The IT Law Wiki
Don't have an account?
Register
Register
in: Publication, Computing, Security

Changes: NIST Special Publications

Back to page
Edit
Tag: sourceedit
Tag: Source edit
 
(116 intermediate revisions by 2 users not shown)
Line 13: Line 13:
 
Publications in this series includes:
  
Publications in this series includes:
   
* [[NIST Special Publication 800-1]]: Bibliography of Selected Computer Security Publicatons, January 1980-October 1989 (Dec. 1990).
 +
* [[NIST Special Publication 800-213]]: (Draft) IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements.
* [[NIST Special Publication 800-2]]: Public Key Cryptography (Apr. 1991) ([http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA408338 full-text]).
 +
* [[NIST Special Publication 800-211]]: 2019 NIST/ITL Cybersecurity Program Annual Report (Aug. 2020).
* [[NIST Special Publication 800-3]]: Establishing a Computer Security Incident Response Capability (CSIRC) (Nov. 1991) ([http://www.terena.org/activities/tf-csirt/archive/800-3.pdf full-text]).
 +
* [[NIST Special Publication 800-203]]: 2017 NIST/ITL Cybersecurity Program Annual Report (July 2018).
  +
* [[NIST Special Publication 800-195]]: (Draft) 2016 NIST/ITL Cybersecurity Program Annual Report (Sept. 28, 2017).
* [[NIST Special Publication 800-4]]: Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiators, Contracting Officers, and Computer Security Officials (Mar. 1992) ([http://securityv.isu.edu/isl/800-4.html full-text]).
  
  +
* [[NIST Special Publication 800-193]]: (Draft) Platform Firmware Resiliency Guidelines (May 30, 2017).
* [[NIST Special Publication 800-4A]]: Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiators, Contracting Officers, and Computer Security Officials (Oct. 2002) ([ftp://ftp.aci.com.pl/pub/security/info/reference/nist/draft-special-publications/sp-800-4a-draft.pdf full-text]).
  
* [[NIST Special Publication 800-5]]: A Guide to Selection of Anti-Virus Tools and Techniques (Dec. 1992) ([http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA405145 full-text]).
 +
* [[NIST Special Publication 800-191]]: (Draft) The NIST Definition of Fog Computing (Aug. 21, 2017).
* [[NIST Special Publication 800-6]]: Automated Tools for Testing Computer System Vulnerability (Dec. 1992) ([http://niatec.info/GetFile.aspx?pid=368 full-text]).
 +
* [[NIST Special Publication 800-190]]: Application Container Security Guide (Sept. 2017).
* [[NIST Special Publication 800-7]]: Security in Open Systems (July 1994).
 +
* [[NIST Special Publication 800-188]]: (Draft) De-Identifying Government Datasets (Dec. 15, 2016).
* [[NIST Special Publication 800-8]]: Security Issues in the Database Language SQL (Aug. 1993).
 +
* [[NIST Special Publication 800-187]]: (Draft) Guide to LTE Security (Nov. 21, 2016).
* [[NIST Special Publication 800-9]]: Good Security Practices for Electronic Commerce, Including Electronic Data Interchange (Dec. 1993).
 +
* [[NIST Special Publication 800-184]]: (Draft) Guide for Cybersecurity Event Recovery (Dec. 22, 2016).
* [[NIST Special Publication 800-10]]: Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (Dec. 1994).
 +
* [[NIST Special Publication 800-183]]: Networks of "Things" (July 28, 2016).
* [[NIST Special Publication 800-11]]: The Impact of the FCC’s Open Network Architecture on NS/EP Telecommunications Security (Feb. 1995).
 +
* [[NIST Special Publication 800-182]]: Computer Security Division 2015 Annual Report (Aug. 10, 2016) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-182.pdf full-text]).
* [[NIST Special Publication 800-12]]: An Introduction to Computer Security: The NIST Handbook (Oct. 1995) ([http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf full-text]).
 +
* [[NIST Special Publication 800-181]]: NICE Cybersecurity Workforce Framework (Aug. 2017) ([https://csrc.nist.gov/publications/detail/sp/800-181/final full-text]).
* [[NIST Special Publication 800-13]]: Telecommunications Security Guidelines for Telecommunications Management Network (Oct. 1995) ([http://csrc.nist.gov/publications/nistpubs/800-13/sp800-13.pdf full-text]).
 +
* [[NIST Special Publication 800-180]]: (Draft) NIST Definition of Microservices, Application Containers and System Virtual Machines (Feb. 18, 2016) ([http://csrc.nist.gov/publications/drafts/800-180/sp800-180_draft.pdf full-text]).
* [[NIST Special Publication 800-14]]: Generally Accepted Principles and Practices for Securing Information Technology Systems (Sept. 1996) ([http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf full-text]).
 +
* [[NIST Special Publication 800-177]]: (Draft) Trustworthy Email, Rev. 1 (Sept. 13, 2017) ([https://csrc.nist.gov/publications/detail/sp/800-177/rev-1/draft full-text]).
* [[NIST Special Publication 800-16]]: Information Technology Security Training Requirements: A Role- and Performance-Based Model (Apr. 1998) ([http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf full-text]).
 +
* [[NIST Special Publication 800-176]]: 2014 Computer Security Division Annual Report (Aug. 2015) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-176.pdf full-text]).
* [[NIST Special Publication 800-16 (Rev. 1)]] (Third Draft): A Role-Based Model for Federal Information Technology/Cyber Security Training (Mar. 14, 2014) ([http://csrc.nist.gov/publications/drafts/800-16-rev1/sp800_16_rev1_3rd-draft.pdf full-text]).
+
* [[NIST Special Publications 800-172]]: (Final Public Draft) Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (July 6, 2020) ([https://csrc.nist.gov/publications/detail/sp/800-172/draft full-text]).
* [[NIST Special Publication 800-18]]: Guide for Developing Security Plans for Federal Information Systems (GSSP) (Rev. 1) (Feb. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf full-text]).
 +
* [[NIST Special Publication 800-171B]]: (Draft) Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets (June 2019) ([https://csrc.nist.gov/CSRC/media/Publications/sp/800-171b/draft/documents/sp800-171B-draft-ipd.pdf full-text]).
* [[NIST Special Publication 800-19]]: Mobile Agent Security (Aug. 1999) ([http://csrc.nist.gov/publications/nistpubs/800-19/sp800-19.pdf full-text]).
 +
* [[NIST Special Publication 800-171A]]: (Draft) Assessing Security Requirements for Controlled Unclassified Information (Nov. 28, 2017) ([https://csrc.nist.gov/publications/detail/sp/800-171a/draft full-text]).
* [[NIST Special Publication 800-21]]: Guideline for Implementing Cryptography in the Federal Government (2d ed. Dec. 2005) ([http://csrc.nist.gov/publications/nistpubs/800-21-1/sp800-21-1_Dec2005.pdf full-text]).
 +
* [[NIST Special Publication 800-171]], Rev. 1: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (Dec. 2016) (updated 02/20/2018) ([http://doi.org/10.6028/NIST.SP.800-171r1 full-text]).
* [[NIST Special Publication 800-23]]: Guidelines to Federal Organizations on Security Assurance & Acquisition/Use of Tested/Evaluated Products (Aug. 2000). ([http://csrc.nist.gov/publications/nistpubs/800-23/sp800-23.pdf full-text]0.
  
* [[NIST Special Publication 800-25]]: Federal Agency Use of Public Key Technology for Digital Signatures and Authentication (Sept. 2000) ([http://csrc.nist.gov/publications/nistpubs/800-25/sp800-25.pdf full-text]).
  
* [[NIST Special Publication 800-26]]: Security Self-Assessment Guide for Information Technology Systems (Nov. 2001) ([http://infohost.nmt.edu/~sfs/Regs/sp800-26.pdf full-text]).
  
* [[NIST Special Publication 800-27 Rev A]]: Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A (June 2004) ([http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf full-text]).
  
* [[NIST Special Publication 800-27A]]: Engineering Principles for Information Technology Security (A Baseline for Achieving Security) (June 2004) ([http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf full-text]).
  
* [[NIST Special Publication 800-28]]: Guidelines on Active Content and Mobile Code (ver. 2) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-28-ver2/SP800-28v2.pdf full-text]).
  
* [[NIST Special Publication 800-30]]: Risk Management Guide for Information Technology Systems (July 2002) ([http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf full-text]).
  
