direct Link] |
| SP 800-25 | October 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link] |
| SP 800-19 | October 1999 | Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link] |
| SP 800-18 Rev. 1 | February 2006 | Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link] |
NISTIR 8085
(Draft) | December 2015 | DRAFT Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags
Announcement and Draft Publication |
| NISTIR 8074 Vol. 2 | December 2015 | Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 2 FAQ
doi:10.6028/NIST.IR.8074v2 [Direct Link] |
| NISTIR 8074 Vol. 1 | December 2015 | Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity
NISTIR 8074 Vol. 1 FAQ
doi:10.6028/NIST.IR.8074v1 [Direct Link] |
| NISTIR 8060 | April 2016 | Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
NISTIR 8060 FAQ
doi:10.6028/NIST.IR.8060 [Direct Link] |
| | Guideline Summary for NISTIR 8060 |
| | Schema Definition for NISTIR 8060 |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
NISTIR 7981
(Draft) | March 2014 | DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication |
| NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link] |
| NISTIR 7621 Rev. 1 | November 2016 | Small Business Information Security: the Fundamentals
NISTIR 7621 Rev. 1 FAQ
doi:10.6028/NIST.IR.7621r1 [Direct Link] |
| | Press Release |
| | "Ignoring Cybersecurity is Risky Business" (blog post) |
| NISTIR 7611 | August 2009 | Use of ISO/IEC 24727
NISTIR 7611 FAQ
doi:10.6028/NIST.IR.7611 [Direct Link] |
| NISTIR 7497 | September 2010 | Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link] |
| NISTIR 7359 | January 2007 | Information Security Guide for Government Executives
NISTIR 7359 FAQ
doi:10.6028/NIST.IR.7359 [Direct Link] |
| | Booklet |
| NISTIR 7358 | January 2007 | Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358 FAQ
doi:10.6028/NIST.IR.7358 [Direct Link] |
| NISTIR 7316 | September 2006 | Assessment of Access Control Systems
NISTIR 7316 FAQ
doi:10.6028/NIST.IR.7316 [Direct Link] |
| NISTIR 7284 | January 2006 | Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link] |
| NISTIR 6985 | April 2003 | COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP) Version 1.0
NISTIR 6985 FAQ
doi:10.6028/nist.ir.6985 [Direct Link] |
| NISTIR 6981 | April 2003 | Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link] |
| NISTIR 6887 2003 Edition | July 16, 2003 | Government Smart Card Interoperability Specification, Version 2.1
NISTIR 6887 FAQ
doi:10.6028/NIST.IR.6887e2003 [Direct Link] |
| NISTIR 6462 | December 1999 | CSPP - Guidance for COTS Security Protection Profiles (Formerly: CS2 - Protection Profile Guidance for Near-Term COTS) Version 1.0
NISTIR 6462 |
| ITL Bulletin | March 2017 | Fundamentals of Small Business Information Security |
| ITL Bulletin | February 2017 | Guide for Cybersecurity Incident Recovery |
| ITL Bulletin | December 2016 | Rethinking Security Through Systems Security Engineering |
| ITL Bulletin | July 2016 | Improving Security and Software Management Through the Use of SWID Tags |
| ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
| ITL Bulletin | December 2015 | Stopping Malware and Unauthorized Software through Application Whitelisting |
| ITL Bulletin | June 2015 | Increasing Visibility and Control of Your ICT Supply Chains |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | March 2015 | Guidance for Secure Authorization of Mobile Applications in the Corporate Environment |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | May 2014 | Small and Medium-Size Business Information Security Outreach Program |
| ITL Bulletin | February 2014 | Framework for Improving Critical Infrastructure Cybersecurity |
| ITL Bulletin | October 2008 | Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices |
| ITL Bulletin | July 2007 | Border Gateway Protocol (BGP) Security |
| ITL Bulletin | May 2007 | Securing Radio Frequency Identification (RFID) Systems |
| ITL Bulletin | February 2007 | Intrusion Detection and Prevention Systems |
| ITL Bulletin | November 2006 | Guide to Securing Computers Using Windows XP Home Edition |
| ITL Bulletin | March 2006 | Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce |
| ITL Bulletin | February 2006 | Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security |
| ITL Bulletin | January 2006 | Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201 |
| ITL Bulletin | January 2005 | Integrating IT Security into the Capital Planning and Investment Control Process |
| ITL Bulletin | November 2004 | Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government |
| ITL Bulletin | June 2004 | Information Technology Security Services: How to Select, Implement, and Manage |
| ITL Bulletin | April 2004 | Selecting Information Technology Security Products |
| ITL Bulletin | March 2004 | Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems |
| ITL Bulletin | February 2003 | Secure Interconnections for Information Technology Systems |
Whitepaper
(Draft) | March 20, 2017 | DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication |
|
| Back to Top |
| Privacy |
|
| Back to Top |
| Public Safety |
|
| Back to Top |
| Research |
|
| Back to Top |
| Risk Assessment |
|
| FIPS 199 | February 2004 | Standards for Security Categorization of Federal Information and Information Systems
FIPS 199 FAQ
doi:10.6028/NIST.FIPS.199 [Direct Link] |
| SP 800-167 | October 2015 | Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
| SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link] |
| SP 800-160 | November 2016 | Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
SP 800-160 FAQ
doi:10.6028/NIST.SP.800-160 [Direct Link] |
| | "Rethinking Cybersecurity from the Inside Out" (blog post) |
SP 800-154
(Draft) | March 2016 | DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication |
| SP 800-153 | February 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link] |
| | Press Release (Mar. 6, 2012) |
| SP 800-150 | October 2016 | Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link] |
| SP 800-137 | September 2011 | Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link] |
| | Press Release |
| SP 800-128 | August 2011 | Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link] |
SP 800-126 Rev. 3
(Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
| SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
| SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link] |
| SP 800-125 | January 2011 | Guide to Security for Full Virtualization Technologies
SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link] |
| | Press Release |
| SP 800-122 | April 2010 | Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link] |
| | SP 800-122 (EPUB) FAQ |
SP 800-117 Rev. 1
(Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication |
| SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link] |
SP 800-116 Rev. 1
(Draft) | December 2015 | DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication |
| SP 800-116 | November 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link] |
| SP 800-115 | September 2008 | Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link] |
| | SP 800-115 (EPUB) FAQ |
| SP 800-88 Rev. 1 | December 2014 | Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link] |
| SP 800-84 | September 2006 | Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link] |
| | SP 800-84 (EPUB) FAQ |
| SP 800-82 Rev. 2 | May 2015 | Guide to Industrial Control Systems (ICS) Security
SP 800-82 Revision 2 FAQ
doi:10.6028/NIST.SP.800-82r2 [Direct Link] |
| | Press Release |
| SP 800-61 Rev. 2 | August 2012 | Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link] |
| | Press Release |
| SP 800-60 Vol. 2 Rev. 1 | August 2008 | Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
SP 800-60 Vol. 2, Rev. 1: Appendices FAQ
doi:10.6028/NIST.SP.800-60v2r1 [Direct Link] |
| SP 800-60 Vol. 1 Rev. 1 | August 2008 | Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-60 Vol. 1 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link] |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-47 | August 2002 | Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link] |
| SP 800-40 Rev. 3 | July 2013 | Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link] |
| | Press Release |
| SP 800-39 | March 2011 | Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link] |
| | Press Release |
| SP 800-37 Rev. 1 | February 2010 (Updated 6/5/2014) | Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link] |
