This index provides a full listing of UNCLASSIFIED issuances, as issued by the Committee on National Security Systems (CNSS), as well as a document listing all current, cancelled, and superseded issuances in the Index of National Security Systems, found below. To obtain an issuance not offered below, refer to our Contact List for more information.
- Index of National Security Systems Issuances
- Dated July 2012; includes a complete listing of all current CNSS issuances and historical record of all cancelled or superseded issuances
Policies
- CNSSP-1
- National Policy for Safeguarding and Control of Communications Security Material - dated September 2004; Supersedes NCSC-1, dated 16 January 1981
- CNSSP-3
- National Policy for Granting Access to U.S. Classified Cryptographic Information - dated October 2007
- NCSC-5
- National Policy on Use of Cryptomaterial by Activities Operating in High Risk Environments - dated 6 January 1981
- NSTISSP-11
- Fact Sheet for the National Information Assurance Acquisition Policy - dated July 2003
- CNSSP-12
- National Information Assurance Policy for Space Systems Used to Support National Security Missions - dated 20 March 2007; Supersedes NSTISSP-12, dated January 2001
- CNSSP-14
- National Policy Governing the Release of Information Assurance (IA) Products and Services to Authorized U.S. Persons or Activities that are Not a Part of the Federal Government - dated November 2002
- CNSSP-17
- Policy on Wireless Communications: Protecting National Security Information - dated May 2010
- CNSSP-18
- National Policy on Classified Information Spillage - dated June 2006
- CNSSP-19
- National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products - dated February 2007
- CNSSP-21
- National Information Assurance Policy on Enterprise Architectures for National Security Systems - dated March 2007
- CNSSP-22
- Information Assurance Risk Management Policy for National Security Systems - dated January 2012
- CNSSP-24
- Policy on Assured Information Sharing (AIS) for National Security Systems (NSS) - dated May 2010
- CNSSP-25
- National Policy For Public Key Infrastructure in National Security Systems - dated March 2009
- CNSSP-26
- National Policy on Reducing the Risk of Removable Media - dated November 2010
- NSTISSP-101
- National Policy on Securing Voice Communications - dated 14 September 1999
- NSTISSP-200
- National Policy on Controlled Access Protection - dated 15 July 1987
Directives
- CNSSD-500
- Information Assurance (IA) Education, Training, and Awareness - dated August 2006; Supersedes NSTISSD-500, dated 25 February 1993
- NSTISSD-501
- National Training Program for Information Systems Security (INFOSEC) Professionals - dated 16 November 1992
- CNSSD-502
- National Directive On Security of National Security Systems - dated 16 December 2004; Supersedes NSTISSD-502, dated 5 February 1993
- CNSSD-900
- Governing Procedures of the Committee on National Security Systems (CNSS), dated 16 December 2004; Supersedes NSTISSD-502, dated April 2000
- CNSSD-901
- National Security Telecommunications and Information Systems Security (CNSS) Issuance System, dated 16 December 2004; Supersedes NSTISSD-502, dated April 2000
Instructions
- CNSSI-1001
- National Instruction On Classified Information Spillage, dated February 2008
- CNSSI-1300
- National Instruction On Public Key Infrastructure X.509 Certificate Policy, Under CNSS Policy No. 25, dated June 2011
- CNSSI-1253
- Security Categorization and Control Selection for National Security Systems, dated March 2012
- CNSSI-1253a
- Security Overlays Template, dated March 2012
- NSTISSI-3028
- Operational Security Doctrine for the FORTEZZA User PCMCIA Card, dated December 2001
- CNSSI-4007
- Communications Security (COMSEC) Utility Program, dated November 2007
- CNSSI-4008
- Program for the Management and Use of National Reserve Information Assurance Security Equipment, dated March 2007
- CNSSI-4009
- National Information Assurance Glossary, dated May 2003; revised April 2010
- NSTISSI-4011
- National Training Standard for Information Systems Security (INFOSEC) Professionals, dated 20 June 1994
- CNSSI-4012
- National Information Assurance Training Standard for Senior Systems Managers, dated June 2004; Supersedes NSTISSI No. 4012, dated August 1997
- CNSSI-4013
- National Information Assurance Training Standard For System Administrators (SA), dated March 2004
- CNSSI-4014
- Information Assurance Training Standard for Information Systems Security Officers, dated April 2004; Supersedes NSTISSI No. 4014, dated August 1997
- NSTISSI-4015
- National Training Standard for Systems Certifiers, dated December 2000
- CNSSI-4016
- National Information Assurance Training Standard For Risk Analysts, dated November 2005
- CNSSI-4031
- Cryptographic High Value Products (CHVP), dated February 2012
- CNSSI-5000
- Guidelines for Voice Over Internet Protocol (VoIP) Computer Telephony, dated April 2007; Supersedes TSG Standard 2b, dated April 2006
