NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Publications By Legal Requirement

To view CSD publications--FIPS, Special Publications, NISTIRs and ITL Bulletins--by legal requirement, see the menu (on left).

There are certain legal requirements regarding IT security with which Federal agencies must comply; these sources include legislation, Presidential Directives and Office of Management and Budget (OMB) Circulars. CSD technical publications are organized below according to relevant legal requirement.

[Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.]

E-Government Act of 2002

Mandates NIST Development of Security Standards
NumberDateTitle
FIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information Systems
FIPS 200
FIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information Systems
FIPS 199
SP 800-152 
(Draft)
Jan 7, 2014DRAFT A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS)
Announcement and Draft Publication
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
NIST IR 7698Aug 2011Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698
NIST IR 7697Aug 2011Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697
NIST IR 7696Aug 2011Common Platform Enumeration : Name Matching Specification Version 2.3
NISTIR 7696
NIST IR 7695Aug 2011Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695
ITL July 2007Jul 2007Border Gateway Protocol (BGP) Security
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
ITL November 2006Nov 2006Guide to Securing Computers Using Windows XP Home Edition
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Back to Top

Federal Information Security Management Act of 2002 (FISMA)

Annual Public Report on Activities Undertaken in the Previous Year
NumberDateTitle
SP 800-170June 20142013 Computer Security Division Annual Report
SP 800-170 - Annual Report (2013) FAQ
doi:10.6028/NIST.SP.800-170 [Direct Link]
SP 800-165Jun 20132012 Computer Security Division Annual Report
Annual Report (2012) - SP 800-165 FAQ
doi:10.6028/NIST.SP.800-165 [Direct Link]
NIST IR 7816Mar 20122011 Computer Security Division Annual Report
Annual Report (2011)
NIST IR 7751May 20112010 Computer Security Division Annual Report
Annual Report (2010)
NIST IR 7653Mar 20102009 Computer Security Division Annual Report
Annual Report (2009)
NIST IR 7536Mar 20092008 Computer Security Division Annual Report
Annual Report (2008)
NIST IR 7442Apr 20082007 Computer Security Division Annual Report
Annual Report (2007)
NIST IR 7399Mar 20072006 Computer Security Division Annual Report
Annual Report (2006)
NIST IR 7285Feb 20062005 Computer Security Division Annual Report
Annual Report (2005)
NIST IR 7219Apr 20052004 Computer Security Division Annual Report
Annual Report (2004)
NIST IR 7111Apr 20042003 Computer Security Division Annual Report
Annual Report (2003)
Back to Top
Categorization of All Information & Information Systems & Minimum Security Requirements for Each Category
NumberDateTitle
FIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information Systems
FIPS 200
FIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information Systems
FIPS 199
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-157 
(Draft)
Mar 7, 2014DRAFT Guidelines for Derived Personal Identity Verification (PIV) Credentials
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-88 Rev. 1 
(Draft)
Sep. 6, 2012DRAFT Guidelines for Media Sanitization
Announcement and Draft Publication
SP 800-88Sep 2006Guidelines for Media Sanitization
SP 800-88 (including updates as of 09-11-2006)
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-76 -2Jul 2013Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-70 Rev. 2Feb 2011National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 2
SP 800-60 Rev. 1Aug 2008Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 1: Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 2: Appendices
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-53 A Rev.4 
(Draft)
July 31, 2014DRAFT Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
Announcement and Draft Publication
SP 800-53 A Rev. 1Jun 2010Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans
SP 800-53A Rev. 1
Security Assessment Overview and Cases
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
SP 800-37 Rev. 1Feb 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of June 05, 2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
SP 800-34 Rev. 1May 2010Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010)
Business Impact Analysis (BIA) Template (SP 800-34 Rev. 1)
Contingency Planning: Low Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: Moderate Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: High Impact System Template (SP 800-34 Rev. 1)
SP 800-30 Rev. 1Sep 2012Guide for Conducting Risk Assessments
SP 800-30 Rev. 1
SP 800-30 Rev. 1 (EPUB) FAQ
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7904 
(Draft)
Dec. 21, 2012DRAFT Trusted Geolocation in the Cloud: Proof of Concept Implementation
Announcement and Draft Publication
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7698Aug 2011Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698
NIST IR 7697Aug 2011Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697
NIST IR 7696Aug 2011Common Platform Enumeration : Name Matching Specification Version 2.3
