Government Documents

National Institute of Standards and Technology

Special Publications

Document Title Reference # or Description
Public-Key Cryptography April 1991 NIST SP 800-2
Establishing a Computer Security Incident Response Capability November 1991 NIST SP 800-3
Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiators, Contracting Officers, and Computer Security Officials March 1992 NIST SP 800-4
Establishing a Computer Security Incident Response Capability November 1991 NIST SP 800-5
Automated Tools for Testing Computer System Vulnerability December 1992 NIST SP 800-6
Security in Open Systems July 1994 NIST SP 800-7
Security Issues in the Database Language SQL August 1993 NIST SP 800-8
Good Security Practices for Electronic Commerce, Including Electronic Data Interchange December 1993 NIST SP 800-9
Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls August 1993 NIST SP 800-10
The Impact of the FCC's Open Network Architecture on NS/EP Telecommunications Security February 1995 NIST SP 800-11
An Introduction to Computer Security: The NIST Handbook October 1995 NIST SP 800-12
Telecommunications Security Guidelines for Telecommunications Management Network October 1995 NIST SP 800-13
Generally Accepted Principles and Practices for Securing Information Technology Systems September 1996 NIST SP 800-14
Minimum Interoperability Specification for PKI Components (MISPC) January 1998 NIST SP 800-15
Information Technology Security Training Requirements: A Role- and Performance-Based Model April 1998 NIST SP 800-16
Information Technology Security Training Requirements: A Role- and Performance-Based Model April 1998 NIST SP 800-16 Appendix A-D
Information Technology Security Training Requirements: A Role- and Performance-Based Model April 1998 NIST SP 800-16 Appendix E
Information Technology Security Training Requirements: A Role- and Performance-Based Model March 2009 NIST SP 800-16 Draft
Modes of Operation Validation System (MOVS): Requirements and Procedures February 1998 NIST SP 800-17
Guide for Developing Security Plans for Information Technology Systems February 2006 NIST SP 800-18 Rev 1
Mobile Agent Security October 1999 NIST SP 800-19
Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures Revised April 2000 NIST SP 800-20
Document Title Reference # or Description
Guideline for Implementing Cryptography in the Federal Government December 2005 NIST SP 800-21
A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications August 2008 NIST SP 800-22 Rev 1
Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products August 2000 NIST SP 800-23
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does August 2000 NIST SP 800-24
Federal Agency Use of Public Key Technology for Digital Signatures and Authentication October 2000 NIST SP 800-25
Security Self-Assessment Guide for Information Technology Systems November 2001 NIST SP 800-26
Engineering Principles for Information Technology Security (A Baseline for Achieving Security) June 2001 NIST SP 800-27
Engineering Principles for Information Technology Security (A Baseline for Achieving Security) June 2004 NIST SP 800-27 Rev A
Guidelines on Active Content and Mobile Code March 2008 NIST SP 800-28 Version 2
A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 June 2001 NIST SP 800-29
Risk Management Guide for Information Technology Systems January 2002 NIST SP 800-30
Risk Management Guide for Information Technology Systems October 2001 NIST SP 800-30 Rev A Draft
Intrusion Detection Systems (IDS) November 2001 NIST SP 800-31
Introduction to Public Key Technology and the Federal PKI Infrastructure February 2001 NIST SP 800-32
Underlying Technical Models for Information Technology Security December 2001 NIST SP 800-33
Contingency Planning Guide for Information Technology Systems June 2002 NIST SP 800-34
Guide to Information Technology Security Services October 2003 NIST SP 800-35
Guide to Information Technology Security Services October 2002 NIST SP 800-35 Draft
Guide to Selecting Information Security Products October 2003 NIST SP 800-36
Guide to Selecting Information Security Products October 2002 NIST SP 800-36 Draft
Guide for the Security Certification and Accreditation of Federal Information Systems May 2004 NIST SP 800-37
Guide for the Security Certification and Accreditation of Federal Information Systems June 2003 NIST SP 800-37 Draft
Recommendation for Block Cipher Modes of Operation: Methods and Techniques December 2001 NIST SP 800-38A
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 NIST SP 800-38B
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 NIST SP 800-38B Appendix D
Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality May 2004 NIST SP 800-38C
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM)and GMAC November 2007 NIST SP 800-38D
Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality May 2004 NIST SP 800-39
Procedures for Handling Security Patches September 2002 NIST SP 800-40 Version 2
Document Title Reference # or Description
Guidelines on Firewalls and Firewall Policy January 2002 NIST SP 800-41
Guidelines on Firewalls and Firewall Policy July 2008 NIST SP 800-41 Draft
Guideline on Network Security Testing January 2002 NIST SP 800-42
Guideline on Network Security Testing July 2008 NIST SP 800-42 Draft
Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System November 2002 NIST SP 800-43
Guidelines on Securing Public Web Servers September 2008 NIST SP 800-44 Version 2
Guidelines on Electronic Mail Security September 2002 NIST SP 800-45
Guidelines on Electronic Mail Security February 2007 NIST SP 800-45 Version 2
Security for Telecommuting and Broadband Communications August 2002 NIST SP 800-46
Guide to Enterprise Telework and Remote Access Security February 2009 NIST SP 800-46 Draft
Security Guide for Interconnecting Information Technology Systems September 2002 NIST SP 800-47
Guide to Securing Legacy IEEE 802.11 Wireless Networks February 2009 NIST SP 800-48 Rev. 1
Federal S/MIME V3 Client Profile November 2002 NIST SP 800-49
Building an Information Technology Security Awareness and Training Program October 2003 NIST SP 800-50
Building an Information Technology Security Awareness and Training Program April 2003 NIST SP 800-50 Version 2 Draft
Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme September 2002 NIST SP 800-51
Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations June 2005 NIST SP 800-52
Guide for Assessing the Security Controls in Federal Information Systems July 2008 NIST SP 800-53A
Recommended Security Controls for Federal Information Systems June 2005 NIST SP 800-53A Rev 1
Recommended Security Controls for Federal Information Systems September 2002 NIST SP 800-53A Rev 2
Recommended Security Controls for Federal Information Systems June 2005 NIST SP 800-53A Rev 3
Border Gateway Protocol Security July 2007 NIST SP 800-54
Performance Measurement Guide for Information Security July 2008 NIST SP 800-55 Rev. 1
Security Metrics Guide for Information Technology Systems October 2002 NIST SP 800-55 Draft
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography March 2007 NIST SP 800-56 A
Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography December 2008 NIST SP 800-56 B
Recommendation for Key Management March 2007 NIST SP 800-57 Part 1
Recommendation for Key Management March 2007 NIST SP 800-57 Part 2
Recommendation for Key Management October 2008 NIST SP 800-57 Part 3 Draft
Security Considerations for Voice Over IP Systems January 2005 NIST SP 800-58
Guideline for Identifying an Information System as a National Security System August 2003 NIST SP 800-59
Guide for Mapping Types of Information and Information Systems to Security Categories August 2008 NIST SP 800-60 Vol 1
Guide for Mapping Types of Information and Information Systems to Security Categories August 2008 NIST SP 800-60 Vol 2
Document Title Reference # or Description
Computer Security Incident Handling Guide March 2008 NIST SP 800-61 Rev 1
Computer Security Incident Handling Guide September 2003 NIST SP 800-61 Draft
Electronic Authentication Guideline April 2006 NIST SP 800-63 Version 1.0.2
Electronic Authentication Guideline December 2008 NIST SP 800-63 Rev 1 Draft
Electronic Authentication Guideline December 2008 NIST SP 800-63 Rev 1
Security Considerations in the System Development Life Cycle October 2008 NIST SP 800-64 Rev 2
Integrating IT Security into the Capital Planning and Investment Control Process January 2005 NIST SP 800-65
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule October 2008 NIST SP 800-66 Rev 1
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher May 2008 NIST SP 800-67
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher March 2004 NIST SP 800-67 Draft
Guide to Securing Microsoft Windows XP Systems for IT Professionals October 2008 NIST SP 800-68 Rev 1
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist September 2006 NIST SP 800-69
Security Configuration Checklists Program for IT Products: Guidance for Checklists Users and Developer May 2005 NIST SP 800-70
National Checklist Program for IT Products--Guidelines for Checklist Users and Developers September 2008 NIST SP 800-70 Rev 1 Draft
