NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Archived Special Publications
(500 & 800 Series)

Below is a list of withdrawn, computer security-related NIST Special Publications (SPs), including those that have been revised or superceded by a different SP.

NumberDateTitle
SP 800-135Dec 2010Recommendation for Existing Application-Specific Key Derivation Functions
  Withdrawn: Dec 2011
  Superceded By: SP 800 135 Rev. 1
SP 800-131Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes
  Withdrawn: Jan 2011
  Superceded By: SP 800 131 A
SP 800-124Oct 2008Guidelines on Cell Phone and PDA Security
  Withdrawn: Jun 2013
  Superceded By: SP 800 124 Rev. 1
SP 800-121Sep 2008Guide to Bluetooth Security
  Withdrawn: Jun 2012
  Superceded By: SP 800 121 Rev. 1
SP 800-107Feb 2009Recommendation for Applications Using Approved Hash Algorithms
  Withdrawn: Aug 2012
  Superceded By: SP 800 107 Rev. 1
SP 800-104Jun 2007A Scheme for PIV Visual Card Topography
  Withdrawn: Sept. 2014
  Superceded By: FIPS 201 -2
SP 800-101May 2007Guidelines on Cell Phone Forensics
  Withdrawn: May 2014
  Superceded By: SP 800 101 Rev.1
SP 800-90 AJan 2012Recommendation for Random Number Generation Using Deterministic Random Bit Generators
  Withdrawn: June 2015
  Superceded By: SP 800 90 A Rev.1
SP 800-90Mar 2007Recommendation for Random Number Generation Using Deterministic Random Bit Generators
  Withdrawn: Jan 2012
  Superceded By: SP 800 90 A
SP 800-90Jun 2006Recommendation for Random Number Generation Using Deterministic Random Bit Generators
  Withdrawn: Mar. 14, 2007
  Superceded By: SP 800 90
SP 800-88Sep 2006Guidelines for Media Sanitization
  Withdrawn: Dec. 2014
  Superceded By: SP 800 88 Rev. 1
SP 800-87 v1.0 (Mar. 2007)Mar 2007Codes for the Identification of Federal and Federally Assisted Organizations *
  Withdrawn: Apr 2008
  Superceded By: SP 800 87 Rev 1
SP 800-87 v1.0 (Jan. 2006)Jan 2006Codes for the Identification of Federal and Federally Assisted Organizations *
  Withdrawn: Mar 2007
  Superceded By: SP 800 87 v1.0 (Mar. 2007)
SP 800-87 v1.0Oct 2005Codes for the Identification of Federal and Federally Assisted Organizations Version 1.0
  Withdrawn: Jan. 2006
  Superceded By: SP 800 87 v1.0 (Jan. 2006)
SP 800-85 A-1Mar 2009PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-2 Compliance)
  Withdrawn: Jul 2010
  Superceded By: SP 800 85 A-2
SP 800-85 AApr 2006PIV Card Application and Middleware Interface Test Guidelines (SP800-73 compliance) *
  Withdrawn: Apr 2009
  Superceded By: SP 800 85 A-1
SP 800-85Oct 2005PIV Middleware and PIV Card Application Conformance Test Guidance (SP 800-73 Compliance) *
  Withdrawn: Apr 2006
  Superceded By: SP 800 85 A
SP 800-83Nov 2005Guide to Malware Incident Prevention and Handling
  Withdrawn: Jul 2013
  Superceded By: SP 800 83 Rev. 1
SP 800-82 Rev. 1Apr 2013Guide to Industrial Control Systems (ICS) Security
  Withdrawn: May 2015
  Superceded By: SP 800 82 Rev.2
  Archived File
SP 800-82Jun 2011Guide to Industrial Control Systems (ICS) Security
  Withdrawn: Apr 2014
  Superceded By: SP 800 82 Rev. 1
SP 800-81 Rev. 1Apr 2010Secure Domain Name System (DNS) Deployment Guide
  Withdrawn: Sept. 2013
  Superceded By: SP 800 81 -2
SP 800-81May 2006Secure Domain Name System (DNS) Deployment Guide
  Withdrawn: Aug 2010
  Superceded By: SP 800 81 Rev. 1
SP 800-79 -1Jun 2008Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
  Withdrawn: July 2015
  Superceded By: SP 800 79 2
SP 800-79Jul 2005Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations *
  Withdrawn: Jun 2008
  Superceded By: SP 800 79 -1
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
  Withdrawn: May 31, 2015
  Superceded By: SP 800 78 -4
SP 800-78 -2Feb 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
  Withdrawn: Dec 2010
  Superceded By: SP 800 78 -3
SP 800-78 -1Aug 2007 Cryptographic Algorithms and Key Sizes for Personal Identity Verification *
  Withdrawn: Feb 2010
  Superceded By: SP 800 78 -2
SP 800-78Apr 2005Cryptographic Algorithms and Key Sizes for Personal Identity Verification *
