SP 800-164 | Oct. 31, 2012 | DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices sp800_164_draft.pdf |
SP 800-155 | Dec. 8, 2011 | DRAFT BIOS Integrity Measurement Guidelines draft-SP800-155_Dec2011.pdf |
SP 800-153 | Feb. 2012 | Guidelines for Securing Wireless Local Area Networks (WLANs) sp800-153.pdf |
SP 800-152 | August 8, 2012 | DRAFT A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS) draft-sp-800-152.pdf |
SP 800-147 B | July 30, 2012 | DRAFT BIOS Protection Guidelines for Servers draft-sp800-147b_july2012.pdf |
SP 800-147 | Apr. 2011 | Basic Input/Output System (BIOS) Protection Guidelines NIST-SP800-147-April2011.pdf |
SP 800-146 | May 2012 | Cloud Computing Synopsis and Recommendations sp800-146.pdf |
SP 800-145 | Sept. 2011 | The NIST Definition of Cloud Computing SP800-145.pdf |
SP 800-144 | Dec. 2011 | Guidelines on Security and Privacy in Public Cloud Computing SP800-144.pdf |
SP 800-142 | Oct. 2010 | Practical Combinatorial Testing SP800-142-101006.pdf |
SP 800-137 | Sept. 2011 | Information Security Continuous Monitoring for Federal Information Systems and Organizations SP800-137-Final.pdf |
SP 800-135 Rev. 1 | Dec. 2011 | Recommendation for Existing Application-Specific Key Derivation Functions sp800-135-rev1.pdf |
SP 800-133 | Dec. 2012 | Recommendation for Cryptographic Key Generation dx.doi.org/10.6028/NIST.SP.800-133 |
SP 800-132 | Dec. 2010 | Recommendation for Password-Based Key Derivation Part 1: Storage Applications nist-sp800-132.pdf |
SP 800-131 A | Jan. 2011 | Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths sp800-131A.pdf |
SP 800-130 | Apr. 13, 2012 | DRAFT A Framework for Designing Cryptographic Key Management Systems second-draft_sp-800-130_april-2012.pdf |
SP 800-128 | Aug. 2011 | Guide for Security-Focused Configuration Management of Information Systems sp800-128.pdf |
SP 800-127 | Sept. 2010 | Guide to Securing WiMAX Wireless Communications sp800-127.pdf |
SP 800-126 Rev. 2 | Sept. 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP800-126r2.pdf |
| | sp800-126r2-errata-20120409.pdf |
SP 800-126 Rev. 1 | Feb. 2011 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP800-126r1.pdf |
SP 800-126 | Nov. 2009 | The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 sp800-126.pdf |
SP 800-125 | Jan. 2011 | Guide to Security for Full Virtualization Technologies SP800-125-final.pdf |
SP 800-124 Rev 1 | Jul 10, 2012 | DRAFT Guidelines for Managing and Securing Mobile Devices in the Enterprise draft_sp800-124-rev1.pdf |
SP 800-124 | Oct 2008 | Guidelines on Cell Phone and PDA Security SP800-124.pdf |
SP 800-123 | Jul 2008 | Guide to General Server Security SP800-123.pdf |
SP 800-122 | Apr. 2010 | Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) sp800-122.pdf |
SP 800-121 Rev. 1 | June 2012 | Guide to Bluetooth Security sp800-121_rev1.pdf |
SP 800-120 | Sept. 2009 | Recommendation for EAP Methods Used in Wireless Network Access Authentication sp800-120.pdf |
SP 800-119 | Dec. 2010 | Guidelines for the Secure Deployment of IPv6 sp800-119.pdf |
SP 800-118 | Apr. 21, 2009 | DRAFT Guide to Enterprise Password Management draft-sp800-118.pdf |
SP 800-117 Rev. 1 | Jan. 6, 2012 | DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Draft-SP800-117-r1.pdf |
SP 800-117 | July 2010 | Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 sp800-117.pdf |
SP 800-116 | Nov 2008 | A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP800-116.pdf |
