NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Search the fulltext of NIST's computer security publications:

  Advanced Search

govdelivery bubble icon Sign Up for Email Alerts from NIST's Computer Security Division:

NISTIRs

NIST Interagency or Internal Reports (NISTIRs) describe research of a technical nature of interest to a specialized audience. The series includes interim or final reports on work performed by NIST for outside sponsors (both government and nongovernment). NISTIRs may also report results of NIST projects of transitory or limited interest, including those that will be published subsequently in more comprehensive form.

[Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.]

NumberDateTitle
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 8018 
(Draft)
July 29, 2014DRAFT Public Safety Mobile Application Security Requirements Workshop Summary
Announcement and Draft Publication
NIST IR 8014 
(Draft)
July 15, 2014DRAFT Considerations for Identity Management in Public Safety Mobile Networks
Announcement and Draft Publication
NIST IR 8006 
(Draft)
Jun. 23, 2014DRAFT NIST Cloud Computing Forensic Science Challenges
Announcement and Draft Publication
NIST IR 7987May 2014Policy Machine: Features, Architecture, and Specification
NISTIR 7987 FAQ
doi:10.6028/NIST.IR.7987 [Direct Link]
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7977 
(Draft)
Feb. 18, 2014DRAFT NIST Cryptographic Standards and Guidelines Development Process
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7957Aug. 2013Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2011 NIEM XML Encoded Transactions
NISTIR 7957 FAQ
doi:10.6028/NIST.IR.7957 [Direct Link]
NIST IR 7956Sep 2013Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link]
NIST IR 7946Apr. 2014CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link]
NIST IR 7933May 2013Requirements and Conformance Test Assertions for ANSI/NIST-ITL 1-2011 Record Type 18 - DNA Record
NISTIR 7933 FAQ
doi:10.6028/NIST.IR.7933 [Direct Link]
NIST IR 7924 
(Draft)
May 29, 2014DRAFT Reference Certificate Policy (Second Draft)
Announcement and Draft Publication
NIST IR 7916Feb 2013Proceedings of the Cybersecurity in Cyber-Physical Systems Workshop, April 23-24, 2012
NISTIR 7916 FAQ
doi:10.6028/NIST.IR.7916 [Direct Link]
NIST IR 7904 
(Draft)
Dec. 21, 2012DRAFT Trusted Geolocation in the Cloud: Proof of Concept Implementation
Announcement and Draft Publication
NIST IR 7896Nov 2012Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7896 FAQ
doi:10.6028/NIST.IR.7896 [Direct Link]
NIST IR 7878Oct 2012Combinatorial Coverage Measurement
NISTIR 7878 FAQ
doi:10.6028/NIST.IR.7878 [Direct Link]
NIST IR 7877Sep 2012BioCTS 2012: Advanced Conformance Test Architectures and Test Suites for Biometric Data Interchange Formats and Biometric Information Records
NISTIR 7877 FAQ
doi:10.6028/NIST.IR.7877 [Direct Link]
NIST IR 7874Sep 2012Guidelines for Access Control System Evaluation Metrics
NISTIR 7874 FAQ
doi:10.6028/NIST.IR.7874 [Direct Link]
NIST IR 7870Jul 2012NIST Test Personal Identity Verification (PIV) Cards
NISTIR 7870 FAQ
doi:10.6028/NIST.IR.7870 [Direct Link]
NIST IR 7864Jul 2012The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities
NISTIR 7864 FAQ
doi:10.6028/NIST.IR.7864 [Direct Link]
NIST IR 7863 
(Draft)
Dec 13, 2013DRAFT Cardholder Authentication for the PIV Digital Signature Key
Announcement and Draft Publication
NIST IR 7849Mar 2014A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7823 
(Draft)
Jul. 10, 2012DRAFT Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
Announcement and Draft Publication
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7816Mar 20122011 Computer Security Division Annual Report
Annual Report (2011)
NIST IR 7815Jul 2011Access Control for SAR Systems
NISTIR 7815
NIST IR 7806Sep 2011ANSI/NIST-ITL 1-2011 Requirements and Conformance Test Assertions
NISTIR 7806
NIST IR 7802Sep 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR 7802
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7791Jun 2011Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2007
NISTIR 7791
NIST IR 7788Aug 2011Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs
NISTIR 7788
NIST IR 7773Nov 2010An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events
NISTIR 7773
NIST IR 7771Feb 2011Conformance Test Architecture for Biometric Data Interchange Formats - Version Beta 2.0
NISTIR 7771
NIST IR 7764Feb 2011Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7764
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7751May 20112010 Computer Security Division Annual Report
Annual Report (2010)
NIST IR 7698Aug 2011Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698
NIST IR 7697Aug 2011Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697
NIST IR 7696Aug 2011Common Platform Enumeration : Name Matching Specification Version 2.3
NISTIR 7696
NIST IR 7695Aug 2011Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695
NIST IR 7694Jun 2011Specification for the Asset Reporting Format 1.1
NISTIR 7694
NIST IR 7693Jun 2011Specification for Asset Identification 1.1
NISTIR 7693
NIST IR 7692Apr 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692
NIST IR 7676Jun 2010Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
NIST IR 7669 
(Draft)
Mar. 10, 2010DRAFT Open Vulnerability Assessment Language (OVAL) Validation Program Derived Test Requirements
Announcement and Draft Publication
NIST IR 7665Mar 2010Proceedings of the Privilege Management Workshop, September 1-3, 2009
NISTIR 7665
NIST IR 7658Feb 2010Guide to SIMfill Use and Development
NISTIR 7658
NIST IR 7657Mar 2010A Report on the Privilege (Access) Management Workshop
NISTIR 7657
NIST IR 7653Mar 20102009 Computer Security Division Annual Report
Annual Report (2009)
NIST IR 7628 Rev. 1Sept. 2014Guidelines for Smart Grid Cybersecurity:
Vol. 1 - Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements
Vol. 2 - Privacy and the Smart Grid
Vol. 3 - Supportive Analyses and References