* [[NIST Special Publication 800-30, Rev. 1]]: Guide for Conducting Risk Assessments (Sept. 2012) ([http://csrc.nist.gov/publications/drafts/800-30-rev1/SP800-30-Rev1-ipd.pdf full-text]).
  
* [[NIST Special Publication 800-31]], Intrusion Detection Systems (Nov. 2001) ([http://www.everyspec.com/NIST/NIST+(General)/download.php?spec=SP_800-31.030152.pdf full-text]).
  
* [[NIST Special Publication 800-32]]: Introduction to Public Key Technology and the Federal PKI Infrastructure (Feb. 26, 2001) ([http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf full-text]).
  
* [[NIST Special Publication 800-33]]: Underlying Technical Models for Information Technology Security (Dec. 2001) ([http://csrc.nist.gov/publications/nistpubs/800-33/sp800-33.pdf full-text]).
  
* [[NIST Special Publication 800-34]]: Contingency Planning Guide for Federal Information Systems (Rev. 1) (May 2010) ([http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1.pdf full-text]).
  
* [[NIST Special Publication 800-35]]: Guide to Information Technology Security Services (Oct. 2003) ([http://csrc.nist.gov/publications/nistpubs/800-35/NIST-SP800-35.pdf full-text]).
  
* [[NIST Special Publication 800-36]]: Guide to Selecting Information Technology Security Products (Oct. 2003) ([http://www.csrc.nist.gov/publications/nistpubs/800-36/NIST-SP800-36.pdf full-text]).
  
* [[NIST Special Publication 800-37]]: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (Rev. 1) (Feb. 2010) ([http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf full-text]).
  
* [[NIST Special Publication 800-38A]]: Recommendation for Block Cipher Modes of Operation Methods and Techniques (2001 ed.) ([http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf full-text]).
  
* [[NIST Special Publication 800-39]]: Managing Information Security Risk: Organization, Mission, and Information System View (Dec. 14, 2010) ([http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf full-text]).
  
* [[NIST Special Publication 800-40]]: Guide to Enterprise Patch Management Technologies (Draft) (Rev. 3) (Sept. 2012) ([http://csrc.nist.gov/publications/drafts/800-40/draft-sp800-40rev3.pdf full-text]).
  
* [[NIST Special Publication 800-41]]: Guidelines on Firewalls and Firewall Policy (Rev. 1) (Sept. 2009) ([http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf full-text]).
  
* [[NIST Special Publication 800-44]]: Guidelines on Securing Public Web Servers (Sept. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf full-text]).
  
* [[NIST Special Publication 800-45]]: Guidelines on Electronic Mail Security (Ver. 2) (Feb. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf full-text]).
  
* [[NIST Special Publication 800-46]]: Guide to Enterprise Telework and Remote Access Security (June 2009) ([http://csrc.nist.gov/publications/nistpubs/800-46-rev1/sp800-46r1.pdf full-text]).
  
* [[NIST Special Publication 800-47]]: Security Guide for Interconnecting Information Technology Systems (Aug. 2002) ([http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf full-text]).
  
* [[NIST Special Publication 800-48]]: Guide to Securing Legacy IEEE 802.11 Wireless Networks (July 2008) ([http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf full-text]).
  
* [[NIST Special Publication 800-49]]: Federal S/MIME V3 Client Profile (Nov. 2002) ([http://csrc.nist.gov/publications/nistpubs/800-49/sp800-49.pdf full-text]).
  
* [[NIST Special Publication 800-50]], Building Information Technology Security Awareness and Training Program (Oct. 2003) ([http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf full-text]).
  
* [[NIST Special Publication 800-53]]: Security and Privacy Controls for Federal Information Systems and Organizations (Rev. 4) (Apr. 2013) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf full-text]).
  
* [[NIST Special Publications 800-53, Appendix J]]: Privacy Control Catalog (Draft) (July 19, 2011) ([http://csrc.nist.gov/publications/drafts/800-53-Appdendix-J/IPDraft_800-53-privacy-appendix-J.pdf full-text]).
  
* [[NIST Special Publication 800-53A]]: Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (Rev. 1) (Jun. 2010) ([http://csrc.nist.gov/publications/nistpubs/800-53A-rev1/sp800-53A-rev1-final.pdf full-text]).
  
* [[NIST Special Publication 800-55]]: Security Metrics Guide for Information Technology System (July 2003) ([http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf full-text]).
  
* [[NIST Special Publication 800-57]]: Recommendation for Key Management (Mar. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf full-text]).
  
* [[NIST Special Publication 800-58]]: Security Considerations for Voice Over IP Systems (Jan. 2005) ([http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf full-text]).
  
* [[NIST Special Publication 800-59]]: Guideline for Identifying an Information System as a National Security System (Aug. 2003) ([http://csrc.nist.gov/publications/nistpubs/800-59/SP800-59.pdf full-text]).
  
* [[NIST Special Publication 800-60]]: Guide for Mapping Types of Information and Information Systems to Security Categories (Aug. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-60-Rev1/SP800-60_Vol1-Rev1.pdf full-text]).
  
* [[NIST Special Publication 800-61]]: Computer Security Incident Handling Guide (rev. 1) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf full-text]); (rev. 2) (Jan. 2012) ([http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf full-text]).
  
* [[NIST Special Publication 800-63]]: Electronic Authentication Guideline (Apr. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf full-text]).
  
* [[NIST Special Publications 800-63-2]]: DRAFT Electronic Authentication Guideline (Feb. 1, 2013) ([http://csrc.nist.gov/publications/drafts/800-63-2/sp800_63_2_draft.pdf full-text]).
  
* [[NIST Special Publication 800-64]]: Security Considerations in the Information System Development Life Cycle {Rev. 2) (Oct. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf full-text]).
  
* [[NIST Special Publication 800-65]]: Recommendations for Integrating Information Security into the Capital Planning and Investment Control Process (CPIC) (Ver. 1) (Jan. 2005) ([http://csrc.nist.gov/publications/nistpubs/800-65/SP-800-65-Final.pdf full-text]).
  
* [[NIST Special Publication 800-66]]: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (Oct. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf full-text]).
 
* [[NIST Special Publication 800-67]]: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher (Ver. 1.1) (May 19, 2008) ([http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf full-text]).
  
* [[NIST Special Publication 800-69]]: Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist (Sept. 2006) ([http://csrc.nist.gov/itsec/SP800-69.pdf full-text]).
  
* [[NIST Special Publication 800-70]], Rev. 3: (DRAFT) National Checklist Program for IT Products—Guidelines for Checklist Users and Developers (Mar. 26, 2015) ([http://csrc.nist.gov/publications/drafts/800-70/sp800-70r3_draft.pdf full-text]).
  
* [[NIST Special Publication 800-72]]: Guidelines on PDA Forensics (Nov. 2004) ([http://csrc.nist.gov/publications/nistpubs/800-72/sp800-72.pdf full-text]).
  
* [[NIST Special Publication 800-73-4]]: Interfaces for Personal Identity Verification – Part 1: End-Point PIV Card Application Namespace, Data Model and Representation (May 13, 2013) ([http://csrc.nist.gov/publications/drafts/800-73-4/sp800_73-4_pt1_draft.pdf full-text]); Part 2: PIV Card Application Card Command Interface (May 13, 2013) ([http://csrc.nist.gov/publications/drafts/800-73-4/sp800_73-4_pt2_draft.pdf full-text]); Part 3: PIV Client Application Programming Interface (May 13, 2013) ([http://csrc.nist.gov/publications/drafts/800-73-4/sp800_73-4_pt3_draft.pdf full-text]).
  
* [[NIST Special Publications 800-76-2]]: (Draft) Biometric Data Specification for Personal Identity Verification (Apr. 11, 2011) ([http://csrc.nist.gov/publications/drafts/800-76-2/Draft_SP800-76-2.pdf full-text]).
  
* [[NIST Special Publication 800-77]]: Guide to IPsec VPNs (Dec. 2005) ([http://csrc.nist.gov/publications/nistpubs/800-77/sp800-77.pdf‎ full-text]).
 
* [[NIST Special Publications 800-81]]: Secure Domain Name System (DNS) Deployment Guide (Rev. 2) (Sept. 18, 2013) ([http://www.nist.gov/customcf/get_pdf.cfm?pub_id=914217 full-text]).
  
* [[NIST Special Publication 800-82]], Rev. 2: {Draft) Guide to Industrial Control Systems (ICS) Security (Feb. 9, 2015) ([http://csrc.nist.gov/publications/drafts/800-82r2/sp800_82_r2_second_draft.pdf full-text]).
  
