Try the new and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Archived ITL Bulletins

The Information Technology Laboratory (ITL) Bulletins have been archived. Some include outdated information or discuss NIST publications that have been superseded or withdrawn. Newer bulletins may be available for a given topic.

ITL BulletinDecember 1995An Introduction to Role-Based Access Control
  Withdrawn: Jan 01, 2010
  Archived File
ITL BulletinNov 1994Digital Signature Standard (DSS)
  Withdrawn: Jan 01, 1900
  Archived File
ITL BulletinOctober 2010Cyber Security Strategies for the Smart Grid: Protecting the Advanced Digital Infrastructure for Electric Power
ITL BulletinAugust 2010Assessing the Effectiveness of Security Controls in Federal Information Systems
ITL BulletinSeptember 2009Updated Digital Signature Standard (DSS) Approved as Federal Information Processing Standard (FIPS) 186-3
ITL BulletinAugust 2009Revised Catalog of Security Controls for Federal Information Systems and Organizations: For Use in Both National Security and Nonnational Security Systems
ITL BulletinJanuary 2009Security of Cell Phones and PDAs
ITL BulletinNovember 2008Bluetooth Security: Protecting Wireless Networks and Devices
ITL BulletinAugust 2008Security Assessments: Tools for Measuring the Effectiveness of Security Controls
ITL BulletinMarch 2008Handling Computer Security Incidents: NIST Issues Updated Guidelines
ITL BulletinApril 2007Securing Wireless Networks
ITL BulletinJanuary 2007Security Controls for Information Systems: Revised Guidelines Issued by NIST
ITL BulletinJune 2006Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment
ITL BulletinMay 2006An Update on Cryptographic Standards, Guidelines, and Testing Requirements
ITL BulletinDecember 2005Preventing and Handling Malware Incidents: How to Protect Information Technology Systems from Malicious Code and Software
ITL BulletinNovember 2005Securing Microsoft Windows XP Systems: NIST Recommendations for Using a Security Configuration Checklist
ITL BulletinOctober 2005National Vulnerability Database (NVD): Helping Information Technology System Users and Developers Find Current Information About Cyber Security Vulnerabilities
ITL BulletinSep 2005Biometric Technologies: Helping to Protect Information and Automated Transactions in Information Technology Systems
  Withdrawn: Jan 01, 1900
ITL BulletinJuly 2005Protecting Sensitive Information that is Transmitted Across Networks: NIST Guidance for Selecting and Using Transport Layer Security Implementations
ITL BulletinJune 2005NIST’s Security Configuration Checklists Program for Information Technology (IT) Products
ITL BulletinMay 2005Recommended Security Controls for Federal Information Systems: Guidance for Selecting Cost-Effective Controls Using a Risk-Based Process
ITL BulletinMarch 2005Personal Identity Verification (PIV) of Federal Employees and Contractors: Federal Information Processing Standard (FIPS) 201 Approved by the Secretary of Commerce
ITL BulletinAugust 2004Electronic Authentication: Guidance for Selecting Secure Techniques
ITL BulletinJuly 2004Guide for Mapping Types of Information and Information Systems to Security Categories
ITL BulletinMay 2004Guide for the Security Certification and Accreditation of Federal Information Systems
ITL BulletinJan 2004Computer Security Incidents: Assessing, Managing, and Controlling the Risks
  Withdrawn: Jan 01, 1900
ITL BulletinDecember 2003Security Considerations in the Information System Development Life Cycle
ITL BulletinNovember 2003Network Security Testing
ITL BulletinAugust 2003IT Security Metrics
ITL BulletinJune 2003ASSET: Security Assessment Tool for Federal Agencies
ITL BulletinMarch 2003Security for Wireless Networks and Devices
ITL BulletinJanuary 2003Security of Electronic Mail
ITL BulletinDecember 2002Security of Public Web Servers
ITL BulletinNovember 2002Security for Telecommuting and Broadband Communication
ITL BulletinOctober 2002Security Patches and the CVE Vulnerability Naming Scheme: Tools to Address Computer System Vulnerabilities
ITL BulletinSeptember 2002Cryptographic Standards and Guidelines: A Status Report
ITL BulletinJuly 2002Overview: The Government Smart Card Interoperability Specification
ITL BulletinJune 2002Contingency Planning Guide for Information Technology Systems
ITL BulletinFebruary 2002Risk Management Guidance for Information Technology Systems
ITL BulletinJan 2002Guidelines on Firewalls and Firewall Policy
  Withdrawn: Jan 01, 1900