SP 800-115 | Sept 2008 | Technical Guide to Information Security Testing and Assessment SP800-115.pdf |
SP 800-114 | Nov 2007 | User's Guide to Securing External Devices for Telework and Remote Access SP800-114.pdf |
SP 800-113 | Jul 2008 | Guide to SSL VPNs SP800-113.pdf |
SP 800-111 | Nov 2007 | Guide to Storage Encryption Technologies for End User Devices SP800-111.pdf |
SP 800-108 | Oct. 2009 | Recommendation for Key Derivation Using Pseudorandom Functions sp800-108.pdf |
SP 800-107 Rev. 1 | Aug. 2012 | Recommendation for Applications Using Approved Hash Algorithms sp800-107-rev1.pdf |
SP 800-106 | Feb. 2009 | Randomized Hashing for Digital Signatures NIST-SP-800-106.pdf |
SP 800-104 | Jun 2007 | A Scheme for PIV Visual Card Topography SP800-104-June29_2007-final.pdf |
SP 800-103 | Oct 6, 2006 | DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation sp800-103-draft.pdf |
SP 800-102 | Sept. 2009 | Recommendation for Digital Signature Timeliness sp800-102.pdf |
SP 800-101 | May 2007 | Guidelines on Cell Phone Forensics SP800-101.pdf |
SP 800-100 | Oct 2006 | Information Security Handbook: A Guide for Managers SP800-100-Mar07-2007.pdf |
SP 800-98 | Apr 2007 | Guidelines for Securing Radio Frequency Identification (RFID) Systems SP800-98_RFID-2007.pdf |
SP 800-97 | Feb 2007 | Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP800-97.pdf |
SP 800-96 | Sep 2006 | PIV Card to Reader Interoperability Guidelines SP800-96-091106.pdf |
SP 800-95 | Aug 2007 | Guide to Secure Web Services SP800-95.pdf |
SP 800-94 Rev. 1 | July 25, 2012 | DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS) draft_sp800-94-rev1.pdf |
SP 800-94 | Feb 2007 | Guide to Intrusion Detection and Prevention Systems (IDPS) SP800-94.pdf |
SP 800-92 | Sep 2006 | Guide to Computer Security Log Management SP800-92.pdf |
SP 800-90 C | Sept. 5, 2012 | DRAFT Recommendation for Random Bit Generator (RBG) Constructions draft-sp800-90c.pdf |
SP 800-90 B | Sept. 5, 2012 | DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation draft-sp800-90b.pdf |
| | questions-about_draft-sp800-90b.pdf |
SP 800-90 A | Jan. 2012 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators SP800-90A.pdf |
SP 800-89 | Nov 2006 | Recommendation for Obtaining Assurances for Digital Signature Applications SP-800-89_November2006.pdf |
SP 800-88 Rev. 1 | Sept. 6, 2012 | DRAFT Guidelines for Media Sanitization sp800_88_r1_draft.pdf |
SP 800-88 | Sep 2006 | Guidelines for Media Sanitization NISTSP800-88_with-errata.pdf |
SP 800-87 Rev 1 | Apr 2008 | Codes for Identification of Federal and Federally-Assisted Organizations SP800-87_Rev1-April2008Final.pdf |
SP 800-86 | Aug 2006 | Guide to Integrating Forensic Techniques into Incident Response SP800-86.pdf |
SP 800-85 B-1 | Sept. 11, 2009 | DRAFT PIV Data Model Conformance Test Guidelines draft-sp800-85B-1.pdf |
| | sp800-85B_Change_Summary.pdf |
| | Comment-Template_sp800-85B-1.xls |
SP 800-85 B | Jul 2006 | PIV Data Model Test Guidelines SP800-85b-072406-final.pdf |
SP 800-85 A-2 | July 2010 | PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 Compliance) sp800-85A-2-final.pdf |
SP 800-84 | Sep 2006 | Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP800-84.pdf |
SP 800-83 Rev. 1 | July 25, 2012 | DRAFT Guide to Malware Incident Prevention and Handling for Desktops and Laptops draft_sp800-83-rev1.pdf |