NISTIR 7696
NIST IR 7695Aug 2011Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
NIST IR 7516Aug 2008Forensic Filtering of Cell Phone Protocols
NISTIR 7516
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL August 2006Aug 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL June 2006Jun 2006Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Back to Top
Detection & Handling of Information Security Incidents
NumberDateTitle
FIPS 198-1Jul 2008 The Keyed-Hash Message Authentication Code (HMAC)
FIPS 198-1
FIPS 180-4Mar 2012Secure Hash Standard (SHS)
FIPS 180-4
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
FIPS 140-2May 2001Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002)
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Annex A: Approved Security Functions (EPUB) FAQ
Annex B: Approved Protection Profiles (EPUB) FAQ
Annex C: Approved Random Number Generators (EPUB) FAQ
Annex D: Approved Key Establishment Techniques (EPUB) FAQ
FIPS 140-1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modules
FIPS 140-1
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-157 
(Draft)
Mar 7, 2014DRAFT Guidelines for Derived Personal Identity Verification (PIV) Credentials
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-125Jan 2011Guide to Security for Full Virtualization Technologies
SP 800-125
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote Access
SP 800-114
SP 800-113Jul 2008 Guide to SSL VPNs
SP 800-113
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP 800-111
SP 800-107 Rev. 1Aug 2012Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1
SP 800-106Feb 2009Randomized Hashing for Digital Signatures
SP 800-106
SP 800-103 
(Draft)
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-86Aug 2006Guide to Integrating Forensic Techniques into Incident Response
SP 800-86
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84
SP 800-84 (EPUB) FAQ
SP 800-83 Rev. 1Jul 2013Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-76 -2Jul 2013Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-61 Rev. 2Aug 2012Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7904 
(Draft)
Dec. 21, 2012DRAFT Trusted Geolocation in the Cloud: Proof of Concept Implementation
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL May 2007May 2007Securing Radio Frequency Identification (RFID) Systems
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL October 2006Oct 2006Log Management: Using Computer and Network Records to Improve Information Security
ITL September 2006Sep 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL August 2006Aug 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks
Back to Top
Identification of an Information System as a National Security System
NumberDateTitle
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-157 
(Draft)
Mar 7, 2014DRAFT Guidelines for Derived Personal Identity Verification (PIV) Credentials
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-59Aug 2003Guideline for Identifying an Information System as a National Security System
SP 800-59
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7904 
(Draft)
Dec. 21, 2012DRAFT Trusted Geolocation in the Cloud: Proof of Concept Implementation
Announcement and Draft Publication
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL June 2006Jun 2006Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks
Back to Top
Manage Security Incidents
NumberDateTitle
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-157 
(Draft)
Mar 7, 2014DRAFT Guidelines for Derived Personal Identity Verification (PIV) Credentials
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-122Apr 2010Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122
SP 800-122 (EPUB) FAQ
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-86Aug 2006Guide to Integrating Forensic Techniques into Incident Response
SP 800-86
SP 800-83 Rev. 1Jul 2013Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-61 Rev. 2Aug 2012Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-40 Rev. 3Jul 2013Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7904 
(Draft)
Dec. 21, 2012DRAFT Trusted Geolocation in the Cloud: Proof of Concept Implementation
Announcement and Draft Publication
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL October 2006Oct 2006Log Management: Using Computer and Network Records to Improve Information Security
ITL September 2006Sep 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks
Back to Top

Health Insurance Portability and Accountability Act (HIPAA)

Assure Health Information Privacy & Security
NumberDateTitle
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-124 Rev. 1Jun 2013Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP 800-111
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7497Sep 2010Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497
ITL October 2006Oct 2006Log Management: Using Computer and Network Records to Improve Information Security
Back to Top
Standardize Electronic Data Interchange in Health Care Transactions
NumberDateTitle
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-66 Rev 1Oct 2008An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
Back to Top

Homeland Security Presidential Directive-12 (HSPD-12)

