NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
Computer Security Division Documents Guide Click Here to download the "Guide to NIST Information Security Documents."
Computer Security Division Roadmap to NIST Information Security Documents Click Here to download the "Roadmap to NIST Information Security Documents."
*NOTE: Categories in the Families, Topic Clusters, and Legal Requirements listings are from the "Guide to NIST Information Security Documents."

Publications

Special Publications (800 Series)

Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Special Publications
NumberDateTitle
SP 800-124July 7, 2008DRAFT Guidelines on Cell Phone and PDA Security
Draft-SP800-124.pdf
SP 800-123Jul 2008Guide to General Server Security
SP800-123.pdf
SP 800-121July 9, 2008DRAFT Guide to Bluetooth Security
Draft-SP800-121.pdf
Draft-SP800-121_pdf.zip
SP 800-116September 10, 2008DRAFT (second draft) A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP800-116-2nd-draft-v2.pdf
Comments_SP800-116.xls
SP 800-115Nov 13, 2007DRAFT Technical Guide to Information Security Testing
Draft-SP800-115.pdf
Draft-SP800-115_pdf.zip
SP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote Access
SP800-114.pdf
SP 800-113Jul 2008 Guide to SSL VPNs
SP800-113.pdf
SP800-113_pdf.zip
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP800-111.pdf
SP 800-110Sep 28, 2007DRAFT Information System Security Reference Data Model
Draft-SP800-110.pdf
SP 800-108May 1, 2008DRAFT Recommendation for Key Derivation Using Pseudorandom Functions
Draft_SP-800-108_April-2008.pdf
SP 800-107July 9, 2008DRAFT Recommendation for Applications Using Approved Hash Algorithms
draft-SP800-107-July2008.pdf
SP 800-106Jul 31, 2008DRAFT Randomized Hashing Digital Signatures (2nd draft)
2nd-Draft_SP800-106_July2008.pdf
SP 800-104Jun 2007A Scheme for PIV Visual Card Topography
SP800-104-June29_2007-final.pdf
SP 800-103Oct 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
sp800-103-draft.pdf
draft-sp800-103.zip
SP 800-101May 2007Guidelines on Cell Phone Forensics
SP800-101.pdf
SP 800-100Oct 2006Information Security Handbook: A Guide for Managers
SP800-100-Mar07-2007.pdf
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP800-98_RFID-2007.pdf
SP 800-97Feb 2007Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP800-97.pdf
SP 800-96Sep 2006PIV Card to Reader Interoperability Guidelines
SP800-96-091106.pdf
SP 800-95Aug 2007Guide to Secure Web Services
SP800-95.pdf
SP800-95_pdf.zip
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP800-94.pdf
SP 800-92Sep 2006Guide to Computer Security Log Management
SP800-92.pdf
SP 800-90Mar 2007Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP800-90revised_March2007.pdf
SP 800-89Nov 2006Recommendation for Obtaining Assurances for Digital Signature Applications
SP-800-89_November2006.pdf
SP 800-88Sep 2006Guidelines for Media Sanitization
NISTSP800-88_rev1.pdf
SP 800-87 Rev 1Apr 2008Codes for Identification of Federal and Federally-Assisted Organizations
SP800-87_Rev1-April2008Final.pdf
SP 800-86Aug 2006Guide to Integrating Forensic Techniques into Incident Response
SP800-86.pdf
SP800-86-pdf.zip
SP 800-85 BJul 2006PIV Data Model Test Guidelines
SP800-85b-072406-final.pdf
SP 800-85 AApr 2006PIV Card Application and Middleware Interface Test Guidelines (SP800-73 compliance)
SP800-85A.pdf
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP800-84.pdf
SP 800-83Nov 2005Guide to Malware Incident Prevention and Handling
SP800-83.pdf
SP 800-82Sep 28, 2007DRAFT Guide to Industrial Control Systems (ICS) Security
2nd-Draft-SP800-82-clean.pdf
2nd-Draft-SP800-82-markup.pdf
2nd-Draft-SP800-82-clean.pdf.zip
2nd-Draft-SP800-82-markup.pdf.zip
SP 800-81May 2006Secure Domain Name System (DNS) Deployment Guide
SP800-81.pdf
SP 800-80May 4, 2006DRAFT Guide for Developing Performance Metrics for Information Security
draft-sp800-80-ipd.pdf
SP 800-79 -1Jun 2008Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
SP800-79-1.pdf
SP 800-78 -1Aug 2007Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP-800-78-1_final2.pdf
SP 800-77Dec 2005Guide to IPsec VPNs
sp800-77.pdf
sp800-77pdf.zip
SP 800-76 -1Jan 2007Biometric Data Specification for Personal Identity Verification