SP 800-83 | Nov 2005 | Guide to Malware Incident Prevention and Handling SP800-83.pdf |
SP 800-82 | Jun. 2011 | Guide to Industrial Control Systems (ICS) Security SP800-82-final.pdf |
SP 800-81 Rev. 1 | Apr. 2010 | Secure Domain Name System (DNS) Deployment Guide sp-800-81r1.pdf |
SP 800-79 -1 | Jun 2008 | Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's) SP800-79-1.pdf |
SP 800-78 -3 | Dec. 2010 | Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV) sp800-78-3.pdf |
SP 800-77 | Dec 2005 | Guide to IPsec VPNs sp800-77.pdf |
SP 800-76 -2 | Jul. 9, 2012 | DRAFT Biometric Data Specification for Personal Identity Verification draft-sp-800-76-2_revised.pdf |
| | comments-template-for_draft-sp800-76-2.docx |
SP 800-76 -1 | Jan 2007 | Biometric Data Specification for Personal Identity Verification SP800-76-1_012407.pdf |
SP 800-73 -3 | Feb. 2010 | Interfaces for Personal Identity Verification (4 Parts)
Pt. 1- End Point PIV Card Application Namespace, Data Model & Representation
Pt. 2- PIV Card Application Card Command Interface
Pt. 3- PIV Client Application Programming Interface
Pt. 4- The PIV Transitional Interfaces & Data Model Specification sp800-73-3_PART1_piv-card-applic-namespace-date-model-rep.pdf |
| | sp800-73-3_PART2_piv-card-applic-card-common-interface.pdf |
| | sp800-73-3_PART3_piv-client-applic-programming-interface.pdf |
| | sp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdf |
SP 800-72 | Nov 2004 | Guidelines on PDA Forensics sp800-72.pdf |
SP 800-70 Rev. 2 | Feb. 2011 | National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP800-70-rev2.pdf |
SP 800-69 | Sep 2006 | Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist guidance_WinXP_Home.html |
SP 800-68 Rev. 1 | Oct. 2008 | Guide to Securing Microsoft Windows XP Systems for IT Professionals download_WinXP.html |
SP 800-67 Rev. 1 | Jan. 2012 | Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP-800-67-Rev1.pdf |
SP 800-66 Rev 1 | Oct 2008 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP-800-66-Revision1.pdf |
SP 800-65 Rev. 1 | July 14, 2009 | DRAFT Recommendations for Integrating Information Security into the Capital Planning and Investment Control Process (CPIC) draft-sp800-65rev1.pdf |
SP 800-65 | Jan 2005 | Integrating IT Security into the Capital Planning and Investment Control Process SP-800-65-Final.pdf |
SP 800-64 Rev. 2 | Oct 2008 | Security Considerations in the System Development Life Cycle SP800-64-Revision2.pdf |
SP 800-63 -2 | Feb. 1, 2013 | DRAFT Electronic Authentication Guideline sp800_63_2_draft.pdf |
| | sp800_63_2_draft_comment_form.doc |
SP 800-63 -1 | Dec. 2011 | Electronic Authentication Guideline SP-800-63-1.pdf |
SP 800-61 Rev. 2 | August 2012 | Computer Security Incident Handling Guide SP800-61rev2.pdf |
SP 800-60 Rev. 1 | Aug 2008 | Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes) -
Volume 1: Guide
Volume 2: Appendices SP800-60_Vol1-Rev1.pdf |
| | SP800-60_Vol2-Rev1.pdf |
SP 800-59 | Aug 2003 | Guideline for Identifying an Information System as a National Security System SP800-59.pdf |
SP 800-58 | Jan 2005 | Security Considerations for Voice Over IP Systems SP800-58-final.pdf |
SP 800-57 Part 1 | Jul 2012 | Recommendation for Key Management: Part 1: General (Revision 3) sp800-57_part1_rev3_general.pdf |
SP 800-57 Part 2 | Aug 2005 | Recommendation for Key Management: Part 2: Best Practices for Key Management Organization SP800-57-Part2.pdf |