NISTIR 7628 Rev. 1, (Volume 1-3) FAQ
doi:10.6028/NIST.IR.7628r1 [Direct Link]
NIST IR 7622Oct 2012Notional Supply Chain Risk Management Practices for Federal Information Systems
NISTIR 7622 FAQ
doi:10.6028/NIST.IR.7622 [Direct Link]
NIST IR 7621Oct 2009Small Business Information Security: The Fundamentals
NISTIR 7621
NIST IR 7620Sep 2009Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7620
NIST IR 7617Oct 2009Mobile Forensic Reference Materials: A Methodology and Reification
NISTIR 7617
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7609Jan 2010Cryptographic Key Management Workshop Summary
NISTIR 7609
NIST IR 7601Aug 2010Framework for Emergency Response Officials (ERO)
NISTIR 7601
NIST IR 7581Sep 2009System and Network Security Acronyms and Abbreviations
NISTIR 7581
NIST IR 7564Apr 2009Directions in Security Metrics Research
NISTIR 7564
NIST IR 7559Jun 2010Forensics Web Services (FWS)
NISTIR 7559
NIST IR 7539Dec 2008Symmetric Key Injection onto Smart Cards
NISTIR 7539
NIST IR 7536Mar 20092008 Computer Security Division Annual Report
Annual Report (2008)
NIST IR 7516Aug 2008Forensic Filtering of Cell Phone Protocols
NISTIR 7516
NIST IR 7511 Rev. 3Jan 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
NISTIR 7511 Rev. 3 (including updates as of 07-11-2013) FAQ
doi:10.6028/NIST.IR.7511 [Direct Link]
NIST IR 7502Dec 2010The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
NISTIR 7502
NIST IR 7497Sep 2010Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7442Apr 20082007 Computer Security Division Annual Report
Annual Report (2007)
NIST IR 7435Aug 2007The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems
NISTIR 7435
NIST IR 7427Sep 20076th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427
NIST IR 7399Mar 20072006 Computer Security Division Annual Report
Annual Report (2006)
NIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,
NISTIR 7387
NIST IR 7359Jan 2007Information Security Guide For Government Executives
NISTIR 7359
Booklet
NIST IR 7358Jan 2007Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358
NIST IR 7337Aug 2006Personal Identity Verification Demonstration Summary
NISTIR 7337
NIST IR 7316Sep 2006Assessment of Access Control Systems
NISTIR 7316
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313
NIST IR 7298 Rev. 2May 2013Glossary of Key Information Security Terms
NISTIR 7298 Rev. 2 FAQ
doi:10.6028/NIST.IR.7298r2 [Direct Link]
NIST IR 7290Mar 2006Fingerprint Identification and Mobile Handheld Devices: Overview and Implementation
NISTIR 7290
NIST IR 7285Feb 20062005 Computer Security Division Annual Report
Annual Report (2005)
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
NIST IR 7275 Rev. 4Sep 2011Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4
NISTIR 7275 Rev. 4 (03-2012 update)
NISTIR 7275 Rev. 4 (03-2012 update - markup)