  Withdrawn: Aug 2007
  Superceded By: SP 800 78 -1
SP 800-76 -1Jan 2007Biometric Data Specification for Personal Identity Verification *
  Withdrawn: Sept. 2014
  Superceded By: SP 800 76 -2
SP 800-76Feb 2006Biometric Data Specification for Personal Identity Verification *
  Withdrawn: Jan 2007
  Superceded By: SP 800 76 -1
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification

  Withdrawn: May 31, 2015
  Superceded By: SP 800 73 -4
SP 800-73 -2Sep 2008Interfaces for Personal Identity Verification (4 parts):
1- End-Point PIV Card Application Namespace, Data Model and Representation
2- End-Point PIV Card Application Interface
3- End-Point PIV Client Application Programming Interface
4- The PIV Transitional Data Model and Interfaces

  Withdrawn: Feb 2010
  Superceded By: SP 800 73 -3
SP 800-73 -1Mar 2006Interfaces for Personal Identity Verification *
  Withdrawn: Sep 2008
  Superceded By: SP 800 73 -2
SP 800-73Apr 2005Interfaces for Personal Identity Verification *
  Withdrawn: Mar 2006
  Superceded By: SP 800 73 -1
SP 800-70 Rev. 1Sep 2009National Checklist Program for IT Products--Guidelines for Checklist Users and Developers
  Withdrawn: Feb 2011
  Superceded By: SP 800 70 Rev. 2
SP 800-70May 2005Security Configuration Checklists Program for IT Products: Guidance for Checklists Users and Developer
  Withdrawn: Sep 2009
  Superceded By: SP 800 70 Rev. 1
SP 800-68Oct 2005Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist *
  Withdrawn: Oct 2008
  Superceded By: SP 800 68 Rev. 1
SP 800-67 Version 1May 2004Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
  Withdrawn: Jan 2012
  Superceded By: SP 800 67 Rev. 1
SP 800-66Mar 2005An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule *
  Withdrawn: Oct 2008
  Superceded By: SP 800 66 Rev 1
SP 800-64 Rev.1Jun 2004Security Considerations in the Information System Development Life Cycle *
  Withdrawn: Oct 2008
  Superceded By: SP 800 64 Rev. 2
SP 800-64Oct 2003Security Considerations in the Information System Development Life Cycle *
  Withdrawn: Jun 2004
  Superceded By: SP 800 64 Rev.1
SP 800-63 -1Dec 2011Electronic Authentication Guideline
  Withdrawn: Aug 2013
  Superceded By: SP 800 63 -2
  Archived File
SP 800-63 Version 1.0.2Apr 2006Electronic Authentication Guideline
  Withdrawn: Dec 2011
  Superceded By: SP 800 63 -1
SP 800-63 Version 1.0.1Sep 2004Electronic Authentication Guideline
  Withdrawn: Apr 2006
  Superceded By: SP 800 63 Version 1.0.2
SP 800-63 Version 1.0Jun 2004Electronic Authentication Guideline *
  Withdrawn: Sep 2004
  Superceded By: SP 800 63 Version 1.0.1
SP 800-61 Rev. 1Mar 2008Computer Security Incident Handling Guide
  Withdrawn: Aug 2012
  Superceded By: SP 800 61 Rev. 2
SP 800-61Jan 2004Computer Security Incident Handling Guide *
  Withdrawn: Mar 2008
  Superceded By: SP 800 61 Rev. 1
SP 800-60 Ver. 2.0Jun 2004Guide for Mapping Types of Information and Information Systems to Security Categories *
  Withdrawn: Aug 2008
  Superceded By: SP 800 60 Rev. 1
SP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidance
  Withdrawn: Jan. 2015
  Superceded By: SP 800 57 Part 3-Rev.1
SP 800-57 Part 1 (Revised, Mar. 2007)Mar 2007Recommendation for Key Management, Part 1: General (Revised)
  Withdrawn: Jul 2012
  Superceded By: SP 800 57 Part 1-Rev. 3
SP 800-57 Part 1 (Revised, May 2006)May 2006Recommendation for Key Management, Part 1: General (Revised)
  Withdrawn: Mar 2007
  Superceded By: SP 800 57 Part 1 (Revised, Mar. 2007)
SP 800-57 Part 1Aug 2005Recommendation for Key Management, Part 1: General
  Withdrawn: May 2006
  Superceded By: SP 800 57 Part 1 (Revised, May 2006)
SP 800-56 BAug 2009Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography
  Withdrawn: Oct. 1, 2014
  Superceded By: SP 800 56 B Rev. 1
SP 800-56 A (Revised)Mar 2007Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
  Withdrawn: May 2013
  Superceded By: SP 800 56 A Rev. 2
  Archived File
SP 800-56 AMay 2006Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