SP800-76-1_012407.pdf
SP 800-73 -2Mar. 7, 2008DRAFT Interfaces for Personal Identity Verification (4 parts):
1- End-Point PIV Card Application Namespace, Data Model and Representation
2- End-Point PIV Card Application Interface
3- End-Point PIV Client Application Programming Interface
4- The PIV Transitional Data Model and Interfaces
2nddraft_SP800-73-2_part1_DataModel-032008.pdf
2nddraft_SP800-73-2_part2_EndPointPIVCardApplicationCardCommandInterface-032008.pdf
2nddraft_SP800-73-2_part3_EndpointClientAPI-032008.pdf
2nddraft_SP800-73-2_part4_TransitionalSpec-032008.pdf
Comments-form-on-NIST_SP800-73-2.xls
2nddraft-SP800-73-2.zip
TrackChanges_Part1_SP800-73-2.pdf
TrackChanges_Part2_SP800-73-2.pdf
TrackChanges_Part3_SP800-73-2.pdf
SP 800-73 -1Mar 2006Interfaces for Personal Identity Verification
sp800-73-1v7-April20-2006.pdf
Errata-for-sp800-73-1-050206.pdf
SP 800-72Nov 2004Guidelines on PDA Forensics
sp800-72.pdf
SP 800-70May 2005Security Configuration Checklists Program for IT Products: Guidance for Checklists Users and Developer
download_sp800-70.html
SP 800-69Sep 2006Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
guidance_WinXP_Home.html
SP 800-68 Rev. 1July 25, 2008DRAFT Guide to Securing Microsoft Windows XP Systems for IT Professionals
download_WinXP.html
SP 800-68Oct 2005Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
guidance_WinXP.html
SP 800-67 1.1June 2008Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
SP800-67.pdf
SP 800-66 Rev 1May 1, 2008DRAFT An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
Draft_SP800-66-Rev1.pdf
SP 800-66Mar 2005An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP800-66.pdf
sp800-66pdf-zipped.zip
SP 800-65Jan 2005Integrating IT Security into the Capital Planning and Investment Control Process
SP-800-65-Final.pdf
SP-800-65-Final.zip
SP 800-64 Rev.1Jun 2004Security Considerations in the Information System Development Life Cycle
NIST-SP800-64.pdf
NIST-SP800-64.zip
SP 800-64 Rev. 2March 14, 2008DRAFT Security Considerations in the System Development Life Cycle
draft-SP800-64-Revision2.pdf
SP 800-63 Version 1.0.2Apr 2006Electronic Authentication Guideline
SP800-63V1_0_2.pdf
SP 800-63 -1Feb 26, 2008DRAFT Electronic Authentication Guidelines
Draft_SP-800-63-1_2008Feb20.pdf
SP 800-61 Rev. 1Mar 2008Computer Security Incident Handling Guide
SP800-61rev1.pdf
SP 800-60 Rev. 1Aug 2008Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes) - Volume 1: Guide Volume 2: Appendices
SP800-60_Vol1-Rev1.pdf
SP800-60_Vol2-Rev1.pdf
SP 800-59Aug 2003Guideline for Identifying an Information System as a National Security System
SP800-59.pdf
sp800-59.zip
SP 800-58Jan 2005Security Considerations for Voice Over IP Systems
SP800-58-final.pdf
SP800-58.zip
SP 800-57Mar 2007Recommendation for Key Management
sp800-57-Part1-revised2_Mar08-2007.pdf
SP800-57-Part2.pdf
SP 800-56 AMar 2007Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
SP800-56A_Revision1_Mar08-2007.pdf
SP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information Security
SP800-55-rev1.pdf
SP 800-54Jul 2007Border Gateway Protocol Security
SP800-54.pdf
SP 800-53 Rev. 2Dec 2007Recommended Security Controls for Federal Information Systems
sp800-53-rev2-final.pdf
sp800-53-rev2_pdf.zip
sp800-53-rev2-annex1.pdf
sp800-53-rev2-annex1.zip
sp800-53-rev2-annex2.pdf
sp800-53-rev2-annex2.zip
sp800-53-rev2-annex3.pdf
sp800-53-rev2-annex3.zip
SP 800-53 Rev.1Dec 2006Recommended Security Controls for Federal Information Systems
800-53-rev1-final-clean-sz.pdf
sp800-53-rev1.zip
800-53-rev1-final-markup-sz.pdf
sp800-53-rev1-markup.zip
SP800-53-AppendicesDEF-markup.pdf
SP800-53-AppendicesDEF-markup.zip
800-53-rev1-annex1-sz.pdf
SP-800-53Rev1-Annex1.zip
800-53-rev1-annex2-sz.pdf
SP-800-53Rev1-Annex2.zip
800-53-rev1-annex3-sz.pdf
SP-800-53Rev1-Annex3.zip
SP 800-53 AJun 2008Guide for Assessing the Security Controls in Federal Information Systems
SP800-53A-final-sz.pdf
SP800-53A.zip
SP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
SP800-52.pdf
SP 800-51Sep 2002Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
sp800-51.pdf
sp800-51.zip
SP 800-50Oct 2003Building an Information Technology Security Awareness and Training Program