| | Supplemental Guidance on Ongoing Authorization, (June 2014) |
| | Press Release |
| SP 800-30 Rev. 1 | September 2012 | Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link] |
| | SP 800-30 Rev. 1 (EPUB) FAQ |
| | Press Release |
| SP 800-28 Version 2 | March 2008 | Guidelines on Active Content and Mobile Code
SP 800-28 Version 2 FAQ
doi:10.6028/NIST.SP.800-28ver2 [Direct Link] |
| SP 800-23 | August 2000 | Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-23 FAQ
doi:10.6028/NIST.SP.800-23 [Direct Link] |
| SP 800-19 | October 1999 | Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link] |
SP 1800-5
(Draft) | October 2015 | DRAFT IT Asset Management: Financial Services
Announcement and Draft Publication |
SP 1800-2
(Draft) | August 2015 | DRAFT Identity and Access Management for Electric Utilities
Announcement and Draft Publication |
SP 1800-1
(Draft) | July 2015 | DRAFT Securing Electronic Health Records on Mobile Devices
Announcement and Draft Publication |
NISTIR 8170
(Draft) | May 2017 | DRAFT The Cybersecurity Framework: Implementation Guidance for Federal Agencies
Announcement and Draft Publication |
NISTIR 8144
(Draft) | September 2016 | DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue
Announcement and Draft Publication |
| NISTIR 8136 | January 2017 | An Overview of Mobile Application Vetting Services for Public Safety
NISTIR 8136 FAQ
doi:10.6028/NIST.IR.8136 [Direct Link] |
| NISTIR 8135 | May 2016 | Identifying and Categorizing Data Types for Public Safety Mobile Applications: Workshop Report
NISTIR 8135 FAQ
doi:10.6028/NIST.IR.8135 [Direct Link] |
| NISTIR 8062 | January 2017 | An Introduction to Privacy Engineering and Risk Management in Federal Systems
NISTIR 8062 FAQ
doi:10.6028/NIST.IR.8062 [Direct Link] |
| | "Making Privacy Concrete (three words not usually found together)" (blog post) |
| NISTIR 8055 | January 2016 | Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
NISTIR 8055 FAQ
doi:10.6028/NIST.IR.8055 [Direct Link] |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
| NISTIR 8018 | January 2015 | Public Safety Mobile Application Security Requirements Workshop Summary
NISTIR 8018 FAQ
doi:10.6028/NIST.IR.8018 [Direct Link] |
| NISTIR 8011 Vol. 2 | June 2017 | Automation Support for Security Control Assessments: Hardware Asset Management
NISTIR 8011 Vol. 2 FAQ
doi:10.6028/NIST.IR.8011-2 [Direct Link] |
| NISTIR 8011 Vol. 1 | June 2017 | Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link] |
| NISTIR 7966 | October 2015 | Security of Interactive and Automated Access Management Using Secure Shell (SSH)
NISTIR 7966 FAQ
doi:10.6028/NIST.IR.7966 [Direct Link] |
| NISTIR 7864 | July 2012 | The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities
NISTIR 7864 FAQ
doi:10.6028/NIST.IR.7864 [Direct Link] |
| | Press Release |
NISTIR 7848
(Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication |
NISTIR 7800
(Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication |
NISTIR 7799
(Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication |
NISTIR 7756
(Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication |
| NISTIR 7692 | April 2011 | Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692 FAQ
doi:10.6028/NIST.IR.7692 [Direct Link] |
| NISTIR 7628 Rev. 1 | September 2014 | Guidelines for Smart Grid Cybersecurity
NISTIR 7628 Rev. 1, (Volumes 1-3) FAQ
doi:10.6028/NIST.IR.7628r1 [Direct Link] |
| | NIST Project: Cybersecurity for Smart Grid Systems |
| NISTIR 7564 | April 2009 | Directions in Security Metrics Research
NISTIR 7564 FAQ
doi:10.6028/NIST.IR.7564 [Direct Link] |
| NISTIR 7551 | December 2008 | A Threat Analysis on UOCAVA Voting Systems
NISTIR 7551 FAQ
doi:10.6028/NIST.IR.7551 [Direct Link] |
| NISTIR 7502 | December 2010 | The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
NISTIR 7502 FAQ
doi:10.6028/NIST.IR.7502 [Direct Link] |
| NISTIR 7497 | September 2010 | Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link] |
| NISTIR 7316 | September 2006 | Assessment of Access Control Systems
NISTIR 7316 FAQ
doi:10.6028/NIST.IR.7316 [Direct Link] |
| NISTIR 6981 | April 2003 | Policy Expression and Enforcement for Handheld Devices
NISTIR 6981 FAQ
