NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

ITL Bulletins

ITL Bulletins are published monthly by NIST's Information Technology Laboratory, focusing on a single topic of significant interest to the computer security community. They often highlight a recently-published FIPS or NIST Special Publication of significance.

ITL Security Banner Icon
ITL June 2016Jun. 2016Extending Network Security into Virtualized Infrastructure
ITL May 2016May 2016Combinatorial Testing for Cybersecurity and Reliability
ITL April 2016Apr 2016New NIST Security Standard Can Protect Credit Cards, Health Information
ITL March 2016Mar 2016Updates to the NIST SCAP Validation Program and Associated Test Requirements
ITL February 2016Feb 2016Implementting Trusted Geolocation Services in the Cloud
ITL January 2016Jan 2016Securing Interactive and Automated Access Management Using Secure Shell (SSH)
ITL December 2015Dec 2015Stopping Malware and Unauthorized Software through Application Whitelisting
ITL November 2015Nov 2015Tailoring Security Controls for Industrial Control Systems
ITL October 2015Oct. 2015Protection of Controlled Unclassified Information
ITL September 2015Sep 2015Additional Secure Hash Algorithm Standards Offer New Opportunities for Data Protection
ITL August 2015Aug 2015Recommendation for Random Number Generation Using Deterministic Random Bit Generators
ITL July 2015July 2015Improved Security and Mobility Through Updated Interfaces for PIV Cards
ITL June 2015Jun 2015Increasing Visibility and Control of Your ICT Supply Chain
ITL May 2015May 2015Authentication Considerations for Public Safety Mobile Networks
ITL April 2015Apr 2015Is Your Replication Device Making an Extra Copy for Someone Else?
ITL March 2015Mar 2015Guidance for Secure Authorization of Mobile Applications in the Corporate Environment
ITL February 2015Feb 2015NIST Special Publication 800-88 Revision 1, Guidelines For Media Sanitization
ITL January 2015Jan 2015Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations
ITL December 2014Dec 2014Release Of NIST Special Publication 800-157, Guidelines For Derived Personal Identity Verification (PIV) Credentials
ITL November 2014Nov 2014Cryptographic Module Validation Program (CMVP)
ITL October 2014Oct 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL September 2014Sep 2014Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity
ITL August 2014Aug 2014Policy Machine: Towards A General-Purpose, Enterprise-Wide Operating Environment
ITL July 2014Jul 2014Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL June 2014Jun 2014ITL Forensic Science Program
ITL May 2014May 2014Small and Medium-Size Business Information Security Outreach Program
ITL April 2014Apr 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
ITL March 2014Mar 2014Attribute Based Access Control (ABAC) Definition and Considerations
ITL February 2014Feb 2014Framework for Improving Critical Infrastructure Cybersecurity
ITL January 2014Jan 2014A Profile of the Key Management Framework for the Federal Government
ITL December 2013Dec 2013The National Vulnerability Database (NVD): Overview
ITL November 2013Nov 2013ITL Releases Preliminary Cybersecurity Framework
ITL October 2013Oct 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL September 2013Sep 2013NIST Opens Draft Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, For Review and Comment (Supplemental ITL Bulletin for September 2013)
ITL September 2013Sep 2013ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL August 2013Aug 2013ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL July 2013Jul 2013ITL Issues Guidelines for Managing the Security of Mobile Devices
ITL June 2013Jun 2013ITL Updates Glossary Of Key Information Security Terms
ITL May 2013May 2013ITL Publishes Security And Privacy Controls For Federal Agencies
ITL April 2013Apr 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
ITL March 2013Mar 2013NIST to Develop a Cybersecurity Framework to Protect Critical Infrastructure
ITL January 2013Jan 2013Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy
ITL December 2012Dec 2012Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information
ITL November 2012Nov 2012Practices for Managing Supply Chain Risks to Protect Federal Information Systems
ITL October 2012Oct 2012Conducting Information Security-Related Risk Assessments: Updated Guidelines for Comprehensive Risk Management Programs
ITL September 2012Sep 2012Revised Guide Helps Organizations Handle Security Related Incidents
ITL August 2012Aug 2012Security of Bluetooth Systems and Devices: Updated Guide Issued by the National Institute of Standards and Technology (NIST)
ITL July 2012Jul 2012Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance
ITL June 2012Jun 2012Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations
ITL May 2012May 2012Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4
ITL March 2012Mar 2012Guidelines for Improving Security and Privacy in Public Cloud Computing
ITL February 2012Feb 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
ITL January 2012Jan 2012Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)
ITL December 2011Dec 2011Revised Guideline for Electronic Authentication of Users Helps Organizations Protect the Security of Their Information Systems
ITL October 2011Oct 2011Continuous Monitoring of Information Security: An Essential Component of Risk Management