NIST-SP800-50.pdf
NIST-SP800-50.zip
SP 800-49Nov 2002Federal S/MIME V3 Client Profile
sp800-49.pdf
sp800-49.zip
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP800-48r1.pdf
SP 800-47Aug 2002Security Guide for Interconnecting Information Technology Systems
sp800-47.pdf
sp800-47.zip
SP 800-46Aug 2002Security for Telecommuting and Broadband Communications
sp800-46.pdf
sp800-46.zip
SP 800-45 Version 2Feb 2007Guidelines on Electronic Mail Security
SP800-45v2.pdf
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP800-44v2.pdf
SP800-44v2.pdf.zip
SP 800-43Nov 2002Systems Administration Guidance for Windows 2000 Professional System
guidance_W2Kpro.html
SP 800-42Oct 2003Guideline on Network Security Testing
NIST-SP800-42.pdf
NIST-SP800-42.zip
SP 800-41 Rev. 1July 9, 2008DRAFT Guidelines on Firewalls and Firewall Policy
Draft-SP800-41rev1.pdf
SP 800-41Jan 2002Guidelines on Firewalls and Firewall Policy
sp800-41.pdf
SP 800-40 Version 2.0Nov 2005Creating a Patch and Vulnerability Management Program
SP800-40v2.pdf
SP 800-39April 3, 2008DRAFT Managing Risk from Information Systems: An Organizational Perspective
SP800-39-spd-sz.pdf
SP 800-38 ADec 2001Recommendation for Block Cipher Modes of Operation - Methods and Techniques
sp800-38a.pdf
SP 800-38 BMay 2005Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
SP_800-38B.pdf
Updated_CMAC_Examples.pdf
SP 800-38 CMay 2004Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP800-38C_updated-July20_2007.pdf
SP 800-38 DNov 2007Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP-800-38D.pdf
SP 800-37 Rev. 1August 19, 2008DRAFT Guide for Security Authorization of Federal Information Systems: A Security Lifecycle Approach
SP800-37-rev1-IPD.pdf
SP 800-37May 2004Guide for the Security Certification and Accreditation of Federal Information Systems
SP800-37-final.pdf
SP 800-36Oct 2003Guide to Selecting Information Technology Security Products
NIST-SP800-36.pdf
NIST-SP800-36.zip
SP 800-35Oct 2003Guide to Information Technology Security Services
NIST-SP800-35.pdf
NIST-SP800-35.zip
SP 800-34Jun 2002Contingency Planning Guide for Information Technology Systems
sp800-34.pdf
800-34.zip
SP 800-33Dec 2001Underlying Technical Models for Information Technology Security
sp800-33.pdf
SP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructure
sp800-32.pdf
SP 800-30Jul 2002Risk Management Guide for Information Technology Systems
sp800-30.pdf
SP 800-29Jun 2001A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
sp800-29.pdf
SP 800-28 Version 2Mar 2008Guidelines on Active Content and Mobile Code
SP800-28v2.pdf
SP 800-27 Rev. AJun 2004Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
SP800-27-RevA.pdf
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
sp800-25.pdf
sp800-25.doc
SP 800-24Aug 2000PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
sp800-24pbx.pdf
SP 800-23Aug 2000Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
sp800-23.pdf
sp800-23.zip
SP 800-22May 2001A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
sp-800-22-051501.pdf
errata-sheet.pdf
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
sp800-21-1_Dec2005.pdf
SP 800-20Oct 1999Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures
800-20.pdf
SP 800-19Oct 1999Mobile Agent Security
sp800-19.pdf
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
sp800-18-Rev1-final.pdf
SP 800-17Feb 1998Modes of Operation Validation System (MOVS): Requirements and Procedures
800-17.pdf
SP 800-16Apr 1998Information Technology Security Training Requirements: A Role- and Performance-Based Model
800-16.pdf
AppendixA-D.pdf
Appendix_E.pdf
SP 800-15 Version 1Sep 1997MISPC Minimum Interoperability Specification for PKI Components
SP800-15.PDF
mispcv1.doc
mispcv1.ps
SP 800-14Sep 1996Generally Accepted Principles and Practices for Securing Information Technology Systems
800-14.pdf
800-14.ps
800-14.wpd
SP 800-13Oct 1995Telecommunications Security Guidelines for Telecommunications Management Network
sp800-13.pdf
SP 800-12Oct 1995An Introduction to Computer Security: The NIST Handbook
handbook.pdf
index.html
800-12_1.ps
800-12_2.ps
800-12_3.ps
800-12_4.ps
800-12_5.ps
Back to Top