* [[NIST Special Publication 800-83]], Rev. 1: Guide to Malware Incident Prevention and Handling for Desktops and Laptops (July 2013) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-83r1.pdf full-text]).
  
* [[NIST Special Publication 800-84]]: Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities (Sept. 2006) ([http://csrc.nist.gov/publications/PubsSPs.html#800-84 full-text]).
  
* [[NIST Special Publication 800-86]]: Guide to Integrating Forensic Techniques into Incident Response (Aug. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf full-text]).
  
* [[NIST Special Publication 800-88]] (Rev. 1): Guidelines for Media Sanitization (Sept. 6, 2012) ([http://csrc.nist.gov/publications/drafts/800-88-rev1/sp800_88_r1_draft.pdf full-text]).
  
* [[NIST Special Publication 800-90]]: Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Mar. 2007 rev.).([http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf full-text]).
  
* [[NIST Special Publication 800-90A]]: Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Rev. 1) (June 25, 2015).([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf full-text]).
 
* [[NIST Special Publication 800-92]]: Guide to Computer Security Log Management (Sept. 2006) ([http://csrc.nist.gov/publications/PubsSPs.html#800-92 full-text]).
  
* [[NIST Special Publication 800-94]]: Guide to Intrusion Detection and Prevention Systems (Feb. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf full-text]); (Rev. 1) (July 25, 2012) ([http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf full-text]).
  
* [[NIST Special Publication 800-95]]: Guide to Secure Web Services (Aug. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf full-text]).
  
* [[NIST Special Publication 800-97]]: Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i (Feb. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf full-text]).
  
* [[NIST Special Publication 800-98]]: Guidelines for Securing Radio Frequency Identification (RFID) Systems (Apr. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf full-text]).
  
* [[NIST Special Publication 800-100]], Information Security Handbook: A Guide for Managers (Oct. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf full-text]).
  
* [[NIST Special Publication 800-101]]: Guidelines on Cell Phone Forensics (May 2007) ([http://csrc.nist.gov/publications/nistpubs/800-101/SP800-101.pdf full-text]).
  
* [[NIST Special Publication 800-111]]: Guide to Storage Encryption Technologies for End User Devices (Nov. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf full-text]).
  
* [[NIST Special Publication 800-114]]: User’s Guide to Securing External Devices for Telework and Remote Access (Nov. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-114/SP800-114.pdf full-text]).
  
* [[NIST Special Publication 800-115]]: Technical Guide to Information Security Testing and Assessment (Sept. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf full-text]).
  
* [[NIST Special Publication 800-116]]: A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) (Nov. 2008) ([http://www.nist.gov/manuscript-publication-search.cfm?pub_id=900924 full-text]).
  
* [[NIST Special Publication 800-118]]: Guide to Enterprise Password Management (Draft) (Apr. 2009) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-118 full-text]).
  
* [[NIST Special Publication 800-121]]: Guide to Bluetooth Security (Sept. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf full-text]); (Rev. 1) (June 2012) ([http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf full-text]).
  
* [[NIST Special Publication 800-122]]: Guide to Protecting the Confidentiality of Personally Identifiable Information (April 2010) ([http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf full-text]).
  
* [[NIST Special Publication 800-123]]: Guide to General Server Security (July 2008) ([http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf full-text]).
  
* [[NIST Special Publication 800-124]]: Guidelines on Cell Phone and PDA Security (Oct. 2008) ([http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890048 full-text]) (superseded by [[NIST Special Publication 800-124r1]]).
  
* [[NIST Special Publication 800-124r1]]: Guidelines for Managing the Security of Mobile Devices in the Enterprise (June 2013) ([http://csrc.nist.gov/publications/PubsSPs.html#800-124 full-text]).
  
* [[NIST Special Publication 800-125]]: Guide to Security for Full Virtualization Technologies (Jan. 2011) ([http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf full-text]).
  
* [[NIST Special Publication 800-127]]: Guide to Securing WiMAX Wireless Communications (Sept. 2010) ([http://csrc.nist.gov/publications/nistpubs/800-127/sp800-127.pdf full-text]).
 
* [[NIST Special Publication 800-128]]: Guide for Security Configuration Management of Information Systems (Initial Public Draft) (Mar. 2010) ([http://csrc.nist.gov/publications/drafts/800-128/draft_sp800-128-ipd.pdf full-text]).
  
* [[NIST Special Publication 800-130]]: (Draft) A Framework for Designing Cryptographic Key Management Systems (June 16, 2010) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-130 full-text]).
  
* [[NIST Special Publication 800-131A]]: (Draft) Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (Jan. 2011) ([http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf full-text]).
  
* [[NIST Special Publication 800-137]]: Information Security Continuous Monitoring for Federal Information Systems and Organizations (Sept. 2011) ([http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf full-text]).
  
* [[NIST Special Publication 800-144]]: Guidelines on Security and Privacy in Public Cloud Computing (Dec. 2011) ([http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909494 full-text]).
  
* [[NIST Special Publication 800-145]]: (Draft) A NIST Definition of Cloud Computing (Sept. 2011) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-145 full-text]).
  
* [[NIST Special Publication 800-146]]: Cloud Computing Synopsis and Recommendations (May 2012) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-146 full-text]).
  
* [[NIST Special Publication 800-147]]: Basic Input/Output System (BIOS) Protection Guidelines (Apr. 2011) ([http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf full-text]).
  
* [[NIST Special Publication 800-147B]]: BIOS Protection Guidelines for Servers (July 30, 2012) ([http://csrc.nist.gov/publications/drafts/800-147b/draft-sp800-147b_july2012.pdf full-text]).
  
* [[NIST Special Publication 800-150]]: Guide to Cyber Threat Information Sharing (Oct. 29, 2014) ([http://csrc.nist.gov/publications/drafts/800-150/sp800_150_draft.pdf full-text]).
  
* [[NIST Special Publication 800-152]]: (DRAFT) A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS) (Third Draft) (Dec. 18, 2014) ([http://csrc.nist.gov/publications/drafts/800-152/sp800-152_third_draft.pdf full-text]).
  
* [[NIST Special Publication 800-153]]: Guidelines for Securing Wireless Local Area Networks (WLANs) (Feb. 2012) ([http://csrc.nist.gov/publications/nistpubs/800-153/sp800-153.pdf full-text]).
  
* [[NIST Special Publication 800-155]]: (DRAFT) BIOS Integrity Measurement Guidelines (Dec. 8, 2011) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-155 full-text]).
  
* [[NIST Special Publication 800-160]]: (DRAFT) Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems (May 2014) ([http://csrc.nist.gov/publications/drafts/800-160/sp800_160_draft.pdf full-text]).
  
* [[NIST Special Publication 800-161]]: Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Apr. 2015).([http://csrc.nist.gov/publications/drafts/800-161/sp800_161_2nd_draft.pdf full-text]).
  
* [[NIST Special Publication 800-162]]: (DRAFT) Guide to Attribute Based Access Control (ABAC) Definition and Considerations (Apr. 22, 2013)([http://csrc.nist.gov/publications/drafts/800-162/sp800_162_draft.pdf full-text]).
  
* [[NIST Special Publication 163]] Vetting the Security of Mobile Applications (Jan. 2015).
  
* [[NIST Special Publication 800-164]]: (DRAFT) Guidelines on Hardware-Rooted Security in Mobile Devices (Oct. 31, 2012) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-164 full-text]).
  
* [[NIST Special Publication 800-165]]: 2012 Computer Security Division Annual Report (June 2013) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-165.pdf full-text]).
  
* [[NIST Special Publication 800-168]]: Approximate Matching: Definition and Terminology (May 2014) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-168.pdf full-text]).
  
 
* [[NIST Special Publication 800-170]]: Computer Security Division 2013 Annual Report (June 2014) ([http://csrc.nist.gov/publications/nistpubs/800-170/sp800_170_PRE-publication_waiting-for-final-from-gdesigner.pdf full-text]).
  