  Withdrawn: Mar 2007
  Superceded By: SP 800 56 A (Revised)
SP 800-56 AMar 2006Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
  Withdrawn: May 2006
  Superceded By: SP 800 56 A
SP 800-55Jul 2003Security Metrics Guide for Information Technology Systems *
  Withdrawn: Jul 2008
  Superceded By: SP 800 55 Rev. 1
SP 800-53 A Rev.4 (12/11/14)Dec 2014Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
  Withdrawn: Dec. 18, 2014
  Superceded By: SP 800 53 A Rev.4
SP 800-53 AJul 2008Guide for Assessing the Security Controls in Federal Information Systems
  Withdrawn: Jun 2011
  Superceded By: SP 800 53 A Rev. 1
SP 800-53 Rev. 4 (1/15/14)Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
  Withdrawn: Jan. 22, 2015
  Superceded By: SP 800 53 Rev. 4
SP 800-53 Rev. 4 (5/7/13)Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
  Withdrawn: Jan. 15, 2014
  Superceded By: SP 800 53 Rev. 4 (1/15/14)
SP 800-53 Rev. 4 (Apr 2013)Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
  Withdrawn: May 7, 2013
  Superceded By: SP 800 53 Rev. 4 (5/7/13)
SP 800-53 Rev. 3 (5/1/10)Aug 2009Recommended Security Controls for Federal Information Systems and Organizations
  Withdrawn: April 30, 2014
  Superceded By: SP 800 53 Rev. 4 (Apr 2013)
SP 800-53 Rev. 3 (9/14/09)Aug 2009Recommended Security Controls for Federal Information Systems and Organizations
  Withdrawn: May 1, 2010
  Superceded By: SP 800 53 Rev. 3 (5/1/10)
SP 800-53 Rev. 3 (8/12/09)Aug 2009Recommended Security Controls for Federal Information Systems and Organizations
  Withdrawn: Sep. 14, 2009
  Superceded By: SP 800 53 Rev. 3 (9/14/09)
SP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations
  Withdrawn: Aug. 12, 2009
  Superceded By: SP 800 53 Rev. 3 (8/12/09)
SP 800-53 Rev. 2Dec 2007Recommended Security Controls for Federal Information Systems
  Withdrawn: Aug. 3, 2010
  Superceded By: SP 800 53 Rev. 3
SP 800-53 Rev. 1Dec 2006Recommended Security Controls for Federal Information Systems
  Withdrawn: Dec. 19, 2008
  Superceded By: SP 800 53 Rev. 2
SP 800-53 (6/17/05)Feb 2005Recommended Security Controls for Federal Information Systems *
  Withdrawn: Dec 2006
  Superceded By: SP 800 53 Rev. 1
SP 800-53 (4/22/05)Feb 2005Recommended Security Controls for Federal Information Systems
  Withdrawn: June 17, 2005
  Superceded By: SP 800 53 (6/17/05)
SP 800-53Feb 2005Recommended Security Controls for Federal Information Systems
  Withdrawn: Apr. 22, 2005
  Superceded By: SP 800 53 (4/22/05)
SP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
  Withdrawn: Mar. 13, 2013
  Archived File
SP 800-51Sep 2002Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
  Withdrawn: Feb 2011
  Superceded By: SP 800 51 Rev. 1
SP 800-48Nov 2002Wireless Network Security: 802.11, Bluetooth, and Handheld Devices *
  Withdrawn: Jul 2008
  Superceded By: SP 800 48 Rev. 1
SP 800-46Aug 2002Security for Telecommuting and Broadband Communications
  Withdrawn: Jun 2009
  Superceded By: SP 800 46 Rev. 1
SP 800-45Sep 2002Guidelines on Electronic Mail Security *
  Withdrawn: Feb 2007
  Superceded By: SP 800 45 Version 2
SP 800-44Sep 2002Guidelines on Securing Public Web Servers *
  Withdrawn: Sep 2007
  Superceded By: SP 800 44 Version 2
SP 800-42Oct 2003Guideline on Network Security Testing *
  Withdrawn: Sep 2008
  Superceded By: SP 800 115
SP 800-41Jan 2002Guidelines on Firewalls and Firewall Policy
  Withdrawn: Sep 2009
  Superceded By: SP 800 41 Rev. 1
SP 800-40 Version 2.0Nov 2005Creating a Patch and Vulnerability Management Program
  Withdrawn: July 2013
  Superceded By: SP 800 40 Rev. 3
  Archived File
SP 800-40Aug 2002Creating a Patch and Vulnerability Management Program *
  Withdrawn: Nov 2005
  Superceded By: SP 800 40 Version 2.0
SP 800-37May 2004Guide for the Security Certification and Accreditation of Federal Information Systems
  Withdrawn: Feb 2010
  Superceded By: SP 800 37 Rev. 1 (Feb 2010)
SP 800-34Jun 2002Contingency Planning Guide for Information Technology Systems
  Withdrawn: May 2010
  Superceded By: SP 800 34 Rev. 1
