NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Publications

Archived Special Publications (500 & 800 Series)

Below is a list of withdrawn, computer security-related NIST Special Publications (SPs), including those that have been revised or superceded by a different SP.

Email Patrick O'Reilly if you need to get a copy of an archived publication. Note that some of the 500 series documents are only available in hard copy and can be mailed upon request.

List of current CSD Publications (Final & Draft) (right-click to save file)

NumberDateTitle
SP 800-135Dec 2010Recommendation for Existing Application-Specific Key Derivation Functions
  Withdrawn: Dec 2011
  Superceded By: SP 800 135 Rev. 1
SP 800-131Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes
  Withdrawn: Jan 2011
  Superceded By: SP 800 131 A
SP 800-124Oct 2008Guidelines on Cell Phone and PDA Security
  Withdrawn: Jun 2013
  Superceded By: SP 800 124 Rev. 1
SP 800-121Sep 2008Guide to Bluetooth Security
  Withdrawn: Jun 2012
  Superceded By: SP 800 121 Rev. 1
SP 800-107Feb 2009Recommendation for Applications Using Approved Hash Algorithms
  Withdrawn: Aug 2012
  Superceded By: SP 800 107 Rev. 1
SP 800-90Mar 2007Recommendation for Random Number Generation Using Deterministic Random Bit Generators
  Withdrawn: Jan 2012
  Superceded By: SP 800 90 A
SP 800-87Mar 2007Codes for the Identification of Federal and Federally Assisted Organizations *
  Withdrawn: Apr 2008
  Superceded By: SP 800 87 Rev 1
SP 800-85 A-1Mar 2009PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-2 Compliance)
  Withdrawn: Jul 2010
  Superceded By: SP 800 85 A-2
SP 800-85 AApr 2006PIV Card Application and Middleware Interface Test Guidelines (SP800-73 compliance) *
  Withdrawn: Apr 2009
  Superceded By: SP 800 85 A-1
SP 800-83Nov 2005Guide to Malware Incident Prevention and Handling
  Withdrawn: Jul 2013
  Superceded By: SP 800 83 Rev. 1
SP 800-81May 2006Secure Domain Name System (DNS) Deployment Guide
  Withdrawn: Aug 2010
  Superceded By: SP 800 81 Rev. 1
SP 800-79Jul 2005Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations *
  Withdrawn: Jun 2008
  Superceded By: SP 800 79 -1
SP 800-78 -2Feb 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
  Withdrawn: Dec 2010
  Superceded By: SP 800 78 -3
SP 800-78Aug 2007Cryptographic Algorithms and Key Sizes for Personal Identity Verification *
  Withdrawn: Aug 2007
  Superceded By: SP 800 78 -2
SP 800-76Feb 2006Biometric Data Specification for Personal Identity Verification *
  Withdrawn: Jan 2007
  Superceded By: SP 800 76 -1
SP 800-73 -2Sep 2008Interfaces for Personal Identity Verification (4 parts):
1- End-Point PIV Card Application Namespace, Data Model and Representation
2- End-Point PIV Card Application Interface
3- End-Point PIV Client Application Programming Interface
4- The PIV Transitional Data Model and Interfaces