Guidelines on PDA Forensics November 2004 NIST SP 800-72
Interfaces for Personal Identity Verification September 2008 NIST SP 800-73-2 Update and Changes
Interfaces for Personal Identity Verification - End-Point PIV Card Application Namespace, Data Model and Representation September 2008 NIST SP 800-73-2 Part 1
Interfaces for Personal Identity Verification - End-Point PIV Card Application Interface September 2008 NIST SP 800-73-2 Part 2
Interfaces for Personal Identity Verification - End-Point PIV Client Application Programming Interface September 2008 NIST SP 800-73-2 Part 3
Interfaces for Personal Identity Verification - The PIV Transitional Data Model and Interfaces September 2008 NIST SP 800-73-2 Part 4
Biometric Data Specification for Personal Identity Verification January 2007 NIST SP 800-76-1
Guide to IPsec VPNs December 2005 NIST SP 800-77
Cryptographic Algorithms and Key Sizes for Personal Identity Verification August 2007 NIST SP 800-78-1
Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's) June 2008 NIST SP 800-79-1
Document Title Reference # or Description
Secure Domain Name System (DNS) Deployment Guide May 2006 NIST SP 800-81
Secure Domain Name System (DNS) Deployment Guide February 2009 NIST SP 800-81 Rev 1 Draft
Guide to Industrial Control Systems (ICS) Security September 2008 NIST SP 800-82 Draft
Guide to Malware Incident Prevention and Handling November 2005 NIST SP 800-83
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities September 2006 NIST SP 800-84
PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-2 Compliance) March 2009 NIST SP 800-85 A-1 Overview of Changes
PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-2 Compliance) March 2009 NIST SP 800-85 A-1
PIV Data Model Test Guidelines July 2006 NIST SP 800-85 B
Guide to Integrating Forensic Techniques into Incident Response April 2006 NIST SP 800-86
Codes for Identification of Federal and Federally-Assisted Organizations April 2008 NIST SP 800-87 Rev 1
Guidelines for Media Sanitization September 2006 NIST SP 800-88
Recommendation for Obtaining Assurances for Digital Signature Applications November 2006 NIST SP 800-89
Guide to Integrating Forensic Techniques into Incident Response March 2007 NIST SP 800-90
Codes for Identification of Federal and Federally-Assisted Organizations September 2006 NIST SP 800-92
Guide to Intrusion Detection and Prevention Systems (IDPS) February 2007 NIST SP 800-94
Guide to Secure Web Services August 2007 NIST SP 800-95
PIV Card to Reader Interoperability Guidelines September 2006 NIST SP 800-96
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i February 2007 NIST SP 800-97
Guidelines for Securing Radio Frequency Identification (RFID) Systems April 2007 NIST SP 800-98
Document Title Reference # or Description
Information Security Handbook: A Guide for Managers October 2006 NIST SP 800-100
Guidelines on Cell Phone Forensics May 2007 NIST SP 800-101
Recommendation for Digital Signature Timeliness November 2008 NIST SP 800-102 Draft
An Ontology of Identity Credentials, Part I: Background and Formulation October 2006 NIST SP 800-103 Draft
A Scheme for PIV Visual Card Topography June 2007 NIST SP 800-104
Randomized Hashing for Digital Signatures February 2009 NIST SP 800-106
Recommendation for Applications Using Approved Hash Algorithms February 2009 NIST SP 800-107
Recommendation for Key Derivation Using Pseudorandom Functions November 2008 NIST SP 800-108
Guide to Storage Encryption Technologies for End User Devices November 2007 NIST SP 800-111
Guide to SSL VPNs July 2008 NIST SP 800-113
User's Guide to Securing External Devices for Telework and Remote Access November 2007 NIST SP 800-114
Technical Guide to Information Security Testing and Assessment September 2008 NIST SP 800-115
A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) November 2008 NIST SP 800-116
Guide to Adopting and Using the Security Content Automation Protocol (SCAP) May 2009 NIST SP 800-117 Draft
A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) April 2009 NIST SP 800-118 Draft
Recommendation for EAP Methods Used in Wireless Network Access Authentication December 2009 NIST SP 800-120 Draft
Recommendation for EAP Methods Used in Wireless Network Access Authentication December 2008 NIST SP 800-120 Draft Comments
Guide to Bluetooth Security September 2008 NIST SP 800-121
Recommendation for EAP Methods Used in Wireless Network Access Authentication January 2009 NIST SP 800-122 Draft
Guide to General Server Security July 2008 NIST SP 800-123
Guidelines on Cell Phone and PDA Security October 2008 NIST SP 800-124