SP 800-57 Part 3 | Dec 2009 | Recommendation for Key Management, Part 3 Application-Specific Key Management Guidance sp800-57_PART3_key-management_Dec2009.pdf |
SP 800-56 C | Nov. 2011 | Recommendation for Key Derivation through Extraction-then-Expansion SP-800-56C.pdf |
SP 800-56 B | Aug. 2009 | Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography sp800-56B.pdf |
SP 800-56 A | Mar 2007 | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography SP800-56A_Revision1_Mar08-2007.pdf |
SP 800-56 A Rev | Aug 20, 2012 | DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
(Draft Revision) draft-sp-800-56a.pdf |
SP 800-55 Rev. 1 | Jul 2008 | Performance Measurement Guide for Information Security SP800-55-rev1.pdf |
SP 800-54 | Jul 2007 | Border Gateway Protocol Security SP800-54.pdf |
SP 800-53 Rev. 4 | Feb. 5, 2013 | DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft) sp800_53_r4_draft_fpd.pdf |
| | sp800_53_r4_appendix_d_markup_draft2.pdf |
| | sp800_53_r4_appendix_f_markup_draft2.pdf |
| | sp800_53_r4_appendix_g_markup_draft2.pdf |
SP 800-53 Rev. 3 | Aug 2009 | Recommended Security Controls for Federal Information Systems and Organizations
(*Includes Updates as of May 1, 2010*) sp800-53-rev3-final_updated-errata_05-01-2010.pdf |
| | sp-800-53-rev3_database-beta.html |
| | 800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf |
| | 800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf |
| | 800-53-rev3-Annex1_updated_may-01-2010.pdf |
| | 800-53-rev3-Annex2_updated_may-01-2010.pdf |
| | 800-53-rev3-Annex3_updated_may-01-2010.pdf |
| | SP_800-53_Rev-3_database-R1.4.1-BETA.zip |
SP 800-53 A Rev. 1 | Jun. 2010 | Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans sp800-53A-rev1-final.pdf |
| | assessment.html |
SP 800-52 | Jun 2005 | Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations SP800-52.pdf |
SP 800-51 Rev. 1 | Feb. 2011 | Guide to Using Vulnerability Naming Schemes SP800-51rev1.pdf |
SP 800-50 | Oct 2003 | Building an Information Technology Security Awareness and Training Program NIST-SP800-50.pdf |
SP 800-49 | Nov 2002 | Federal S/MIME V3 Client Profile sp800-49.pdf |
SP 800-48 Rev. 1 | Jul 2008 | Guide to Securing Legacy IEEE 802.11 Wireless Networks SP800-48r1.pdf |
SP 800-47 | Aug 2002 | Security Guide for Interconnecting Information Technology Systems sp800-47.pdf |
SP 800-46 Rev. 1 | Jun. 2009 | Guide to Enterprise Telework and Remote Access Security sp800-46r1.pdf |
SP 800-45 Version 2 | Feb 2007 | Guidelines on Electronic Mail Security SP800-45v2.pdf |
SP 800-44 Version 2 | Sep 2007 | Guidelines on Securing Public Web Servers SP800-44v2.pdf |
SP 800-43 | Nov 2002 | Systems Administration Guidance for Windows 2000 Professional System guidance_W2Kpro.html |
SP 800-41 Rev. 1 | Sept. 2009 | Guidelines on Firewalls and Firewall Policy sp800-41-rev1.pdf |
SP 800-40 Version 2.0 | Nov 2005 | Creating a Patch and Vulnerability Management Program SP800-40v2.pdf |
SP 800-40 Rev. 3 | Sept. 5, 2012 | DRAFT Guide to Enterprise Patch Management Technologies draft-sp800-40rev3.pdf |
SP 800-39 | Mar. 2011 | Managing Information Security Risk: Organization, Mission, and Information System View SP800-39-final.pdf |
SP 800-38 F | Dec. 2012 | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping dx.doi.org/10.6028/NIST.SP.800-38F |
SP 800-38 A | Dec 2001 | Recommendation for Block Cipher Modes of Operation - Methods and Techniques sp800-38a.pdf |
