Subscribe to the CSRC Publications Mailing List

	Click Here to download the "Guide to NIST Information Security Documents." Updated: August 2009 Posted: December 2009
NOTE: Categories in the Families, Topic Clusters, and Legal Requirements listings are from the "Guide to NIST Information Security Documents.*"

Publications

Special Publications (800 Series)

Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Special Publications

Number	Date	Title
SP 800-155	Dec. 8, 2011	DRAFT BIOS Integrity Measurement Guidelines draft-SP800-155_Dec2011.pdf
SP 800-153	Sept. 26, 2011	DRAFT Guidelines for Securing Wireless Local Area Networks (WLANs) Draft-SP800-153.pdf
SP 800-147	Apr. 2011	Basic Input/Output System (BIOS) Protection Guidelines NIST-SP800-147-April2011.pdf
SP 800-146	May 12, 2011	DRAFT Cloud Computing Synopsis and Recommendations Draft-NIST-SP800-146.pdf
SP 800-145	Sept. 2011	A NIST Definition of Cloud Computing SP800-145.pdf
SP 800-144	Dec. 2011	Guidelines on Security and Privacy in Public Cloud Computing SP800-144.pdf
SP 800-142	Oct. 2010	Practical Combinatorial Testing SP800-142-101006.pdf
SP 800-137	Sept. 2011	Information Security Continuous Monitoring for Federal Information Systems and Organizations SP800-137-Final.pdf
SP 800-135 Rev. 1	Dec. 2011	Recommendation for Existing Application-Specific Key Derivation Functions sp800-135-rev1.pdf
SP 800-133	Aug. 1, 2011	DRAFT Recommendation for Cryptographic Key Generation Draft-SP-800-133_Key-Generation.pdf
SP 800-132	Dec. 2010	Recommendation for Password-Based Key Derivation Part 1: Storage Applications nist-sp800-132.pdf
SP 800-131 C	Feb. 10, 2011	DRAFT Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 draft-SP800-131C_February2011.pdf
		Comments-Received_draft-SP-800-131C.pdf
SP 800-131 B	Feb. 10, 2011	DRAFT Transitions: Validation of Transitioning Cryptographic Algorithm and Key Lengths draft-SP800-131B_February2011.pdf
		Comments-Received_draft-SP800-131B.pdf
SP 800-131 A	Jan. 2011	Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths sp800-131A.pdf
SP 800-130	Jun. 16, 2010	DRAFT A Framework for Designing Cryptographic Key Management Systems draft-sp800-130_june2010.pdf
		comments-received-draft-sp800-130.pdf
SP 800-128	Aug. 2011	Guide for Security-Focused Configuration Management of Information Systems sp800-128.pdf
SP 800-127	Sept. 2010	Guide to Securing WiMAX Wireless Communications sp800-127.pdf
SP 800-126 Rev. 2	Sept. 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 SP800-126r2.pdf
SP 800-126 Rev. 1	Feb. 2011	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1 SP800-126r1.pdf
SP 800-126	Nov. 2009	The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0 sp800-126.pdf
SP 800-125	Jan. 2011	Guide to Security for Full Virtualization Technologies SP800-125-final.pdf
SP 800-124	Oct 2008	Guidelines on Cell Phone and PDA Security SP800-124.pdf
SP 800-123	Jul 2008	Guide to General Server Security SP800-123.pdf
SP 800-122	Apr. 2010	Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) sp800-122.pdf
SP 800-121 Rev. 1	Sept. 27, 2011	DRAFT Guide to Bluetooth Security Draft-SP800-121_Rev1.pdf
SP 800-121	Sept 2008	Guide to Bluetooth Security SP800-121.pdf
		SP800-121_pdf.zip
SP 800-120	Sept. 2009	Recommendation for EAP Methods Used in Wireless Network Access Authentication sp800-120.pdf
SP 800-119	Dec. 2010	Guidelines for the Secure Deployment of IPv6 sp800-119.pdf
SP 800-118	Apr. 21, 2009	DRAFT Guide to Enterprise Password Management draft-sp800-118.pdf
SP 800-117 Rev. 1	Jan. 6, 2012	DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2 Draft-SP800-117-r1.pdf
SP 800-117	July 2010	Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 sp800-117.pdf
SP 800-116	Nov 2008	A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) SP800-116.pdf
SP 800-115	Sept 2008	Technical Guide to Information Security Testing and Assessment SP800-115.pdf
SP 800-114	Nov 2007	User's Guide to Securing External Devices for Telework and Remote Access SP800-114.pdf