* [[NIST Special Publication 800-170]]: Computer Security Division 2013 Annual Report (June 2014) ([http://csrc.nist.gov/publications/nistpubs/800-170/sp800_170_PRE-publication_waiting-for-final-from-gdesigner.pdf full-text]).
* [[NIST Special Publication SP 800-171]]: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (June 25, 2015) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf full-text]).
 +
* [[NIST Special Publication 800-168]]: Approximate Matching: Definition and Terminology (May 2014) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-168.pdf full-text]).
  +
* [[NIST Special Publication 800-167]]: Guide to Application Whitelisting (Oct. 2015) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-167.pdf full-text]).
  +
* [[NIST Special Publication 800-165]]: 2012 Computer Security Division Annual Report (June 2013) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-165.pdf full-text]).
  +
* [[NIST Special Publication 800-164]]: (DRAFT) Guidelines on Hardware-Rooted Security in Mobile Devices (Oct. 31, 2012) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-164 full-text]).
  +
* [[NIST Special Publication 800-163]]: Vetting the Security of Mobile Applications (Jan. 2015) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-163.pdf full-text]).
  +
* [[NIST Special Publication 800-162]]: (DRAFT) Guide to Attribute Based Access Control (ABAC) Definition and Considerations (Apr. 22, 2013) ([http://csrc.nist.gov/publications/drafts/800-162/sp800_162_draft.pdf full-text]).
  +
* [[NIST Special Publication 800-161]]: Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Apr. 2015) ([http://csrc.nist.gov/publications/drafts/800-161/sp800_161_2nd_draft.pdf full-text]).
  +
* [[NIST Special Publication 800-160]]: Systems Security Engineering Guideline: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (Nov. 2016) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf full-text]).
  +
* [[NIST Special Publication 800-155]]: (DRAFT) BIOS Integrity Measurement Guidelines (Dec. 8, 2011) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-155 full-text]).
  +
* [[NIST Special Publication 800-153]]: Guidelines for Securing Wireless Local Area Networks (WLANs) (Feb. 2012) ([http://csrc.nist.gov/publications/nistpubs/800-153/sp800-153.pdf full-text]).
  +
* [[NIST Special Publication 800-152]]: A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS) (Oct. 2015) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-152.pdf full-text]).
  +
* [[NIST Special Publication 800-150]]: (Second Draft) Guide to Cyber Threat Information Sharing (Apr. 21, 2016) ([http://csrc.nist.gov/publications/drafts/800-150/sp800_150_second_draft.pdf full-text]).
  +
* [[NIST Special Publication 800-147B]]: BIOS Protection Guidelines for Servers (July 30, 2012) ([http://csrc.nist.gov/publications/drafts/800-147b/draft-sp800-147b_july2012.pdf full-text]).
  +
* [[NIST Special Publication 800-147]]: Basic Input/Output System (BIOS) Protection Guidelines (Apr. 2011) ([http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf full-text]).
  +
* [[NIST Special Publication 800-146]]: Cloud Computing Synopsis and Recommendations (May 2012) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-146 full-text]).
  +
* [[NIST Special Publication 800-145]]: (Draft) A NIST Definition of Cloud Computing (Sept. 2011) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-145 full-text]).
  +
* [[NIST Special Publication 800-144]]: Guidelines on Security and Privacy in Public Cloud Computing (Dec. 2011) ([http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909494 full-text]).
  +
* [[NIST Special Publication 800-137]]: Information Security Continuous Monitoring for Federal Information Systems and Organizations (Sept. 2011) ([http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf full-text]).
  +
* [[NIST Special Publication 800-131A]], Rev.1: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (Nov. 2015) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf full-text]).
  +
* [[NIST Special Publication 800-130]]: (Draft) A Framework for Designing Cryptographic Key Management Systems (June 16, 2010) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-130 full-text]).
  +
* [[NIST Special Publication 800-128]]: Guide for Security Configuration Management of Information Systems (Initial Public Draft) (Mar. 2010) ([http://csrc.nist.gov/publications/drafts/800-128/draft_sp800-128-ipd.pdf full-text]).
  +
* [[NIST Special Publication 800-127]]: Guide to Securing WiMAX Wireless Communications (Sept. 2010) ([http://csrc.nist.gov/publications/nistpubs/800-127/sp800-127.pdf full-text]).
  +
* [[NIST Special Publication 800-125]]: Guide to Security for Full Virtualization Technologies (Jan. 2011) ([http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf full-text]).
  +
* [[NIST Special Publication 800-124r1]]: Guidelines for Managing the Security of Mobile Devices in the Enterprise (June 2013) ([http://csrc.nist.gov/publications/PubsSPs.html#800-124 full-text]).
  +
* [[NIST Special Publication 800-124]]: Guidelines on Cell Phone and PDA Security (Oct. 2008) ([http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890048 full-text]) (superseded by [[NIST Special Publication 800-124r1]]).
  +
* [[NIST Special Publication 800-123]]: Guide to General Server Security (July 2008) ([http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf full-text]).
  +
* [[NIST Special Publication 800-122]]: Guide to Protecting the Confidentiality of Personally Identifiable Information (April 2010) ([http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf full-text]).
  +
* [[NIST Special Publication 800-121]]: Guide to Bluetooth Security (Sept. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf full-text]); (Rev. 1) (June 2012) ([http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf full-text]).
  +
* [[NIST Special Publication 800-118]]: Guide to Enterprise Password Management (Draft) (Apr. 2009) ([http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-118 full-text]).
  +
* [[NIST Special Publication 800-116]]: A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) (Nov. 2008) ([http://www.nist.gov/manuscript-publication-search.cfm?pub_id=900924 full-text]).
  +
* [[NIST Special Publication 800-115]]: Technical Guide to Information Security Testing and Assessment (Sept. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf full-text]).
  +
* [[NIST Special Publication 800-114]]: User's Guide to Securing External Devices for Telework and Remote Access (Nov. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-114/SP800-114.pdf full-text]).
  +
* [[NIST Special Publication 800-111]]: Guide to Storage Encryption Technologies for End User Devices (Nov. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf full-text]).
  +
* [[NIST Special Publication 800-101, Rev. 1]]: Guidelines on Cell Phone Forensics (May 2014) ([https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-101r1.pdf full-text]).
  +
* [[NIST Special Publication 800-101]]: Guidelines on Cell Phone Forensics (May 2007) ([http://csrc.nist.gov/publications/nistpubs/800-101/SP800-101.pdf full-text]).
  +
* [[NIST Special Publication 800-100]], Information Security Handbook: A Guide for Managers (Oct. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf full-text]).
  +
* [[NIST Special Publication 800-98]]: Guidelines for Securing Radio Frequency Identification (RFID) Systems (Apr. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf full-text]).
  +
* [[NIST Special Publication 800-97]]: Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i (Feb. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf full-text]).
  +
* [[NIST Special Publication 800-95]]: Guide to Secure Web Services (Aug. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf full-text]).
  +
* [[NIST Special Publication 800-94]]: Guide to Intrusion Detection and Prevention Systems (Feb. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf full-text]); (Rev. 1) (July 25, 2012) ([http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf full-text]).
  +
* [[NIST Special Publication 800-92]]: Guide to Computer Security Log Management (Sept. 2006) ([http://csrc.nist.gov/publications/PubsSPs.html#800-92 full-text]).
  +
* [[NIST Special Publication 800-90A]]: Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Rev. 1) (June 25, 2015).([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf full-text]).
  +
* [[NIST Special Publication 800-90]]: Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Mar. 2007 rev.).([http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf full-text]).
  +
* [[NIST Special Publication 800-88]] (Rev. 1): Guidelines for Media Sanitization (Dec. 2014) ([https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf full-text]).
  +
* [[NIST Special Publication 800-86]]: Guide to Integrating Forensic Techniques into Incident Response (Aug. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf full-text]).
  +
* [[NIST Special Publication 800-84]]: Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities (Sept. 2006) ([http://csrc.nist.gov/publications/PubsSPs.html#800-84 full-text]).
  +
* [[NIST Special Publication 800-83]], Rev. 1: Guide to Malware Incident Prevention and Handling for Desktops and Laptops (July 2013) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-83r1.pdf full-text]).
  +
* [[NIST Special Publication 800-82]], Rev. 2: {Draft) Guide to Industrial Control Systems (ICS) Security (Feb. 9, 2015) ([http://csrc.nist.gov/publications/drafts/800-82r2/sp800_82_r2_second_draft.pdf full-text]).
  +
* [[NIST Special Publications 800-81]]: Secure Domain Name System (DNS) Deployment Guide (Rev. 2) (Sept. 18, 2013) ([http://www.nist.gov/customcf/get_pdf.cfm?pub_id=914217 full-text]).
  +
* [[NIST Special Publication 800-77]]: Guide to IPsec VPNs (Dec. 2005) ([http://csrc.nist.gov/publications/nistpubs/800-77/sp800-77.pdf‎ full-text]).
  +
* [[NIST Special Publications 800-76-2]]: (Draft) Biometric Data Specification for Personal Identity Verification (Apr. 11, 2011) ([http://csrc.nist.gov/publications/drafts/800-76-2/Draft_SP800-76-2.pdf full-text]).
  +
* [[NIST Special Publication 800-73-4]]: Interfaces for Personal Identity Verification – Part 1: End-Point PIV Card Application Namespace, Data Model and Representation (May 13, 2013) ([http://csrc.nist.gov/publications/drafts/800-73-4/sp800_73-4_pt1_draft.pdf full-text]); Part 2: PIV Card Application Card Command Interface (May 13, 2013) ([http://csrc.nist.gov/publications/drafts/800-73-4/sp800_73-4_pt2_draft.pdf full-text]); Part 3: PIV Client Application Programming Interface (May 13, 2013) ([http://csrc.nist.gov/publications/drafts/800-73-4/sp800_73-4_pt3_draft.pdf full-text]).
  +
* [[NIST Special Publication 800-72]]: Guidelines on PDA Forensics (Nov. 2004) ([http://csrc.nist.gov/publications/nistpubs/800-72/sp800-72.pdf full-text]).
  +
* [[NIST Special Publication 800-70]], Rev. 3: (DRAFT) National Checklist Program for IT Products—Guidelines for Checklist Users and Developers (Mar. 26, 2015) ([http://csrc.nist.gov/publications/drafts/800-70/sp800-70r3_draft.pdf full-text]).
  +
* [[NIST Special Publication 800-69]]: Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist (Sept. 2006) ([http://csrc.nist.gov/itsec/SP800-69.pdf full-text]).
  +
* [[NIST Special Publication 800-67]]: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher (Ver. 1.1) (May 19, 2008) ([http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf full-text]).
  +
* [[NIST Special Publication 800-66]]: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (Oct. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf full-text]).
  +
* [[NIST Special Publication 800-65]]: Recommendations for Integrating Information Security into the Capital Planning and Investment Control Process (CPIC) (Ver. 1) (Jan. 2005) ([http://csrc.nist.gov/publications/nistpubs/800-65/SP-800-65-Final.pdf full-text]).
  +
* [[NIST Special Publication 800-64]]: Security Considerations in the Information System Development Life Cycle {Rev. 2) (Oct. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf full-text]).