Establishes a Mandatory, Government-Wide Standard for Secure & Reliable Forms of Identification Issued by the Federal Government to its Employees & Contractors
NumberDateTitle
FIPS 201-2Aug 2013Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
SP 800-157 
(Draft)
Mar 7, 2014DRAFT Guidelines for Derived Personal Identity Verification (PIV) Credentials
Announcement and Draft Publication
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-103 
(Draft)
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-85 B-4 
(Draft)
Aug. 6, 2014DRAFT PIV Data Model Conformance Test Guidelines
Announcement and Draft Publication
SP 800-85 BJul 2006PIV Data Model Test Guidelines
SP 800-85B
SP 800-85 A-2Jul 2010PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 Compliance)
SP 800-85A-2
SP 800-79 2 
(Draft)
Jun 2, 2014DRAFT Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
Announcement and Draft Publication
SP 800-79 -1Jun 2008Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
SP 800-79-1
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-76 -2Jul 2013Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73 -4 
(Draft)
May 19, 2014DRAFT Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

Announcement and Draft Publication
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7849Mar 2014A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NIST IR 7676Jun 2010Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7337Aug 2006Personal Identity Verification Demonstration Summary
NISTIR 7337
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
ITL July 2007Jul 2007Border Gateway Protocol (BGP) Security
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL May 2007May 2007Securing Radio Frequency Identification (RFID) Systems
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL November 2006Nov 2006Guide to Securing Computers Using Windows XP Home Edition
ITL August 2006Aug 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL June 2006Jun 2006Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks
ITL January 2006Jan 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL August 2005Aug 2005Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
Back to Top

Homeland Security Presidential Directive-7 (HSPD-7)

Protect Critical Infrastructure
NumberDateTitle
FIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information Systems
FIPS 200
FIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information Systems
FIPS 199
SP 800-157 
(Draft)
Mar 7, 2014DRAFT Guidelines for Derived Personal Identity Verification (PIV) Credentials
Announcement and Draft Publication
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-82 Rev.2 
(Draft)
May 14, 2014DRAFT Guide to Industrial Control Systems (ICS) Security
Announcement and Draft Publication
SP 800-82 Rev. 1Apr 2013Guide to Industrial Control Systems (ICS) Security
SP 800-82 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-82r1 [Direct Link]
SP 800-60 Rev. 1Aug 2008Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 1: Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 2: Appendices
SP 800-59Aug 2003Guideline for Identifying an Information System as a National Security System
SP 800-59
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-41 Rev. 1Sep 2009Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1
SP 800-37 Rev. 1Feb 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of June 05, 2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
SP 800-30 Rev. 1Sep 2012Guide for Conducting Risk Assessments
SP 800-30 Rev. 1
SP 800-30 Rev. 1 (EPUB) FAQ
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7823 
(Draft)
Jul. 10, 2012DRAFT Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
Announcement and Draft Publication
ITL July 2007Jul 2007Border Gateway Protocol (BGP) Security
ITL May 2007May 2007Securing Radio Frequency Identification (RFID) Systems
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL November 2006Nov 2006Guide to Securing Computers Using Windows XP Home Edition
ITL August 2006Aug 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Back to Top

OMB Circular A-11: Preparation, Submission, and Execution of the Budget

Capital Planning
NumberDateTitle
SP 800-65 Rev. 1 
(Draft)
July 14, 2009DRAFT Recommendations for Integrating Information Security into the Capital Planning and Investment Control Process (CPIC)
Announcement and Draft Publication
SP 800-65Jan 2005Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65
SP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information Security
SP 800-55 Rev. 1
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
NIST IR 7773Nov 2010An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events
NISTIR 7773
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
Back to Top

OMB Circular A-130: Management of Federal Information Resources, Appendix III: Security of Federal Automated Information Resources