SP 800-113	Jul 2008	Guide to SSL VPNs SP800-113.pdf
		SP800-113_pdf.zip
SP 800-111	Nov 2007	Guide to Storage Encryption Technologies for End User Devices SP800-111.pdf
SP 800-108	Oct. 2009	Recommendation for Key Derivation Using Pseudorandom Functions sp800-108.pdf
SP 800-107 Revised	Sept. 14, 2011	DRAFT Recommendation for Applications Using Approved Hash Algorithms Draft_Revised_SP800-107.pdf
SP 800-107	Feb. 2009	Recommendation for Applications Using Approved Hash Algorithms NIST-SP-800-107.pdf
SP 800-106	Feb. 2009	Randomized Hashing for Digital Signatures NIST-SP-800-106.pdf
SP 800-104	Jun 2007	A Scheme for PIV Visual Card Topography SP800-104-June29_2007-final.pdf
SP 800-103	Oct 6, 2006	DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation sp800-103-draft.pdf
		draft-sp800-103.zip
SP 800-102	Sept. 2009	Recommendation for Digital Signature Timeliness sp800-102.pdf
SP 800-101	May 2007	Guidelines on Cell Phone Forensics SP800-101.pdf
SP 800-100	Oct 2006	Information Security Handbook: A Guide for Managers SP800-100-Mar07-2007.pdf
SP 800-98	Apr 2007	Guidelines for Securing Radio Frequency Identification (RFID) Systems SP800-98_RFID-2007.pdf
SP 800-97	Feb 2007	Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP800-97.pdf
SP 800-96	Sep 2006	PIV Card to Reader Interoperability Guidelines SP800-96-091106.pdf
SP 800-95	Aug 2007	Guide to Secure Web Services SP800-95.pdf
		SP800-95_pdf.zip
SP 800-94	Feb 2007	Guide to Intrusion Detection and Prevention Systems (IDPS) SP800-94.pdf
SP 800-92	Sep 2006	Guide to Computer Security Log Management SP800-92.pdf
SP 800-90 A	Jan. 2012	Recommendation for Random Number Generation Using Deterministic Random Bit Generators SP800-90A.pdf
SP 800-89	Nov 2006	Recommendation for Obtaining Assurances for Digital Signature Applications SP-800-89_November2006.pdf
SP 800-88	Sep 2006	Guidelines for Media Sanitization NISTSP800-88_rev1.pdf
SP 800-87 Rev 1	Apr 2008	Codes for Identification of Federal and Federally-Assisted Organizations SP800-87_Rev1-April2008Final.pdf
SP 800-86	Aug 2006	Guide to Integrating Forensic Techniques into Incident Response SP800-86.pdf
		SP800-86-pdf.zip
SP 800-85 B-1	Sept. 11, 2009	DRAFT PIV Data Model Conformance Test Guidelines draft-sp800-85B-1.pdf
		sp800-85B_Change_Summary.pdf
		Comment-Template_sp800-85B-1.xls
SP 800-85 B	Jul 2006	PIV Data Model Test Guidelines SP800-85b-072406-final.pdf
SP 800-85 A-2	July 2010	PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 Compliance) sp800-85A-2-final.pdf
SP 800-84	Sep 2006	Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP800-84.pdf
SP 800-83	Nov 2005	Guide to Malware Incident Prevention and Handling SP800-83.pdf
SP 800-82	Jun. 2011	Guide to Industrial Control Systems (ICS) Security SP800-82-final.pdf
SP 800-81 Rev. 1	Apr. 2010	Secure Domain Name System (DNS) Deployment Guide sp-800-81r1.pdf
SP 800-79 -1	Jun 2008	Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's) SP800-79-1.pdf
SP 800-78 -3	Dec. 2010	Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV) sp800-78-3.pdf
SP 800-77	Dec 2005	Guide to IPsec VPNs sp800-77.pdf
		sp800-77pdf.zip
SP 800-76 -2	Apr. 18, 2011	DRAFT Biometric Data Specification for Personal Identity Verification Draft_SP800-76-2.pdf
		comments-template-for_draft-sp800-76-2.doc
SP 800-76 -1	Jan 2007	Biometric Data Specification for Personal Identity Verification SP800-76-1_012407.pdf
SP 800-73 -3	Feb. 2010	Interfaces for Personal Identity Verification (4 Parts) Pt. 1- End Point PIV Card Application Namespace, Data Model & Representation Pt. 2- PIV Card Application Card Command Interface Pt. 3- PIV Client Application Programming Interface Pt. 4- The PIV Transitional Interfaces & Data Model Specification sp800-73-3_PART1_piv-card-applic-namespace-date-model-rep.pdf
		sp800-73-3_PART2_piv-card-applic-card-common-interface.pdf
		sp800-73-3_PART3_piv-client-applic-programming-interface.pdf
		sp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdf
SP 800-72	Nov 2004	Guidelines on PDA Forensics sp800-72.pdf