  +
* [[NIST Special Publications 800-63-B]]: Digital Identity Guidelines: Authentication and Lifecycle Management (Nov. 17, 2020) ([https://pages.nist.gov/800-63-3/sp800-63b.html full-text]).
  +
* [[NIST Special Publications 800-63-2]]: (DRAFT) Electronic Authentication Guideline (Feb. 1, 2013) ([http://csrc.nist.gov/publications/drafts/800-63-2/sp800_63_2_draft.pdf full-text]).
  +
* [[NIST Special Publication 800-63]]: Electronic Authentication Guideline (Apr. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf full-text]).
  +
* [[NIST Special Publication 800-61]]: Computer Security Incident Handling Guide (rev. 1) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf full-text]); (rev. 2) (Jan. 2012) ([http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf full-text]).
  +
* [[NIST Special Publication 800-60]]: Guide for Mapping Types of Information and Information Systems to Security Categories (Aug. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-60-Rev1/SP800-60_Vol1-Rev1.pdf full-text]).
  +
* [[NIST Special Publication 800-59]]: Guideline for Identifying an Information System as a National Security System (Aug. 2003) ([http://csrc.nist.gov/publications/nistpubs/800-59/SP800-59.pdf full-text]).
  +
* [[NIST Special Publication 800-58]]: Security Considerations for Voice Over IP Systems (Jan. 2005) ([http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf full-text]).
  +
* [[NIST Special Publication 800-57]]: Recommendation for Key Management (Mar. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf full-text]).
  +
* [[NIST Special Publication 800-55]]: Security Metrics Guide for Information Technology System (July 2003) ([http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf full-text]).
  +
* [[NIST Special Publication 800-53A]]: Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (Rev. 1) (Jun. 2010) ([http://csrc.nist.gov/publications/nistpubs/800-53A-rev1/sp800-53A-rev1-final.pdf full-text]).
  +
* [[NIST Special Publications 800-53, Appendix J]]: Privacy Control Catalog (Draft) (July 19, 2011) ([http://csrc.nist.gov/publications/drafts/800-53-Appdendix-J/IPDraft_800-53-privacy-appendix-J.pdf full-text]).
  +
* [[NIST Special Publication 800-53]]: Security and Privacy Controls for Federal Information Systems and Organizations (Rev. 5) (Aug. 2017)
  +
* [[NIST Special Publication 800-53]]: Security and Privacy Controls for Federal Information Systems and Organizations (Rev. 4) (Apr. 2013) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf full-text]).
  +
* [[NIST Special Publication 800-50]], Building Information Technology Security Awareness and Training Program (Oct. 2003) ([http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf full-text]).
  +
* [[NIST Special Publication 800-49]]: Federal S/MIME V3 Client Profile (Nov. 2002) ([http://csrc.nist.gov/publications/nistpubs/800-49/sp800-49.pdf full-text]).
  +
* [[NIST Special Publication 800-48]]: Guide to Securing Legacy IEEE 802.11 Wireless Networks (July 2008) ([http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf full-text]).
  +
* [[NIST Special Publication 800-47]]: Security Guide for Interconnecting Information Technology Systems (Aug. 2002) ([http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf full-text]).
  +
* [[NIST Special Publication 800-46]], Rev. 2: Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (July 16, 2016) ([https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-46r2.pdf full-text]).
  +
* [[NIST Special Publication 800-46]], Rev. 1: Guide to Enterprise Telework and Remote Access Security (June 16, 2009) ([http://csrc.nist.gov/publications/nistpubs/800-46-rev1/sp800-46r1.pdf full-text]).
  +
* [[NIST Special Publication 800-45]]: Guidelines on Electronic Mail Security (Ver. 2) (Feb. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf full-text]).
  +
* [[NIST Special Publication 800-44]]: Guidelines on Securing Public Web Servers (Sept. 2007) ([http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf full-text]).
  +
* [[NIST Special Publication 800-41]]: Guidelines on Firewalls and Firewall Policy (Rev. 1) (Sept. 2009) ([http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf full-text]).
  +
* [[NIST Special Publication 800-40]]: Guide to Enterprise Patch Management Technologies (Draft) (Rev. 3) (Sept. 2012) ([http://csrc.nist.gov/publications/drafts/800-40/draft-sp800-40rev3.pdf full-text]).
  +
* [[NIST Special Publication 800-39]]: Managing Information Security Risk: Organization, Mission, and Information System View (Dec. 14, 2010) ([http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf full-text]).
  +
* [[NIST Special Publication 800-38A]]: Recommendation for Block Cipher Modes of Operation Methods and Techniques (2001 ed.) ([http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf full-text]).
  +
* [[NIST Special Publication 800-37, Rev. 2]]: (Draft) Risk Management Framework for Information Systems and Organizations A System Life Cycle Approach for Security and Privacy (Sept. 2017) ([https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/draft full-text]).
  +
* [[NIST Special Publication 800-37]]: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (Rev. 1) (June 5, 2014) ([http://dx.doi.org/10.6028/NIST.SP.800-37r1 full-text]).
  +
* [[NIST Special Publication 800-36]]: Guide to Selecting Information Technology Security Products (Oct. 2003) ([http://www.csrc.nist.gov/publications/nistpubs/800-36/NIST-SP800-36.pdf full-text]).
  +
* [[NIST Special Publication 800-35]]: Guide to Information Technology Security Services (Oct. 2003) ([http://csrc.nist.gov/publications/nistpubs/800-35/NIST-SP800-35.pdf full-text]).
  +
* [[NIST Special Publication 800-34, Rev. 1]], Contingency Planning Guide for Federal Information Systems (updated Nov. 2010) ([http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf full-text]).
  +
* [[NIST Special Publication 800-34]]: Contingency Planning Guide for Federal Information Systems (Rev. 1) (May 2010) ([http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1.pdf full-text]).
  +
* [[NIST Special Publication 800-33]]: Underlying Technical Models for Information Technology Security (Dec. 2001) ([http://csrc.nist.gov/publications/nistpubs/800-33/sp800-33.pdf full-text]).
  +
* [[NIST Special Publication 800-32]]: Introduction to Public Key Technology and the Federal PKI Infrastructure (Feb. 26, 2001) ([http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf full-text]).
  +
* [[NIST Special Publication 800-31]], Intrusion Detection Systems (Nov. 2001) ([http://www.everyspec.com/NIST/NIST+(General)/download.php?spec=SP_800-31.030152.pdf full-text]).
  +
* [[NIST Special Publication 800-30, Rev. 1]]: Guide for Conducting Risk Assessments (Sept. 2012) ([http://csrc.nist.gov/publications/drafts/800-30-rev1/SP800-30-Rev1-ipd.pdf full-text]).
  +
* [[NIST Special Publication 800-30]]: Risk Management Guide for Information Technology Systems (July 2002) ([http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf full-text]).
  +
* [[NIST Special Publication 800-28]]: Guidelines on Active Content and Mobile Code (ver. 2) (Mar. 2008) ([http://csrc.nist.gov/publications/nistpubs/800-28-ver2/SP800-28v2.pdf full-text]).
  +
* [[NIST Special Publication 800-27A]]: Engineering Principles for Information Technology Security (A Baseline for Achieving Security) (June 2004) ([http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf full-text]).
  +
* [[NIST Special Publication 800-27 Rev A]]: Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A (June 2004) ([http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf full-text]).
  +
* [[NIST Special Publication 800-26]]: Security Self-Assessment Guide for Information Technology Systems (Nov. 2001) ([http://infohost.nmt.edu/~sfs/Regs/sp800-26.pdf full-text]).
  +
* [[NIST Special Publication 800-25]]: Federal Agency Use of Public Key Technology for Digital Signatures and Authentication (Sept. 2000) ([http://csrc.nist.gov/publications/nistpubs/800-25/sp800-25.pdf full-text]).
  +
* [[NIST Special Publication 800-23]]: Guidelines to Federal Organizations on Security Assurance & Acquisition/Use of Tested/Evaluated Products (Aug. 2000). ([http://csrc.nist.gov/publications/nistpubs/800-23/sp800-23.pdf full-text]).
  +
* [[NIST Special Publication 800-21]]: Guideline for Implementing Cryptography in the Federal Government (2d ed. Dec. 2005) ([http://csrc.nist.gov/publications/nistpubs/800-21-1/sp800-21-1_Dec2005.pdf full-text]).
  +
* [[NIST Special Publication 800-19]]: Mobile Agent Security (Aug. 1999) ([http://csrc.nist.gov/publications/nistpubs/800-19/sp800-19.pdf full-text]).
  +
* [[NIST Special Publication 800-18]]: Guide for Developing Security Plans for Federal Information Systems (GSSP) (Rev. 1) (Feb. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf full-text]).
  +
* [[NIST Special Publication 800-16 (Rev. 1)]] (Third Draft): A Role-Based Model for Federal Information Technology/Cyber Security Training (Mar. 14, 2014) ([http://csrc.nist.gov/publications/drafts/800-16-rev1/sp800_16_rev1_3rd-draft.pdf full-text]).
  +
* [[NIST Special Publication 800-16]]: Information Technology Security Training Requirements: A Role- and Performance-Based Model (Apr. 1998) ([http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf full-text]).
  +
* [[NIST Special Publication 800-14]]: Generally Accepted Principles and Practices for Securing Information Technology Systems (Sept. 1996) ([http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf full-text]).
  +
* [[NIST Special Publication 800-13]]: Telecommunications Security Guidelines for Telecommunications Management Network (Oct. 1995) ([http://csrc.nist.gov/publications/nistpubs/800-13/sp800-13.pdf full-text]).
  +
* [[NIST Special Publication 800-12, Rev. 1]]: (Draft) An Introduction to Computer Security (Jan. 23, 2017) ([http://csrc.nist.gov/publications/drafts/800-12r1/sp800_12_r1_draft.pdf full-text]).
  +
* [[NIST Special Publication 800-12]]: An Introduction to Computer Security: The NIST Handbook (Oct. 1995) ([http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf full-text])
  +
* [[NIST Special Publication 800-11]]: The Impact of the FCC's Open Network Architecture on NS/EP Telecommunications Security (Feb. 1995).
  +
* [[NIST Special Publication 800-10]]: Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (Dec. 1994).
  +
* [[NIST Special Publication 800-9]]: Good Security Practices for Electronic Commerce, Including Electronic Data Interchange (Dec. 1993).
  +
* [[NIST Special Publication 800-8]]: Security Issues in the Database Language SQL (Aug. 1993).
  +
* [[NIST Special Publication 800-7]]: Security in Open Systems (July 1994).
  +
* [[NIST Special Publication 800-6]]: Automated Tools for Testing Computer System Vulnerability (Dec. 1992) ([http://niatec.info/GetFile.aspx?pid=368 full-text]).
  +
* [[NIST Special Publication 800-5]]: A Guide to Selection of Anti-Virus Tools and Techniques (Dec. 1992) ([http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA405145 full-text]).
  +
* [[NIST Special Publication 800-4A]]: Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiators, Contracting Officers, and Computer Security Officials (Oct. 2002) ([ftp://ftp.aci.com.pl/pub/security/info/reference/nist/draft-special-publications/sp-800-4a-draft.pdf full-text]).
  +
* [[NIST Special Publication 800-4]]: Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiators, Contracting Officers, and Computer Security Officials (Mar. 1992) ([http://securityv.isu.edu/isl/800-4.html full-text]).
  +
* [[NIST Special Publication 800-3]]: Establishing a Computer Security Incident Response Capability (CSIRC) (Nov. 1991) ([http://www.terena.org/activities/tf-csirt/archive/800-3.pdf full-text]).
  +
* [[NIST Special Publication 800-2]]: Public Key Cryptography (Apr. 1991) ([http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA408338 full-text]).
  +
* [[NIST Special Publication 800-1]]: Bibliography of Selected Computer Security Publicatons, January 1980-October 1989 (Dec. 1990).
   