doi:10.6028/NIST.IR.6981 [Direct Link] |
| ITL Bulletin | May 2017 | Cyber-Threat Intelligence and Information Sharing |
| ITL Bulletin | April 2017 | Building the Bridge Between Privacy and Cybersecurity for Federal Systems |
| ITL Bulletin | December 2016 | Rethinking Security Through Systems Security Engineering |
| ITL Bulletin | January 2016 | Securing Interactive and Automated Access Management Using Secure Shell (SSH) |
| ITL Bulletin | December 2015 | Stopping Malware and Unauthorized Software through Application Whitelisting |
| ITL Bulletin | November 2015 | Tailoring Security Controls for Industrial Control Systems |
| ITL Bulletin | June 2015 | Increasing Visibility and Control of Your ICT Supply Chains |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | February 2015 | NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitization |
| ITL Bulletin | September 2014 | Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity |
| ITL Bulletin | February 2014 | Framework for Improving Critical Infrastructure Cybersecurity |
| ITL Bulletin | August 2013 | ITL Publishes Guidance on Enterprise Patch Management Technologies |
| ITL Bulletin | August 2011 | Protecting Industrial Control Systems – Key Components of Our Nation's Critical Infrastructures |
| ITL Bulletin | December 2006 | Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs |
| ITL Bulletin | February 2006 | Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security |
| ITL Bulletin | November 2004 | Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government |
| ITL Bulletin | March 2004 | Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems |
| ITL Bulletin | February 2003 | Secure Interconnections for Information Technology Systems |
Whitepaper
(Draft) | March 20, 2017 | DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication |
| Whitepaper | 6/3/2014 | Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management
Paper |
| Journal-Article | March-April 2016 | Using a Capability Oriented Methodology to Build Your Cloud Ecosystem
Preprint FAQ
doi:10.1109/MCC.2016.38 [Direct Link] |
|
| Back to Top |
| Security Automation |
|
| Back to Top |
| Services & Acquisitions |
|
| FIPS 201-2 | August 2013 | Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link] |
| | 2012 Draft Comments and Dispositions |
| | 2011 Draft Comments and Dispositions |
| | Revised Draft (July 2012) |
| | Draft FIPS 201-2 (March 2011) |
| FIPS 140-2 | May 25, 2001 (Change Notice 2, 12/3/2002) | Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002) FAQ
doi:10.6028/NIST.FIPS.140-2 [Direct Link] |
| | Annex A: Approved Security Functions |
| | Annex B: Approved Protection Profiles |
| | Annex C: Approved Random Number Generators |
| | Annex D: Approved Key Establishment Techniques |
| | FIPS 140-2 (EPUB) FAQ |
| | Comments on FIPS 140-1 (Oct. 1998) |
| SP 800-161 | April 2015 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link] |
| SP 800-144 | December 2011 | Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link] |
| | SP 800-144 (EPUB) FAQ |
| | Press Release |
SP 800-126 Rev. 3
(Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
| SP 800-126 Rev. 1 | February 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link] |
| SP 800-126 | November 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link] |
| SP 800-124 Rev. 1 | June 2013 | Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link] |
| | SP 800-124 Rev. 1 (EPUB) FAQ |
| | Press Release |
| SP 800-121 Rev. 2 | May 2017 | Guide to Bluetooth Security
SP 800-121 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-121r2 [Direct Link] |
SP 800-117 Rev. 1
(Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication |
| SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link] |
| SP 800-115 | September 2008 | Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link] |
| | SP 800-115 (EPUB) FAQ |
| SP 800-101 Rev. 1 | May 2014 | Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link] |
| SP 800-97 | February 2007 | Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP 800-97 FAQ
doi:10.6028/NIST.SP.800-97 [Direct Link] |
| SP 800-85A-4 | April 2016 | PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
SP 800-85A-4 FAQ