NIST IR 7275 Rev. 3Jan 2008Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3
NIST IR 7250Oct 2005Cell Phone Forensic Tools: An Overview and Analysis
NISTIR 7250
NIST IR 7224Aug 20054th Annual PKI R&D Workshop: Multiple Paths to Trust Proceedings
NISTIR 7224
NIST IR 7219Apr 20052004 Computer Security Division Annual Report
Annual Report (2004)
NIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementation
NISTIR 7206
NIST IR 7200Jun 2005Proximity Beacons and Mobile Handheld Devices: Overview and Implementation
NISTIR 7200
NIST IR 7111Apr 20042003 Computer Security Division Annual Report
Annual Report (2003)
NIST IR 7100Aug 2004PDA Forensic Tools: An Overview and Analysis
NISTIR 7100
NIST IR 7056Mar 2004Card Technology Development and Gap Analysis Interagency Report
NISTIR 7056
NIST IR 7046Aug 2003A Framework for Multi-Mode Authentication: Overview and Implementation Guide
NISTIR 7046
NIST IR 7030Jul 2003Picture Password: A Visual Login Technique for Mobile Devices
NISTIR 7030
NIST IR 7007Jun 2003An Overview of Issues in Testing Intrusion Detection Systems
NISTIR 7007
NIST IR 6985Apr 2003COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP)
NISTIR 6985
NIST IR 6981Apr 2003Policy Expression and Enforcement for Handheld Devices
NISTIR 6981
NIST IR 6887Jul 2003Government Smart Card Interoperability Specification
NISTIR 6887
NIST IR 6529 AApr 2004Common Biometric Exchange Formats Framework (CBEFF)
NISTIR 6529A
NIST IR 6483Mar 2000Randomness Testing of the Advanced Encryption Standard Finalist Candidates
NISTIR 6483
NIST IR 6462Dec 1999CSPP - Guidance for COTS Security Protection Profiles
NISTIR 6462
NIST IR 6416Oct 1999Applying Mobile Agents to Intrusion Detection and Response
NISTIR 6416
NIST IR 6390Sep 1999Randomness Testing of the Advanced Encryption Standard Candidate Algorithms
NISTIR 6390
NIST IR 6192July 1998A Revised Model for Role-Based Access Control
NISTIR 6192
Citation Page for NISTIR 6192
NIST IR 5820April 1996Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications
NISTIR 5820
NIST IR 54951994Computer Security Training & Awareness Course Compendium
NISTIR 5495
NIST IR 5472Mar 1994A Head Start on Assurance Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness
NISTIR 5472
NIST IR 5308Dec 1993General Procedures for Registering Computer Security Objects
NISTIR 5308
NIST IR 5153Mar 1993Minimum Security Requirements for Multi-User Operating Systems
NISTIR 5153
NIST IR 4976Nov 1992Assessing Federal and Commercial Information Security Needs
NISTIR 4976
NIST IR 4939Oct 1992Threat Assessment of Malicious Code and External Attacks
NISTIR 4939 (HTML)
NISTIR 4939 (TXT)
NIST IR 4749Jun 1992Sample Statements of Work for Federal Computer Security Services: For use In-House or Contracting Out
NISTIR 4749
NIST IR 4734Feb 1992Foundations of a Security Policy for use of the National Research and Educational Network
NISTIR 4734
Back to Top