Assess Risks
NumberDateTitle
FIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information Systems
FIPS 199
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-153Feb 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-122Apr 2010Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122
SP 800-122 (EPUB) FAQ
SP 800-118 
(Draft)
Apr. 21, 2009DRAFT Guide to Enterprise Password Management
Announcement and Draft Publication
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-113Jul 2008 Guide to SSL VPNs
SP 800-113
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP 800-111
SP 800-107 Rev. 1Aug 2012Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1
SP 800-106Feb 2009Randomized Hashing for Digital Signatures
SP 800-106
SP 800-103 
(Draft)
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-88 Rev. 1 
(Draft)
Sep. 6, 2012DRAFT Guidelines for Media Sanitization
Announcement and Draft Publication
SP 800-88Sep 2006Guidelines for Media Sanitization
SP 800-88 (including updates as of 09-11-2006)
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7692Apr 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
Back to Top
Certify & Accredit Systems
NumberDateTitle
FIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information Systems
FIPS 200
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP 800-111
SP 800-88 Rev. 1 
(Draft)
Sep. 6, 2012DRAFT Guidelines for Media Sanitization
Announcement and Draft Publication
SP 800-88Sep 2006Guidelines for Media Sanitization
SP 800-88 (including updates as of 09-11-2006)
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
SP 800-37 Rev. 1Feb 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of June 05, 2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7802Sep 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR 7802
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7692Apr 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
Back to Top
Conduct Security Awareness Training
NumberDateTitle
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-50Oct 2003Building an Information Technology Security Awareness and Training Program
SP 800-50
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
SP 800-16 Rev. 1 (3rd draft) 
(Draft)
Mar. 14, 2014DRAFT A Role-Based Model for Federal Information Technology / Cyber Security Training (3rd public draft)
Announcement and Draft Publication
SP 800-16Apr 1998Information Technology Security Training Requirements: A Role- and Performance-Based Model
SP 800-16
Appendices A, B, C, D
Appendix E
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
Back to Top
Develop Contingency Plans & Procedures
NumberDateTitle
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
SP 800-88 Rev. 1 
(Draft)
Sep. 6, 2012DRAFT Guidelines for Media Sanitization
Announcement and Draft Publication
SP 800-88Sep 2006Guidelines for Media Sanitization
SP 800-88 (including updates as of 09-11-2006)
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-46 Rev. 1Jun 2009Guide to Enterprise Telework and Remote Access Security
SP 800-46 Rev. 1
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
SP 800-34 Rev. 1May 2010Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010)
Business Impact Analysis (BIA) Template (SP 800-34 Rev. 1)
Contingency Planning: Low Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: Moderate Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: High Impact System Template (SP 800-34 Rev. 1)
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
Back to Top
Manage System Configurations & Security throughout the System Development Life Cycle
NumberDateTitle
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-153Feb 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-128Aug 2011Guide for Security-Focused Configuration Management of Information Systems
SP 800-128
SP 800-127Sep 2010Guide to Securing WiMAX Wireless Communications
SP 800-127
SP 800-127 (EPUB) FAQ
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-124 Rev. 1Jun 2013Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
SP 800-123Jul 2008Guide to General Server Security
SP 800-123
SP 800-123 (EPUB) FAQ
SP 800-118 
(Draft)
Apr. 21, 2009DRAFT Guide to Enterprise Password Management
Announcement and Draft Publication
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote Access
SP 800-114
SP 800-113Jul 2008 Guide to SSL VPNs
SP 800-113
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP 800-111
SP 800-107 Rev. 1Aug 2012Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1
SP 800-106Feb 2009Randomized Hashing for Digital Signatures
SP 800-106
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-70 Rev. 2Feb 2011National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 2
SP 800-68 Rev. 1Oct 2008Guide to Securing Microsoft Windows XP Systems for IT Professionals
SP 800-68 Rev. 1
SP 800-64 Rev. 2Oct 2008Security Considerations in the System Development Life Cycle
SP 800-64 Rev. 2
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1
SP 800-46 Rev. 1Jun 2009Guide to Enterprise Telework and Remote Access Security
SP 800-46 Rev. 1
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-40 Rev. 3Jul 2013Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
SP 800-34 Rev. 1May 2010Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010)
Business Impact Analysis (BIA) Template (SP 800-34 Rev. 1)
Contingency Planning: Low Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: Moderate Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: High Impact System Template (SP 800-34 Rev. 1)
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7694Jun 2011Specification for the Asset Reporting Format 1.1
NISTIR 7694
NIST IR 7693Jun 2011Specification for Asset Identification 1.1
NISTIR 7693
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
NIST IR 7511 Rev. 3Jan 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
NISTIR 7511 Rev. 3 (including updates as of 07-11-2013) FAQ
doi:10.6028/NIST.IR.7511 [Direct Link]
NIST IR 7316Sep 2006Assessment of Access Control Systems
NISTIR 7316
ITL October 2008Oct 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
Back to Top
Mandates Agency-Wide Information Security Program Development & Implementation
NumberDateTitle
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-100Oct 2006Information Security Handbook: A Guide for Managers
SP 800-100 (including updates as of 03-07-2007)
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1
SP 800-12Oct 1995An Introduction to Computer Security: The NIST Handbook
SP 800-12
SP 800-12 (HTML)
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
Back to Top