- CNSSI-5001
- Type-Acceptance Program for Voice Over Internet Protocol (VoIP) Telephones, dated December 2007
- CNSSI-5002
- National Information Assurance (IA) Instruction for Computerized Telephone Systems, dated February 2012
- CNSSI-5006
- National Instruction for Approved Telephone Equipment, dated September 2011; Supersedes TSG Standard 6, dated June 2006
- NACSI-6002
- National COMSEC Instruction, dated 14 June 1984
- NSTISSI-7003
- Protective Distribution Systems (PDS), dated 13 December 1996
Advisory Memoranda
- NSTISSAM INFOSEC 1-99
- The Insider Threat to U.S. Government Information Systems, dated July 1999
- NSTISSAM INFOSEC 1-00
- Advisory Memorandum for the Use of the Federal Information Processing Standards (FIPS) 140-1 Validated Cryptographic Modules in Protecting Unclassified National Security Systems - dated 8 February 2000
- NSTISSAM INFOSEC 2-00
- Advisory Memorandum for the Strategy for Using the National Information Assurance Partnership (NIAP) for the Evaluation of Commercial Off-The-Shelf (COTS) Security Enabled Information Technology Products, dated 8 February 2000
- NSTISSAM INFOSEC 3-00
- Advisory Memorandum on WebBrowser Security Vulnerabilities, dated August 2000
- NSTISSAM COMSEC 1-85
- Advisory Memorandum on Release of Communications Security Equipment, Material or Information to Foreign Enterprises - dated 29 October 1985
- NSTISSAM COMSEC 1-98
- AN/CYZ-10/10A Data Transfer Device Training - dated August 1998
- NSTISSAM COMPUSEC 1-87
- Advisory Memorandum on Office Automation Security Guideline - dated 16 January 1987
- NSTISSAM COMPUSEC 1-98
- The Role of Firewalls and Guards in Enclave Boundary Protection - dated December 1998
- NSTISSAM COMPUSEC 1-99
- Advisory Memorandum on the Transition From the Trusted Computer System Evaluation Criteria to the International Common Criteria for Information Technology Security Evaluation, dated 11 March 1999
- NSTISSAM TEMPEST 1-00
- Maintenance and Disposition of TEMPEST Equipment, dated December 2000
- CNSSAM IA 1-04
- Advisory Memorandum for Information Assurance (IA) - Security Through Product Diversity - dated July 2004
- CNSSAM IA 2-04
- Advisory Memorandum for Information Assurance (IA) - Retirement of Data Encryption Standard (DES) Based Cryptography to Protect National Security Systems - dated November 2004; revised March 2005
- CNSSAM IA 1-10
- Advisory Memorandum for Information Assurance (IA) - Reducing the Risk of Removable Media in National Security Systems - dated December 2010
- CNSSAM IA 1-12
- Advisory Memorandum for Information Assurance (IA) - NSA-Approved Commercial Solution Guidance - dated June 2012
TSG Standards
- TSG STANDARD 1
- Introduction to Telephone Security, dated March 1990
- TSG STANDARD 2
- TSG Guidelines for Computerized Telephone Systems, dated March 1990
- NTSWG STANDARD 2a
- NTSWG Guidelines for Computerized Telephone Systems Supplemental, dated March 2001
- NTSWG STANDARD 2b (Superseded by CNSSI-5000)
- NTSWG Guidelines for Voice Over Internet Protocol (VoIP) Computer Telephony, dated April 2006
- TSG STANDARD 3
- Type-Acceptance Program for Telephones used with the Conventional Central Office Interface, dated March 1990
- TSG STANDARD 4
- Type-Acceptance Program for Electronic Telephones used in Computerized Telephone Systems, dated March 1990
- TSG STANDARD 5
- On-Hook Telephone Audio Security Performance Specification, dated March 1990
- TSG STANDARD 6 (Superseded by CNSSI-5006)
- Telephone Security Group Approved Equipment, dated March 1990; updated June 2006
- TSG STANDARD 7
- TSG Guidelines for Cellular Telephones, dated September 1994
- TSG STANDARD 8
- Microphonic Response Criteria for Non-communications Devices, dated October 1994
TSG Information Series
- Computerized Telephone Systems (CTSs): A Review of CTS Deficiencies, Threats and Risks
- Dated December 1994
- Executive Overview
- Dated January 1996
- Central Office (CO) Interfaces
- Dated November 1997
- Everything You Always Wanted to Know About Telephone Security (but were afraid to ask)
- Dated December 1998
CNSS Report
- CNSS Report: Progress Against 2008 Priorities
- Committee on National Security Systems (CNSS) Report: Progress Against 2008 Priorities, dtd April 2009
- CNSS Report: An Agenda for Safeguarding National Security Systems
- 2007/2008 Committee on National Security Systems (CNSS) Report: An Agenda for Safeguarding National Security Systems, dated Mar 2008
Other
- CNSS-002-11
- Vendors Equipment Approval Memo CNSS 01-11 2010, dated January 2011
- CNSS-009-10
- Vendors Equipment Approval Memo CNSS 06 through 08, dated March 2010
- CNSS-094-09
- Vendors Equipment Approval Memo CNSS 01 through 05, dated November 2009
- CNSS-048-07
- National Information Assurance (IA) Approach to Incident Management, dated May 2007
- CNSS-079-07
- Frequently Asked Questions (FAQ) on Incidents and Spills, dated August 2007
To obtain an issuance not offered in the CNSS Library, refer to our Contact List for more information.