SP 800-31Aug 2001Intrusion Detection Systems *
  Withdrawn: Feb 2007
  Superceded By: SP 800 94
SP 800-30Jul 2002Risk Management Guide for Information Technology Systems
  Withdrawn: Sep 2012
  Superceded By: SP 800 30 Rev. 1
SP 800-28Oct 2001Guidelines on Active Content and Mobile Code *
  Withdrawn: Mar 2008
  Superceded By: SP 800 28 Version 2
SP 800-27Jun 2001Engineering Principles for Information Technology Security (A Baseline for Achieving Security) *
  Withdrawn: Jun 2004
  Superceded By: SP 800 27 Rev. A
SP 800-26 Rev.1Apr 2005Guide for Information Technology Security Assessments and System Reporting Form *
  Withdrawn: Feb 2007
  Superceded By: FIPS 200, SP 800-53, SP 800-53A
SP 800-26Nov 2001Security Self-Assessment Guide for Information Technology Systems *
  Withdrawn: Feb 2007
  Superceded By: FIPS 200, SP 800-53, SP 800-53A
SP 800-22May 2001A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications *
  Withdrawn: Aug 2008
  Superceded By: SP 800 22 Rev. 1
SP 800-21Nov 1999Guideline for Implementing Cryptography in the Federal Government *
  Withdrawn: Dec 2005
  Superceded By: SP 800 21 2nd edition
SP 800-18Dec 1998Guide for Developing Security Plans for Federal Information Systems *
  Withdrawn: Feb 2006
  Superceded By: SP 800 18 Rev.1
SP 800-11Feb 1995The Impact of the FCC's Open Network Architecture on NS/EP Telecommunications Security *
SP 800-10Dec 1994Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls *
SP 800-9Dec 1993Good Security Practices for Electronic Commerce, Including Electronic Data Interchange *
SP 800-8Aug 1993Security Issues in the Database Language SQL *
SP 800-7Jul 1994Security in Open Systems *
SP 800-6Dec 1992Automated Tools for Testing Computer System Vulnerability *
SP 800-5Dec 1992A Guide to the Selection of Anti-Virus Tools and Techniques *
SP 800-4Mar 1992Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiatiors, Contracting Officers, and Computer Security *
  Withdrawn: Oct 2003
  Superceded By: SP 800-64
SP 800-3Nov 1991Establishing a Computer Security Incident Response Capability (CSIRC) *
  Withdrawn: Jan 2004
  Superceded By: SP 800 61
SP 800-2Apr 1991Public-Key Cryptography *
SP 500-189Sep 1991Security in ISDN *
SP 500-174Oct 1989Guide for Selecting Automated Risk Analysis Tools *
SP 500-172Nov 1989Computer Security Training Guidelines *
  Withdrawn: Apr 1998
  Superceded By: SP 800 16 Information Technology Security Training Requirements: A Role- and Performance- Based Model
SP 500-1711989Computer Users' Guide to the Protection of Information Resources *
SP 500-1701989Management Guide to the Protection of Information Resources *
SP 500-1691989Executive Guide to the Protection of Information Resources *
SP 500-166Aug 1989Computer Viruses and Related Threats: A Management Guide *
SP 500-160Jan 1989Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS) *
SP 500-158Aug 1988Accuracy, Integrity, and Security in Computerized Vote-Tallying *
SP 500-157Sep 1988Smart Card Technology: New Methods for Computer Access Control *
SP 500-156May 1988Message Authentication Code (MAC) Validation System: Requirements and Procedures *
SP 500-153Apr 1988Guide to Auditing for Controls and Security: A System Development Life Cycle Approach *
SP 500-134Nov 1985Guide on Selecting ADP Backup Process Alternatives *
SP 500-133Oct 1985Technology Assessment: Methods for Measuring the Level of Computer Security *
SP 500-120Jan 1985Security of Personal Computer Systems: A Management Guide *
SP 500-85Jan 1982Executive Guide to ADP Contingency Planning *
SP 500-61Aug 1980Maintenance Testing for the Data Encryption Standard *
SP 500-301978Effective Use of Computing Technology in Vote-Tallying *
SP 500-27Feb 1978Computer Security and the Data Encryption Standard: Proceedings of the Conference on Computer Security and the Data Encryption Standard *
SP 500-211978Design Alternatives for Computer Network Security (Volume 1); The Network Security Center: A System Level Approach to Computer Network Security (Volume 2) *
Back to Top