ITL September 2011Sep 2011Managing the Configuration of Information Systems with a Focus on Security
ITL August 2011Aug 2011Protecting Industrial Control Systems Key Components of Our Nation's Critical Infrastructures
ITL June 2011Jun 2011Guidelines for Protecting Basic Input/Output System (BIOS) Firmware
ITL May 2011May 2011Using Security Configuration Checklists and the National Checklist Program
ITL April 2011Apr 2011Full Virtualization Technologies: Guidelines for Secure Implementation and Management
ITL March 2011Mar 2011Managing Information Security Risk: Organization, Mission and Information System View
ITL January 2011Jan 2011Internet Protocol Version 6 (IPv6): NIST Guidelines Help Organizations Manage the Secure Deployment of the New Network Protocol
ITL December 2010Dec 2010Securing WiMAX Wireless Communications
ITL November 2010Nov 2010The Exchange of Health Information: Designing a Security Architecture to Provide Information Security and Privacy
ITL September 2010Sep 2010Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of Their Information Systems
ITL July 2010Jul 2010Contingency Planning for Information Systems: Updated Guide for Federal Organizations
ITL June 2010Jun 2010How to Identify Personnel with Significant Responsibilities for Information Security
ITL April 2010Apr 2010Guide to Protecting Personally Identifiable Information
ITL March 2010Mar 2010Revised Guide Helps Federal Organizations Improve Their Risk Management Practices and Information System Security
ITL February 2010Feb 2010Secure Management of Keys in Cryptographic Applications: Guidance for Organizations
ITL January 2010Jan 2010Security Metrics: Measurements to Support the Continued Development of Information Security Technology
ITL November 2009Nov 2009Cybersecurity Fundamentals for Small Business Owners
ITL October 2009Oct 2009Protecting Information Systems with Firewalls: Revised Guidelines on Firewall Technologies and Policies
ITL July 2009Jul 2009Risk Management Framework: Helping Organizations Implement Effective Information Security Programs
ITL June 2009Jun 2009Security for Enterprise Telework and Remote Access Solutions
ITL April 2009Apr 2009The System Development Life Cycle (SDLC)
ITL March 2009Mar 2009The Cryptographic Hash Algorithm Family: Revision of the Secure Hash Standard and Ongoing Competition for New Hash Algorithms
ITL February 2009Feb 2009Using Personal Identity Verification (Piv) Credentials in Physical Access Control Systems (PACS)
ITL December 2008Dec 2008Guide to Information Security Testing and Assessment
ITL October 2008Oct 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL September 2008Sep 2008Using Performance Measurements to Evaluate and Strengthen Information System Security
ITL July 2008Jul 2008Guidelines on Implementing A Secure Sockets Layer (SSL) Virtual Private Network (VPN)
ITL May 2008May 2008New Cryptographic Hash Algorithm Family: NIST Holds a Public Competition to Find New Algorithms
ITL April 2008Apr 2008Using Active Content and Mobile Code and Safeguarding the Security of Information Technology Systems
ITL February 2008Feb 2008Federal Desktop Core Configuration (FDCC): Improving Security for Windows Desktop Operating Systems
ITL January 2008Jan 2008Secure Web Servers Protecting Web Sites that are Accessed by the Public
ITL December 2007Dec 2007Securing External Computers and Other Devices Used by Teleworkers
ITL November 2007Nov 2007Using Storage Encryption Technologies to Protect End User Devices
ITL October 2007Oct 2007The Common Vulnerability Scoring System (CVSS)
ITL July 2007Jul 2007Border Gateway Protocol (BGP) Security
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL May 2007May 2007Securing Radio Frequency Identification (RFID) Systems
ITL March 2007Mar 2007Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL November 2006Nov 2006Guide to Securing Computers Using Windows XP Home Edition
ITL October 2006Oct 2006Log Management: Using Computer and Network Records to Improve Information Security
ITL September 2006Sep 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL August 2006Aug 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL February 2006Feb 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL January 2006Jan 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL August 2005Aug 2005Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL January 2005Jan 2005Integrating Information Technology (IT) Security into the Capital Planning and Investment Control Process
ITL November 2004Nov 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL October 2004Oct 2004Securing Voice Over Internet Protocol (IP) Networks
ITL September 2004Sep 2004Information Security Within the System Development Life Cycle (SDLC)
ITL June 2004Jun 2004Information Technology Security Services: How to Select, Implement, and Manage
ITL April 2004Apr 2004Selecting Information Technology Security Products
ITL March 2004Mar 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
ITL October 2003Oct 2003Information Technology Security Awareness, Training, Education, and Certification
ITL July 2003Jul 2003Testing Intrusion Detection Systems
ITL February 2003Feb 2003Secure Interconnections for Information Technology Systems
ITL April 2002Apr 2002Techniques for System and Data Recovery
Back to Top