doi:10.6028/NIST.SP.800-85A-4 [Direct Link] |
SP 800-85B-4
(Draft) | August 2014 | DRAFT PIV Data Model Test Guidelines
Announcement and Draft Publication |
| SP 800-85B | July 2006 | PIV Data Model Test Guidelines
SP 800-85B FAQ
doi:10.6028/NIST.SP.800-85B [Direct Link] |
| SP 800-79-2 | July 2015 | Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
SP 800-79-2 FAQ
doi:10.6028/NIST.SP.800-79-2 [Direct Link] |
| SP 800-78-4 | May 2015 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link] |
| SP 800-73-4 | May 2015 (Updated 2/8/2016) | Interfaces for Personal Identity Verification
SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link] |
| | Press Release (06-16-2015) |
| SP 800-66 Rev. 1 | October 2008 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-66r1 [Direct Link] |
| SP 800-65 | January 2005 | Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65 FAQ
doi:10.6028/NIST.SP.800-65 [Direct Link] |
| SP 800-58 | January 2005 | Security Considerations for Voice Over IP Systems
SP 800-58 FAQ
doi:10.6028/NIST.SP.800-58 [Direct Link] |
SP 800-53 Rev. 5
(Draft) | August 2017 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations
Announcement and Draft Publication |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-51 Rev. 1 | February 2011 | Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link] |
| | Press Release |
| SP 800-48 Rev. 1 | July 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link] |
| SP 800-36 | October 2003 | Guide to Selecting Information Technology Security Products
SP 800-36 FAQ
doi:10.6028/NIST.SP.800-36 [Direct Link] |
| SP 800-35 | October 2003 | Guide to Information Technology Security Services
SP 800-35 FAQ
doi:10.6028/NIST.SP.800-35 [Direct Link] |
| SP 800-25 | October 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link] |
| SP 800-15 | January 1998 | MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link] |
NISTIR 8179
(Draft) | July 2017 | DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication |
| NISTIR 8023 | February 2015 | Risk Management for Replication Devices
NISTIR 8023 FAQ
doi:10.6028/NIST.IR.8023 [Direct Link] |
NISTIR 7848
(Draft) | May 2012 | DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication |
NISTIR 7800
(Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication |
NISTIR 7799
(Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication |
NISTIR 7756
(Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication |
| NISTIR 7622 | October 2012 | Notional Supply Chain Risk Management Practices for Federal Information Systems
NISTIR 7622 FAQ
doi:10.6028/NIST.IR.7622 [Direct Link] |
| | Press Release |
| NISTIR 7511 Rev. 4 | January 2016 | Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
NISTIR 7511 Rev. 4 FAQ
doi:10.6028/NIST.IR.7511r4 [Direct Link] |
| NISTIR 7497 | September 2010 | Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497 FAQ
doi:10.6028/NIST.IR.7497 [Direct Link] |
| NISTIR 7387 | March 2007 | Cell Phone Forensic Tools: an Overview and Analysis Update
NISTIR 7387 FAQ
doi:10.6028/NIST.IR.7387 [Direct Link] |
| NISTIR 7313 | July 2006 | 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313 FAQ
doi:10.6028/NIST.IR.7313 [Direct Link] |
| NISTIR 7284 | January 2006 | Personal Identity Verification Card Management Report
NISTIR 7284 FAQ
doi:10.6028/NIST.IR.7284 [Direct Link] |
| NISTIR 7250 | October 2005 | Cell Phone Forensic Tools: an Overview and Analysis
NISTIR 7250 FAQ
doi:10.6028/NIST.IR.7250 [Direct Link] |
| NISTIR 7100 | August 2004 | PDA Forensic Tools: an Overview and Analysis
NISTIR 7100 FAQ
doi:10.6028/NIST.IR.7100 [Direct Link] |
| NISTIR 6887 2003 Edition | July 16, 2003 | Government Smart Card Interoperability Specification, Version 2.1
NISTIR 6887 FAQ
doi:10.6028/NIST.IR.6887e2003 [Direct Link] |
| ITL Bulletin | July 2017 | Updated NIST Guidance for Bluetooth Security |
| ITL Bulletin | March 2016 | Updates to the NIST SCAP Validation Program and Associated Test Requirements |
| ITL Bulletin | June 2015 | Increasing Visibility and Control of Your ICT Supply Chains |
| ITL Bulletin | April 2015 | Is Your Replication Device Making An Extra Copy For Someone Else? |
| ITL Bulletin | October 2013 | ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors |
| ITL Bulletin | November 2012 | Practices for Managing Supply Chain Risks to Protect Federal Information Systems |
| ITL Bulletin | May 2011 | Using Security Configuration Checklists and the National Checklist Program |
| ITL Bulletin | November 2009 | Cybersecurity Fundamentals for Small Business Owners |
| ITL Bulletin | February 2008 | Federal Desktop Core Configuration (FDCC): Improving Security for Windows Desktop Operating Systems |
| ITL Bulletin | June 2007 | Forensic Techniques for Cell Phones |
| ITL Bulletin | January 2006 | Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201 |
| ITL Bulletin | January 2005 | Integrating IT Security into the Capital Planning and Investment Control Process |
| ITL Bulletin | October 2004 | Securing Voice Over Internet Protocol (IP) Networks |
| ITL Bulletin | June 2004 | Information Technology Security Services: How to Select, Implement, and Manage |
| ITL Bulletin | April 2004 | Selecting Information Technology Security Products |
|
| Back to Top |
| Smart Cards |
|
| Back to Top |
| Supply Chain |
|
| Back to Top |
| Threats & Vulnerability Management |
|
SP 800-190
(Draft) | July 2017 | DRAFT Application Container Security Guide (2nd Draft)
Announcement and Draft Publication |
| SP 800-167 | October 2015 | Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link] |
| | Press Release |
| SP 800-163 | January 2015 | Vetting the Security of Mobile Applications
SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link] |
| | Press Release |
SP 800-154
(Draft) | March 2016 | DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication |
| SP 800-150 | October 2016 | Guide to Cyber Threat Information Sharing
SP 800-150 FAQ
doi:10.6028/NIST.SP.800-150 [Direct Link] |
| SP 800-147B | August 2014 | BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link] |
| SP 800-147 | April 2011 | BIOS Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link] |
| | Press Release |
SP 800-126A
(Draft) | July 2016 | DRAFT SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Announcement and Draft Publication |
SP 800-126 Rev. 3
(Draft) | July 2016 | DRAFT The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
Announcement and Draft Publication |
| SP 800-126 Rev. 2 | September 2011 (Updated 3/19/2012) | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link] |
| | NIST Solicits Comments for SP 800-126 & SCAP |
SP 800-117 Rev. 1
(Draft) | January 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication |
| SP 800-83 Rev. 1 | July 2013 | Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link] |
SP 800-70 Rev. 4
(Draft) | August 2017 | DRAFT National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Announcement and Draft Publication |
| SP 800-70 Rev. 3 | November 2015 (Updated 12/8/2016) | National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-70r3 [Direct Link] |
| | National Checklist Program |
| SP 800-61 Rev. 2 | August 2012 | Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link] |
| | Press Release |
| SP 800-53 Rev. 4 | April 2013 (Updated 1/22/2015) | Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link] |
| | Word version of SP 800-53 Rev. 4 (01-22-2015) |
| | XML file for SP 800-53 Rev. 4 (01-15-2014) |
| | Summary of NIST SP 800-53 Revision 4 |
| | Press Release (04-30-2013) |
| | Pre-Draft Call for Comments for SP 800-53 Rev. 5 |
| SP 800-46 Rev. 2 | July 2016 | Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-46r2 [Direct Link] |
| SP 800-28 Version 2 | March 2008 | Guidelines on Active Content and Mobile Code
SP 800-28 Version 2 FAQ
doi:10.6028/NIST.SP.800-28ver2 [Direct Link] |
| SP 800-19 | October 1999 | Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link] |
NISTIR 8179
(Draft) | July 2017 | DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication |
NISTIR 8176
(Draft) | August 2017 | DRAFT Security Assurance Challenges for Container Deployment
Announcement and Draft Publication |
| NISTIR 8151 | November 2016 | Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy
NISTIR 8151 FAQ
doi:10.6028/NIST.IR.8151 [Direct Link] |
NISTIR 8144
(Draft) | September 2016 | DRAFT Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue
Announcement and Draft Publication |