  Withdrawn: Feb 2010
  Superceded By: SP 800 73 -3
SP 800-73 -1Mar 2006Interfaces for Personal Identity Verification *
  Withdrawn: Sep 2008
  Superceded By: SP 800 73 -2
SP 800-73Apr 2005Interfaces for Personal Identity Verification *
  Withdrawn: Mar 2006
  Superceded By: SP 800 73 -1
SP 800-70 Rev. 1Sep 2009National Checklist Program for IT Products--Guidelines for Checklist Users and Developers
  Withdrawn: Feb 2011
  Superceded By: SP 800 70 Rev. 2
SP 800-70May 2005Security Configuration Checklists Program for IT Products: Guidance for Checklists Users and Developer
  Withdrawn: Sep 2009
  Superceded By: SP 800 70 Rev. 1
SP 800-68Oct 2005Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist *
  Withdrawn: Oct 2008
  Superceded By: SP 800 68 Rev. 1
SP 800-67May 2008Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
  Withdrawn: Jan 2012
  Superceded By: SP 800 67 Rev. 1
SP 800-66Mar 2005An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule *
  Withdrawn: Oct 2008
  Superceded By: SP 800 66 Rev 1
SP 800-64 Rev.1Jun 2004Security Considerations in the Information System Development Life Cycle *
  Withdrawn: Oct 2008
  Superceded By: SP 800 64 Rev. 2
SP 800-64Oct 2003Security Considerations in the Information System Development Life Cycle *
  Withdrawn: Jun 2004
  Superceded By: SP 800 64 Rev.1
SP 800-63 Version 1.0.2Apr 2006Electronic Authentication Guideline
  Withdrawn: Dec 2011
  Superceded By: SP 800 63 Rev. 1
SP 800-61 Rev. 1Mar 2008Computer Security Incident Handling Guide
  Withdrawn: Aug 2012
  Superceded By: SP 800 61 Rev. 2
SP 800-61 -1Aug 2007 Cryptographic Algorithms and Key Sizes for Personal Identity Verification *
  Withdrawn: Feb 2010
  Superceded By: SP 800 61 Rev. 2
SP 800-61Jan 2004Computer Security Incident Handling Guide *
  Withdrawn: Mar 2008
  Superceded By: SP 800 61 Rev. 1
SP 800-60Jun 2004Guide for Mapping Types of Information and Information Systems to Security Categories *
  Withdrawn: Aug 2008
  Superceded By: SP 800 60 Rev. 1
SP 800-56 AMar 2007Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
  Withdrawn: May 2013
  Superceded By: SP 800 56 A Rev. 2
SP 800-55Jul 2003Security Metrics Guide for Information Technology Systems *
  Withdrawn: Jul 2008
  Superceded By: SP 800 55 Rev. 1
SP 800-53 Rev. 1Dec 2006Recommended Security Controls for Federal Information Systems
  Withdrawn: Jul 2009
  Superceded By: SP 800 53 Rev. 2
SP 800-53Feb 2005Recommended Security Controls for Federal Information Systems *
  Withdrawn: Dec 2006
  Superceded By: SP 800 53 Rev. 1
SP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations
  Withdrawn: April 30, 2014
  Superceded By: SP 800 53 Rev. 4
  Archived File
SP 800-53 Rev. 2Dec 2007Recommended Security Controls for Federal Information Systems
  Withdrawn: Dec 2010
  Superceded By: SP 800 53 Rev. 3
SP 800-53 AJul 2008Guide for Assessing the Security Controls in Federal Information Systems
  Withdrawn: Jun 2011
  Superceded By: SP 800 53 A Rev. 1
SP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
  Withdrawn: Mar. 13, 2013
  Archived File
SP 800-51Sep 2002Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
  Withdrawn: Feb 2011
  Superceded By: SP 800 51 Rev. 1
SP 800-48Nov 2002Wireless Network Security: 802.11, Bluetooth, and Handheld Devices *
  Withdrawn: Jul 2008
  Superceded By: SP 800 48 Rev. 1
SP 800-46Aug 2002Security for Telecommuting and Broadband Communications
  Withdrawn: Jun 2009
  Superceded By: SP 800 46 Rev. 1
SP 800-45Sep 2002Guidelines on Electronic Mail Security *
  Withdrawn: Feb 2007
  Superceded By: SP 800 45 Version 2
SP 800-44Sep 2002Guidelines on Securing Public Web Servers *
  Withdrawn: Sep 2007
  Superceded By: SP 800 44 Version 2
SP 800-42Oct 2003Guideline on Network Security Testing *
  Withdrawn: Sep 2008
  Superceded By: SP 800 115
SP 800-41Jan 2002Guidelines on Firewalls and Firewall Policy
  Withdrawn: Sep 2009
  Superceded By: SP 800 41 Rev. 1
SP 800-40Aug 2002Creating a Patch and Vulnerability Management Program *