 
== Special Publications 500 series (Information Technology) (January 1977-present) ==
  
== Special Publications 500 series (Information Technology) (January 1977-present) ==
Line 134: Line 161:
 
These publications are a general [[IT]] subseries used more broadly by [[NIST]]'s [[Information Technology Laboratory]] ([[ITL]]). Publications in this series include:
  
These publications are a general [[IT]] subseries used more broadly by [[NIST]]'s [[Information Technology Laboratory]] ([[ITL]]). Publications in this series include:
   
  +
* [[NIST Special Publication 500-087]]: Management Guide for Software Documentation (Jan. 1982).
  +
* [[NIST Special Publication 500-090]]: Guide to Contracting for Software Conversion Services (May 1982).
  +
* [[NIST Special Publication 500-105]]: Guide to Software Conversion Management
  +
* [[NIST Special Publication 500-106]]: Guide on Software Maintenance.
  +
* [[NIST Special Publication 500-109]]: Overview of Computer Security Certification andAccreditation.
 
* [[NIST Special Publication 500-120]]: Security of Personal Computer Systems-A Management Guide (Jan. 1985).
  
* [[NIST Special Publication 500-120]]: Security of Personal Computer Systems-A Management Guide (Jan. 1985).
* [[NIST Special Publication 500-121]]:Guidance on Planning and Implementing Computer Systems Reliability (Jan. 1985).
 +
* [[NIST Special Publication 500-121]]: Guidance on Planning and Implementing Computer Systems Reliability (Jan. 1985).
 
* [[NIST Special Publication 500-125]]: Issues in the Management of Microcomputer Systems (Sept. 1985).
  
* [[NIST Special Publication 500-125]]: Issues in the Management of Microcomputer Systems (Sept. 1985).
 
* [[NIST Special Publication 500-128]]: Starting and Operating a Microcomputer Support Center (Oct. 1985).
  
* [[NIST Special Publication 500-128]]: Starting and Operating a Microcomputer Support Center (Oct. 1985).
  +
* [[NIST Special Publication 500-148]]: Application Software Prototyping and Fourth Generation Languages.
  +
* [[NIST Special Publication 500-153]]: Guide to Auditing for Controls and Security: A Svstem Develonment Life Cvcle Annroach.
  +
* [[NIST Special Publication 500-154]]: Guide to Distributed Database Management.
  +
* [[NIST Special Publication 500-155]]: Management Guide to Software Reuse.
 