NISTIR 8138
(Draft) | September 2016 | DRAFT Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities
Announcement and Draft Publication |
| NISTIR 8011 Vol. 2 | June 2017 | Automation Support for Security Control Assessments: Hardware Asset Management
NISTIR 8011 Vol. 2 FAQ
doi:10.6028/NIST.IR.8011-2 [Direct Link] |
| NISTIR 8011 Vol. 1 | June 2017 | Automation Support for Security Control Assessments: Overview
NISTIR 8011 Vol. 1 FAQ
doi:10.6028/NIST.IR.8011-1 [Direct Link] |
| NISTIR 7946 | April 2014 | CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link] |
NISTIR 7800
(Draft) | January 2012 | DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication |
NISTIR 7799
(Draft) | January 2012 | DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication |
NISTIR 7756
(Draft) | January 2012 | DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication |
| NISTIR 7551 | December 2008 | A Threat Analysis on UOCAVA Voting Systems
NISTIR 7551 FAQ
doi:10.6028/NIST.IR.7551 [Direct Link] |
| NISTIR 7502 | December 2010 | The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
NISTIR 7502 FAQ
doi:10.6028/NIST.IR.7502 [Direct Link] |
| NISTIR 7435 | August 2007 | The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems
NISTIR 7435 FAQ
doi:10.6028/NIST.IR.7435 [Direct Link] |
| ITL Bulletin | May 2017 | Cyber-Threat Intelligence and Information Sharing |
| ITL Bulletin | January 2017 | Dramatically Reducing Software Vulnerabilities |
| ITL Bulletin | December 2015 | Stopping Malware and Unauthorized Software through Application Whitelisting |
| ITL Bulletin | March 2015 | Guidance for Secure Authorization of Mobile Applications in the Corporate Environment |
| ITL Bulletin | October 2014 | Release of NIST Special Publication 800-147B, BIOS Protection Guidelines for Servers |
| ITL Bulletin | July 2014 | Release of NIST Interagency Report 7946, CVSS Implementation Guidance |
| ITL Bulletin | September 2013 | ITL Publishes Guidance on Preventing and Handling Malware Incidents |
Whitepaper
(Draft) | March 20, 2017 | DRAFT Cybersecurity Framework Manufacturing Profile (Final Draft)
Announcement and Draft Publication |
| Whitepaper | May 2016 | [Project Description] Data Integrity: Recovering from a destructive malware attack
Project Description |
| | Data Integrity homepage |
| Journal-Article | March-April 2016 | Using a Capability Oriented Methodology to Build Your Cloud Ecosystem
Preprint FAQ
doi:10.1109/MCC.2016.38 [Direct Link] |
| Journal-Article | June 2016 | Metamorphic Testing for Cybersecurity
Preprint FAQ
doi:10.1109/MC.2016.176 [Direct Link] |
| | Article (PubReader) |
| Conference-Proceedings | July 18-21, 2016 | Diversifying Network Services under Cost Constraints for Better Resilience against Unknown Attacks
Preprint FAQ
doi:10.1007/978-3-319-41483-6_21 [Direct Link] |
| Conference-Proceedings | January 4-6, 2016 | A Probabilistic Network Forensics Model for Evidence Analysis
Preprint FAQ
doi:10.1007/978-3-319-46279-0_10 [Direct Link] |
|
| Back to Top |
| Usability |
|
| NISTIR 8080 | July 2016 | Usability and Security Considerations for Public Safety Mobile Authentication
NISTIR 8080 FAQ
doi:10.6028/NIST.IR.8080 [Direct Link] |
| NISTIR 8040 | April 2016 | Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
NISTIR 8040 FAQ
doi:10.6028/NIST.IR.8040 [Direct Link] |
| Journal-Article | September-October 2016 | Security Fatigue
Press Release FAQ
doi:10.1109/MITP.2016.84 [Direct Link] |
|
| Back to Top |
| Voting |
|
NISTIR 8179
(Draft) | July 2017 | DRAFT Criticality Analysis Process Model: Prioritizing Systems and Components
Announcement and Draft Publication |
| NISTIR 7770 | February 2011 | Security Considerations for Remote Electronic UOCAVA Voting
NISTIR 7770 FAQ
doi:10.6028/NIST.IR.7770 [Direct Link] |
| NISTIR 7711 | September 2011 | Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters
NISTIR 7711 FAQ
doi:10.6028/NIST.IR.7711 [Direct Link] |
| NISTIR 7682 | September 2011 | Information System Security Best Practices for UOCAVA-Supporting Systems
NISTIR 7682 FAQ
doi:10.6028/NIST.IR.7682 [Direct Link] |
| NISTIR 7551 | December 2008 | A Threat Analysis on UOCAVA Voting Systems
NISTIR 7551 FAQ
doi:10.6028/NIST.IR.7551 [Direct Link] |
|