SP 800-38 A - Addendum | Oct. 2010 | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode addendum-to-nist_sp800-38A.pdf |
SP 800-38 B | May 2005 | Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication SP_800-38B.pdf |
| | Updated_CMAC_Examples.pdf |
SP 800-38 C | May 2004 | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality SP800-38C_updated-July20_2007.pdf |
SP 800-38 D | Nov 2007 | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC SP-800-38D.pdf |
SP 800-38 E | Jan. 2010 | Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices nist-sp-800-38E.pdf |
SP 800-37 Rev. 1 | Feb. 2010 | Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach sp800-37-rev1-final.pdf |
| | sp800-37-rev1_markup-copy_final.pdf |
SP 800-36 | Oct 2003 | Guide to Selecting Information Technology Security Products NIST-SP800-36.pdf |
SP 800-35 | Oct 2003 | Guide to Information Technology Security Services NIST-SP800-35.pdf |
SP 800-34 Rev. 1 | May 2010 | Contingency Planning Guide for Federal Information Systems
(Errata Page - Nov. 11, 2010) sp800-34-rev1_errata-Nov11-2010.pdf |
SP 800-33 | Dec 2001 | Underlying Technical Models for Information Technology Security sp800-33.pdf |
SP 800-32 | Feb 2001 | Introduction to Public Key Technology and the Federal PKI Infrastructure sp800-32.pdf |
SP 800-30 Rev. 1 | Sept. 2012 | Guide for Conducting Risk Assessments sp800_30_r1.pdf |
SP 800-29 | Jun 2001 | A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 sp800-29.pdf |
SP 800-28 Version 2 | Mar 2008 | Guidelines on Active Content and Mobile Code SP800-28v2.pdf |
SP 800-27 Rev. A | Jun 2004 | Engineering Principles for Information Technology Security (A Baseline for Achieving Security) SP800-27-RevA.pdf |
SP 800-25 | Oct 2000 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication sp800-25.pdf |
SP 800-24 | Apr 2001 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does sp800-24pbx.pdf |
SP 800-23 | Aug 2000 | Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products sp800-23.pdf |
SP 800-22 Rev. 1a | Apr. 2010 | A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications SP800-22rev1a.pdf |
SP 800-21 2nd edition | Dec 2005 | Guideline for Implementing Cryptography in the Federal Government sp800-21-1_Dec2005.pdf |
SP 800-20 | Oct 1999 | Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures (*Includes updates as of March 2012*) 800-20.pdf |
SP 800-19 | Oct 1999 | Mobile Agent Security sp800-19.pdf |
SP 800-18 Rev.1 | Feb 2006 | Guide for Developing Security Plans for Federal Information Systems sp800-18-Rev1-final.pdf |
SP 800-17 | Feb 1998 | Modes of Operation Validation System (MOVS): Requirements and Procedures 800-17.pdf |
SP 800-16 Rev. 1 | Mar. 20, 2009 | DRAFT Information Security Training Requirements: A Role- and Performance-Based Model Draft-SP800-16-Rev1.pdf |
SP 800-16 | Apr 1998 | Information Technology Security Training Requirements: A Role- and Performance-Based Model 800-16.pdf |
| | AppendixA-D.pdf |
| | Appendix_E.pdf |
SP 800-15 Version 1 | Jan 1998 | MISPC Minimum Interoperability Specification for PKI Components SP800-15.PDF |
SP 800-14 | Sep 1996 | Generally Accepted Principles and Practices for Securing Information Technology Systems 800-14.pdf |
SP 800-13 | Oct 1995 | Telecommunications Security Guidelines for Telecommunications Management Network sp800-13.pdf |
SP 800-12 | Oct 1995 | An Introduction to Computer Security: The NIST Handbook handbook.pdf |
| | index.html |