* [[NIST Special Publication 500-157]]: Smart Card Technology: New Methods for Computer Access Control (Sept. 1988).
  
* [[NIST Special Publication 500-157]]: Smart Card Technology: New Methods for Computer Access Control (Sept. 1988).
 
* [[NIST Special Publication 500-158]]: Accuracy, Integrity, and Security in Computerized Vote-Tallying (Aug. 1988).
  
* [[NIST Special Publication 500-158]]: Accuracy, Integrity, and Security in Computerized Vote-Tallying (Aug. 1988).
Line 144: Line 180:
 
* [[NIST Special Publication 500-170]]: Management Guide to the Protection of Information Resources (1989).
  
* [[NIST Special Publication 500-170]]: Management Guide to the Protection of Information Resources (1989).
 
* [[NIST Special Publication 500-171]]: Computer Users' Guide to the Protection of Information Resources (1989).
  
* [[NIST Special Publication 500-171]]: Computer Users' Guide to the Protection of Information Resources (1989).
  +
* [[NIST Special Publication 500-180]]: Guide to Software Acceptance.
 
* [[NIST Special Publication 500-218]]: Analyzing Electronic Commerce (June 1, 1994)
  
* [[NIST Special Publication 500-218]]: Analyzing Electronic Commerce (June 1, 1994)
 
* [[NIST Special Publication 500-245]]: Standard Data Format for the Interchange of Fingerprint, Facial, & Scar Mark & Tattoo (SMT) Information (Sept. 2000).
 
* [[NIST Special Publication 500-245]]: Standard Data Format for the Interchange of Fingerprint, Facial, & Scar Mark & Tattoo (SMT) Information (Sept. 2000).
Line 155: Line 192:
   
 
== Special Publications 1800 series (NIST Cybersecurity Practice Guides (2015-present)) ==
  
== Special Publications 1800 series (NIST Cybersecurity Practice Guides (2015-present)) ==
  +
 
 
This subseries was created to complement the Special Publications 800 series. It targets specific [[cybersecurity]] challenges in the [[public sector|public]] and [[private sector]]s. It provides practical, [[user-friendly]] guides to facilitate adoption of [[standards]]-based approaches to [[cybersecurity]].
  
This subseries was created to complement the Special Publications 800 series. It targets specific [[cybersecurity]] challenges in the [[public sector|public]] and [[private sector]]s. It provides practical, [[user-friendly]] guides to facilitate adoption of [[standards]]-based approaches to [[cybersecurity]].
   
  +
They show members of the [[information security]] community how to [[implement]] example solutions that help them align more easily with relevant [[standard]]s and [[best practices]] and provide users with the materials lists, [[configuration file]]s, and other [[information]] they need to [[implement]] a similar approach.
* [[NIST Special Publication 1800-1]] (DRAFT) Securing Electronic Health Records on Mobile Devices (July 28, 2015).
  
  +
  +
The documents in this series describe example [[implementation]]s of [[cybersecurity]] practices that businesses and other organizations may voluntarily adopt. These documents do not describe [[regulation]]s or mandatory practices, nor do they carry [[statutory]] authority.
  +
  +
* [[NIST Special Publication 1800-34]]: (Preliminary Draft) Validating the Integrity of Computing Devices (Aug. 31, 2021).
  +
* [[NIST Special Publication 1800-33]]: (Preliminary Draft) 5G Cybersecurity (Feb. 1, 2021).
  +
* [[NIST Special Publication 1800-30]]: (Draft) Securing Telehealth Remote Patient Monitoring Ecosystem (Nov. 2020).
  +
* [[NIST Special Publication 1800-26]]: Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events (Dec. 8, 2020).
  +
* [[NIST Special Publication 1800-25]]: Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events (Dec. 8, 2020).
  +
* [[NIST Special Publication 1800-21]]: Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) (Sept. 15, 2020).
  +
* [[NIST Special Publication 1800-17]]: (DRAFT) Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers (July 19, 2019).
  +
* [[NIST Special Publication 1800-15]], (Draft) Securing Small Business and Home Internet of Things Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (Sept. 16, 2020).
  +
* [[NIST Special Publication 1800-11]]: (DRAFT) Data Integrity: Recovering from Ransomware and Other Destructive Events (Sept. 6, 2017).
  +
* [[NIST Special Publication 1800-9]]: (DRAFT) Access Rights Management for the Financial Services Sector (Aug. 31, 2017).
  +
* [[NIST Special Publication 1800-8]]: (DRAFT) Securing Wireless Infusion Pumps in Healthcare Delivery Organizations (May 8, 2017).
  +
* [[NIST Special Publication 1800-7]]: (DRAFT) Situational Awareness for Electric Utilities (Feb. 16, 2017).
  +
* [[NIST Special Publication 1800-6]]: (DRAFT) Domain Name Systems-Based Electronic Mail Security (Nov. 2016).
  +
* [[NIST Special Publication 1800-5]]: (DRAFT) IT Asset Management (Oct. 29, 2015).
  +
* [[NIST Special Publication 1800-4]]: (DRAFT) Mobile Device Security: Cloud & Hybrid Builds (Nov. 5, 2015).
  +
* [[NIST Special Publication 1800-3]]: (DRAFT) Attribute Based Access Control (Sep. 29, 2015).
  +
* [[NIST Special Publication 1800-2]]: (DRAFT) Identity and Access Management for Electric Utilities (Aug. 25, 2015).
  +
* [[NIST Special Publication 1800-1]]: [[Securing Electronic Health Records on Mobile Devices]] (July 2018).
   
 
== NIST Cloud Computing Research Papers ==
  
== NIST Cloud Computing Research Papers ==
Line 177: Line 235:
 
== Other Special Publications ==
  
== Other Special Publications ==
   
* [[NIST Special Publication 1191]]: Research Roadmap for Smart Fire Fighting (Summary Report) (June 11, 2015) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1191.pdf full-text]).
 +
* [[NIST Special Publication 1500]]: [[NIST Big Data interoperability Framework]] ([[NBDIF]]) ([http://bigdatawg.nist.gov/V1_output_docs.php full-text]).
  +
* [[NIST Special Publication 1191]]: Research Roadmap for Smart Fire Fighting (Summary Report) (June 11, 2015)([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1191.pdf full-text]).
  +
* [[NIST Special Publication 1176]]: Costs and Cost Effectiveness of Additive Manufacturing: A Literature and Discussion (Dec. 2014) ([http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1176.pdf full-text]).
 
* [[NIST Special Publication 1163]]: Economics of the U.S. Additive Manufacturing Industry (August 2013).
  
* [[NIST Special Publication 1163]]: Economics of the U.S. Additive Manufacturing Industry (August 2013).
 
* [[NIST Special Publication 1108]], Rel. 1: NIST Framework and Roadmap for Smart Grid Interoperability Standards (Jan. 2010) ([http://www.nist.gov/public_affairs/releases/upload/smartgrid_interoperability_final.pdf full-text]).
  
* [[NIST Special Publication 1108]], Rel. 1: NIST Framework and Roadmap for Smart Grid Interoperability Standards (Jan. 2010) ([http://www.nist.gov/public_affairs/releases/upload/smartgrid_interoperability_final.pdf full-text]).
Line 186: Line 246:
   
 
* [[National Institute of Standards and Technology Interagency or Internal Report]]
  
* [[National Institute of Standards and Technology Interagency or Internal Report]]
  +
* [[NIST Cybersecurity Practice Guides]]
 
* [[NIST Security Bulletins]]
  
* [[NIST Security Bulletins]]
 
[[Category:Publication]]
  
[[Category:Publication]]

Latest revision as of 03:05, 26 September 2021

Overview[]

NIST Special Publications are publications from the National Institute of Standards and Technology. These publications are developed and issued by NIST as recommendations and guidance documents. For other than national security programs and systems, federal agencies must follow those NIST Special Publications mandated in a Federal Information Processing Standard.

While federal agencies are required to follow certain specific NIST Special Publications in accordance with OMB policy, there is flexibility in how agencies apply the guidance. Federal agencies apply the security concepts and principles articulated in the NIST Special Publications in accordance with and in the context of the agency’s missions, business functions, and environment of operation. Consequently, the application of NIST guidance by federal agencies can result in different security solutions that are equally acceptable, compliant with the guidance, and meet the OMB definition of adequate security for federal information systems.