  Withdrawn: Nov 2005
  Superceded By: SP 800 40 Version 2.0
SP 800-37May 2004Guide for the Security Certification and Accreditation of Federal Information Systems
  Withdrawn: Feb 2010
  Superceded By: SP 800 37 Rev. 1
SP 800-34Jun 2002Contingency Planning Guide for Information Technology Systems
  Withdrawn: May 2010
  Superceded By: SP 800 34 Rev. 1
SP 800-31Aug 2001Intrusion Detection Systems *
  Withdrawn: Feb 2007
  Superceded By: SP 800 94
SP 800-30Jul 2002Risk Management Guide for Information Technology Systems
  Withdrawn: Sep 2012
  Superceded By: SP 800 30 Rev. 1
SP 800-28Oct 2001Guidelines on Active Content and Mobile Code *
  Withdrawn: Mar 2008
  Superceded By: SP 800 28 Version 2
SP 800-28Oct 2001Guidelines on Active Content and Mobile Code *
  Withdrawn: Mar 2008
  Superceded By: SP 800 28 Version 2
SP 800-27Jun 2001Engineering Principles for Information Technology Security (A Baseline for Achieving Security) *
  Withdrawn: Jun 2004
  Superceded By: SP 800 27 Rev. A
SP 800-26 Rev.1Apr 2005Guide for Information Technology Security Assessments and System Reporting Form *
  Withdrawn: Feb 2007
  Superceded By: FIPS 200, SP 800-53, SP 800-53A
SP 800-26Nov 2001Security Self-Assessment Guide for Information Technology Systems *
  Withdrawn: Feb 2007
  Superceded By: FIPS 200, SP 800-53, SP 800-53A
SP 800-22May 2001A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications *
  Withdrawn: Aug 2008
  Superceded By: SP 800 22 Rev. 1
SP 800-21Nov 1999Guideline for Implementing Cryptography in the Federal Government *
  Withdrawn: Dec 2005
  Superceded By: SP 800 21 2nd edition
SP 800-18Dec 1998Guide for Developing Security Plans for Federal Information Systems *
  Withdrawn: Feb 2006
  Superceded By: SP 800 18 Rev.1
SP 800-11Feb 1995The Impact of the FCC's Open Network Architecture on NS/EP Telecommunications Security *
SP 800-10Dec 1994Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls *
SP 800-9Dec 1993Good Security Practices for Electronic Commerce, Including Electronic Data Interchange *
SP 800-8Aug 1993Security Issues in the Database Language SQL *
SP 800-7Jul 1994Security in Open Systems *
SP 800-6Dec 1992Automated Tools for Testing Computer System Vulnerability *
SP 800-5Dec 1992A Guide to the Selection of Anti-Virus Tools and Techniques *
SP 800-4Mar 1992Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiatiors, Contracting Officers, and Computer Security *
  Withdrawn: Oct 2003
  Superceded By: SP 800-64
SP 800-3Nov 1991Establishing a Computer Security Incident Response Capability (CSIRC) *
  Withdrawn: Jan 2004
  Superceded By: SP 800 61
SP 800-2Apr 1991Public-Key Cryptography *
SP 500 189Sep 1991Security in ISDN *
SP 500 174Oct 1989Guide for Selecting Automated Risk Analysis Tools *
SP 500 172Nov 1989Computer Security Training Guidelines *
  Withdrawn: Apr 1998
  Superceded By: SP 800 16 Information Technology Security Training Requirements: A Role- and Performance- Based Model
SP 500 1711989Computer Users' Guide to the Protection of Information Resources *
SP 500 1701989Management Guide to the Protection of Information Resources *
SP 500 1691989Executive Guide to the Protection of Information Resources *
SP 500 166Aug 1989Computer Viruses and Related Threats: A Management Guide *
SP 500 158Aug 1988Accuracy, Integrity, and Security in Computerized Vote-Tallying *
sP 500 157Sep 1988Smart Card Technology: New Methods for Computer Access Control *
SP 500 156May 1988Message Authentication Code (MAC) Validation System: Requirements and Procedures *
SP 500 153Apr 1988Guide to Auditing for Controls and Security: A System Development Life Cycle Approach *
SP 500 134Nov 1985Guide on Selecting ADP Backup Process Alternatives *
SP 500 133Oct 1985Technology Assessment: Methods for Measuring the Level of Computer Security *
SP 500 120Jan 1985Security of Personal Computer Systems - A Management Guide *
SP 500 61Aug 1980Maintenance Testing for the Data Encryption Standard *
Back to Top