ITL BulletinNovember 2001Computer Forensics Guidance
ITL BulletinSeptember 2001Security Self-Assessment Guide for Information Technology Systems
ITL BulletinJul 2001A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
  Withdrawn: Jan 01, 1900
ITL BulletinJune 2001Engineering Principles for Information Technology Security
ITL BulletinMay 2001Biometrics - Technologies for Highly Secure Personal Authentication
ITL BulletinMarch 2001An Introduction to IPsec (Internet Protocol Security)
ITL BulletinDecember 2000A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
ITL BulletinOctober 2000An Overview of the Common Criteria Evaluation and Validation Scheme
ITL BulletinAugust 2000Security for Private Branch Exchange Systems
ITL BulletinJuly 2000Identifying Critical Patches with ICAT
ITL BulletinJune 2000Mitigating Emerging Hacker Threats
ITL BulletinMarch 2000Security Implications of Active Content
ITL BulletinFeb 2000Guideline for Implementing Cryptography in the Federal Government
  Withdrawn: Jan 01, 1900
ITL BulletinDec 1999Operating System Security: Adding to the Arsenal of Security Techniques
  Withdrawn: Jan 01, 1900
ITL BulletinNovember 1999Acquiring and Deploying Intrusion Detection Systems
ITL BulletinSeptember 1999Securing Web Servers
ITL BulletinAugust 1999The Advanced Encryption Standard (AES): A Status Report
ITL BulletinMay 1999Computer Attacks: What They are and how to Defend Against Them
ITL BulletinApr 1999Guide for Developing Security Plans for Information Technology Systems
  Withdrawn: Jan 01, 1900
ITL BulletinFebruary 1999Enhancements to Data Encryption and Digital Signature Federal Standards
ITL BulletinJanuary 1999Secure Web-Based Access to High Performance Computing Resources
ITL BulletinNovember 1998Common Criteria: Launching the International Standard
ITL BulletinSeptember 1998Cryptography Standards and Infrastructures for the Twenty-First Century
ITL BulletinJune 1998Training for Information Technology Security: Evaluating the Effectiveness of Results-Based Learning
ITL BulletinApr 1998Training Requirements for Information Technology Security: An Introduction to Results-Based Learning
  Withdrawn: Jan 01, 1900
ITL BulletinMarch 1998Management of Risks in Information Systems: Practices of Successful Organizations
ITL BulletinFebruary 1998Information Security and the World Wide Web (WWW)
ITL BulletinNovember 1997Internet Electronic Mail
ITL BulletinJul 1997Public Key Infrastructure Technology
  Withdrawn: Jan 01, 1900
ITL BulletinApr 1997Security Considerations in Computer Support and Operations
  Withdrawn: Jan 01, 1900
ITL BulletinMar 1997Audit Trails
  Withdrawn: Jan 01, 1900
ITL BulletinFeb 1997Advanced Encryption Standard (AES)
  Withdrawn: Jan 01, 1900
ITL BulletinJan 1997Security Issues for Telecommuting
  Withdrawn: Jan 01, 1900
ITL BulletinOct 1996Generally Accepted System Security Principles (GSSPs): Guidance on Securing Information Technology (IT) Systems
  Withdrawn: Jan 01, 1900
ITL BulletinAug 1996Implementation Issues for Cryptography
  Withdrawn: Jan 01, 1900
ITL BulletinJun 1996Information Security Policies for Changing Information Technology Environments
  Withdrawn: Jan 01, 1900
ITL BulletinMay 1996The World Wide Web: Managing Security Risks
  Withdrawn: Jan 01, 1900
ITL BulletinFeb 1996Human/Computer Interface Security Issues
  Withdrawn: Jan 01, 1900
ITL BulletinAug 1995FIPS 140-1: A Framework for Cryptographic Standards
  Withdrawn: Jan 01, 1900
ITL BulletinFeb 1995The Data Encryption Standard (DES): an Update
  Withdrawn: Jan 01, 1900
ITL BulletinMay 1994Reducing the Risks of Internet Connection and Use
  Withdrawn: Jan 01, 1900
ITL BulletinMar 1994Threats to Computer Systems: an Overview
  Withdrawn: Jan 01, 1900
ITL BulletinAug 1993Security Program Management
  Withdrawn: Jan 01, 1900
ITL BulletinJul 1993Connecting to the Internet: Security Considerations
  Withdrawn: Jan 01, 1900
ITL BulletinMar 1993Guidance on the Legality of Keystroke Monitoring
  Withdrawn: Jan 01, 1900
ITL BulletinNov 1992Sensitivity of Information
  Withdrawn: Jan 01, 1900
ITL BulletinMar 1992An Introduction to Secure Telephone Terminals
  Withdrawn: Jan 01, 1900
ITL BulletinFeb 1992Establishing a Computer Security Incident Handling Capability
  Withdrawn: Jan 01, 1900
ITL BulletinNov 1991Advanced Authentication Technology
  Withdrawn: Jan 01, 1900
ITL BulletinFeb 1991Computer Security Roles of NIST and NSA
  Withdrawn: Jan 01, 1900
ITL BulletinAug 1990Computer Virus Attacks
  Withdrawn: Jan 01, 1900
Back to Top