Given the high priority of information sharing and transparency within the federal government, agencies also consider reciprocity in developing their information security solutions. When assessing federal agency compliance with NIST Special Publications, Inspectors General, evaluators, auditors, and assessors consider the intent of the security concepts and principles articulated within the specific guidance document and how the agency applied the guidance in the context of its mission/business responsibilities, operational environment, and unique organizational conditions.

Special Publications 800 series (Computer Security) (December 1990-present)[]

Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Publications in this series includes:

Special Publications 500 series (Information Technology) (January 1977-present)[]

These publications are a general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL). Publications in this series include:

  • NIST Special Publication 500-087: Management Guide for Software Documentation (Jan. 1982).
  • NIST Special Publication 500-090: Guide to Contracting for Software Conversion Services (May 1982).
  • NIST Special Publication 500-105: Guide to Software Conversion Management
  • NIST Special Publication 500-106: Guide on Software Maintenance.
  • NIST Special Publication 500-109: Overview of Computer Security Certification andAccreditation.
  • NIST Special Publication 500-120: Security of Personal Computer Systems-A Management Guide (Jan. 1985).
  • NIST Special Publication 500-121: Guidance on Planning and Implementing Computer Systems Reliability (Jan. 1985).
  • NIST Special Publication 500-125: Issues in the Management of Microcomputer Systems (Sept. 1985).
  • NIST Special Publication 500-128: Starting and Operating a Microcomputer Support Center (Oct. 1985).
  • NIST Special Publication 500-148: Application Software Prototyping and Fourth Generation Languages.
  • NIST Special Publication 500-153: Guide to Auditing for Controls and Security: A Svstem Develonment Life Cvcle Annroach.
  • NIST Special Publication 500-154: Guide to Distributed Database Management.
  • NIST Special Publication 500-155: Management Guide to Software Reuse.
  • NIST Special Publication 500-157: Smart Card Technology: New Methods for Computer Access Control (Sept. 1988).
  • NIST Special Publication 500-158: Accuracy, Integrity, and Security in Computerized Vote-Tallying (Aug. 1988).
  • NIST Special Publication 500-166: Computer Viruses and Related Threats: A Management Guide (Aug. 1989).
  • NIST Special Publication 500-169: Executive Guide to the Protection of Information Resources (1989).
  • NIST Special Publication 500-170: Management Guide to the Protection of Information Resources (1989).
  • NIST Special Publication 500-171: Computer Users' Guide to the Protection of Information Resources (1989).
  • NIST Special Publication 500-180: Guide to Software Acceptance.
  • NIST Special Publication 500-218: Analyzing Electronic Commerce (June 1, 1994)
  • NIST Special Publication 500-245: Standard Data Format for the Interchange of Fingerprint, Facial, & Scar Mark & Tattoo (SMT) Information (Sept. 2000).
  • NIST Special Publication 500-271: American National Standard for Information Systems-Data Format for the Interchange of Fingerprint, Facial, & Other Biometric Information-Part 1 (ANSI/NIST-ITL 1-2007) (May 2007) (full-text).
  • NIST Special Publication 500-291: NIST Cloud Computing Standards Roadmap (July 2011) (full-text).
  • NIST Special Publication 500-292: NIST Cloud Computing Reference Architecture (Sept. 2011) (full-text).
  • NIST Special Publication 500-293: US Government Cloud Computing Technology Roadmap
    • Vol. I, Rel. 1.0 (Draft) (High-Priority Requirements to Further USG Agency Cloud Computing Adoption) (Dec. 1, 2011) (full-text)
    • Vol. II, Rel. 1.0 (Draft) (Useful Information for Cloud Adopters) (Dec. 1, 2011) (full-text).
    • Vol. III, Rel. 1.0 (Draft) (Technical Considerations for USG Cloud Computer Deployment Decisions) (Nov. 3, 2011) (full-text).

Special Publications 1800 series (NIST Cybersecurity Practice Guides (2015-present))[]

This subseries was created to complement the Special Publications 800 series. It targets specific cybersecurity challenges in the public and private sectors. It provides practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity.

They show members of the information security community how to implement example solutions that help them align more easily with relevant standards and best practices and provide users with the materials lists, configuration files, and other information they need to implement a similar approach.

The documents in this series describe example implementations of cybersecurity practices that businesses and other organizations may voluntarily adopt. These documents do not describe regulations or mandatory practices, nor do they carry statutory authority.

  • NIST Special Publication 1800-34: (Preliminary Draft) Validating the Integrity of Computing Devices (Aug. 31, 2021).
  • NIST Special Publication 1800-33: (Preliminary Draft) 5G Cybersecurity (Feb. 1, 2021).
  • NIST Special Publication 1800-30: (Draft) Securing Telehealth Remote Patient Monitoring Ecosystem (Nov. 2020).
  • NIST Special Publication 1800-26: Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events (Dec. 8, 2020).
  • NIST Special Publication 1800-25: Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events (Dec. 8, 2020).
  • NIST Special Publication 1800-21: Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) (Sept. 15, 2020).
  • NIST Special Publication 1800-17: (DRAFT) Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers (July 19, 2019).
  • NIST Special Publication 1800-15, (Draft) Securing Small Business and Home Internet of Things Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (Sept. 16, 2020).
  • NIST Special Publication 1800-11: (DRAFT) Data Integrity: Recovering from Ransomware and Other Destructive Events (Sept. 6, 2017).
  • NIST Special Publication 1800-9: (DRAFT) Access Rights Management for the Financial Services Sector (Aug. 31, 2017).
  • NIST Special Publication 1800-8: (DRAFT) Securing Wireless Infusion Pumps in Healthcare Delivery Organizations (May 8, 2017).
  • NIST Special Publication 1800-7: (DRAFT) Situational Awareness for Electric Utilities (Feb. 16, 2017).
  • NIST Special Publication 1800-6: (DRAFT) Domain Name Systems-Based Electronic Mail Security (Nov. 2016).
  • NIST Special Publication 1800-5: (DRAFT) IT Asset Management (Oct. 29, 2015).
  • NIST Special Publication 1800-4: (DRAFT) Mobile Device Security: Cloud & Hybrid Builds (Nov. 5, 2015).
  • NIST Special Publication 1800-3: (DRAFT) Attribute Based Access Control (Sep. 29, 2015).
  • NIST Special Publication 1800-2: (DRAFT) Identity and Access Management for Electric Utilities (Aug. 25, 2015).
  • NIST Special Publication 1800-1: Securing Electronic Health Records on Mobile Devices (July 2018).

NIST Cloud Computing Research Papers[]

  • NIST Cloud Computing Public Security Working Group, White Paper "Challenging Security Requirements for US Government Cloud Computing Adoption", December 2012
  • C. Dabrowski and K. Mills, "VM Leakage and Orphan Control in Open-Source Clouds", Proceedings of IEEE CloudCom 2011, Nov. 29-Dec. 1, Athens, Greece, pp. 554-559.
  • K. Mills, J. Filliben and C. Dabrowski, "Comparing VM-Placement Algorithms for On-Demand Clouds", Proceedings of IEEE CloudCom 2011, Nov. 29-Dec. 1, Athens, Greece, pp. 91-98.
  • C. Dabrowski and K. Mills, "Extended Version of VM Leakage and Ophan Control in Open-Source Clouds", NIST Publication 909325; an abbreviated version of this paper was published in the Proceedings of IEEE CloudCom 2011, Nov. 29-Dec. 1, Athens, Greece.
  • C. Dabrowski and F. Hunt, "Identifying Failure Scenarios in Complex Systems by Perturbing Markov Chain Models", Proceedings of ASME 2011 Conference on Pressure Vessels & Piping, Baltimore, MD, July 17-22, 2011.
  • K. Mills, J. Filliben and C. Dabrowski, "An Efficient Sensitivity Analysis Method for Large Cloud Simulations", Proceedings of the 4th International Cloud Computing Conference, IEEE, Washington, D.C., July 5-9, 2011.

NiST Grant/Contract Reports (GCR)[]

  • NIST GCR 93-635, Private Branch Exchange (PBX) Security Guideline (PB94-100880) (Sept. 1993).
  • NIST GCR 94-654, Federal Certification Authority Liability and Policy-Law and Policy of Certificate-Based Public Key and Digital Signatures (PB94-191202) (June 1994).
  • NIST GCR 95-670, Standards Policy and Information Infrastructure (May 1995) (PB95-231882).

Other Special Publications[]

See also[]

Community content is available under CC-BY-SA unless otherwise noted.