SP 800-70 Rev. 2	Feb. 2011	National Checklist Program for IT Products: Guidelines for Checklist Users and Developers SP800-70-rev2.pdf
SP 800-69	Sep 2006	Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist guidance_WinXP_Home.html
SP 800-68 Rev. 1	Oct. 2008	Guide to Securing Microsoft Windows XP Systems for IT Professionals download_WinXP.html
SP 800-67 Rev. 1	Jan. 2012	Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP-800-67-Rev1.pdf
SP 800-66 Rev 1	Oct 2008	An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule SP-800-66-Revision1.pdf
SP 800-65 Rev. 1	July 14, 2009	DRAFT Recommendations for Integrating Information Security into the Capital Planning and Investment Control Process (CPIC) draft-sp800-65rev1.pdf
SP 800-65	Jan 2005	Integrating IT Security into the Capital Planning and Investment Control Process SP-800-65-Final.pdf
		SP-800-65-Final.zip
SP 800-64 Rev. 2	Oct 2008	Security Considerations in the System Development Life Cycle SP800-64-Revision2.pdf
SP 800-63 Rev. 1	Dec. 2011	Electronic Authentication Guideline SP-800-63-1.pdf
SP 800-63 Version 1.0.2	Apr 2006	Electronic Authentication Guideline SP800-63V1_0_2.pdf
SP 800-61 Rev. 2	Jan. 31, 2012	DRAFT Computer Security Incident Handling Guide draft-sp800-61rev2.pdf
SP 800-61 Rev. 1	Mar 2008	Computer Security Incident Handling Guide SP800-61rev1.pdf
SP 800-60 Rev. 1	Aug 2008	Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes) - Volume 1: Guide Volume 2: Appendices SP800-60_Vol1-Rev1.pdf
		SP800-60_Vol2-Rev1.pdf
SP 800-59	Aug 2003	Guideline for Identifying an Information System as a National Security System SP800-59.pdf
		sp800-59.zip
SP 800-58	Jan 2005	Security Considerations for Voice Over IP Systems SP800-58-final.pdf
		SP800-58.zip
SP 800-57 Part 1	May 6, 2011	DRAFT Recommendation for Key Management: Part 1: General Draft_SP800-57-Part1-Rev3_May2011.pdf
		comments-received_draft-SP800-57-1.pdf
SP 800-57	Mar 2007	Recommendation for Key Management sp800-57-Part1-revised2_Mar08-2007.pdf
		SP800-57-Part2.pdf
		sp800-57_PART3_key-management_Dec2009.pdf
SP 800-56 C	Nov. 2011	Recommendation for Key Derivation through Extraction-then-Expansion SP-800-56C.pdf
SP 800-56 B	Aug. 2009	Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography sp800-56B.pdf
SP 800-56 A	Mar 2007	Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography SP800-56A_Revision1_Mar08-2007.pdf
SP 800-55 Rev. 1	Jul 2008	Performance Measurement Guide for Information Security SP800-55-rev1.pdf
SP 800-54	Jul 2007	Border Gateway Protocol Security SP800-54.pdf
SP 800-53 Appendix J	July 19, 2011	DRAFT Privacy Control Catalog IPDraft_800-53-privacy-appendix-J.pdf
SP 800-53 Rev. 3	Aug 2009	Recommended Security Controls for Federal Information Systems and Organizations (Errata as of May 1, 2010) sp800-53-rev3-final_updated-errata_05-01-2010.pdf
		sp-800-53-rev3_database-beta.html
		800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf
		800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf
		800-53-rev3-Annex1_updated_may-01-2010.pdf
		800-53-rev3-Annex2_updated_may-01-2010.pdf
		800-53-rev3-Annex3_updated_may-01-2010.pdf
		SP_800-53_Rev-3_database-R1.4.1-BETA.zip
SP 800-53 A Rev. 1	Jun. 2010	Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans sp800-53A-rev1-final.pdf
SP 800-53 A	Jul 2008	Guide for Assessing the Security Controls in Federal Information Systems SP800-53A-final-sz.pdf
		SP800-53A.zip
		assessment-cases-overview.html
SP 800-52	Jun 2005	Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations SP800-52.pdf
SP 800-51 Rev. 1	Feb. 2011	Guide to Using Vulnerability Naming Schemes SP800-51rev1.pdf
SP 800-50	Oct 2003	Building an Information Technology Security Awareness and Training Program NIST-SP800-50.pdf
		NIST-SP800-50.zip
SP 800-49	Nov 2002	Federal S/MIME V3 Client Profile sp800-49.pdf
		sp800-49.zip
SP 800-48 Rev. 1	Jul 2008	Guide to Securing Legacy IEEE 802.11 Wireless Networks SP800-48r1.pdf
SP 800-47	Aug 2002	Security Guide for Interconnecting Information Technology Systems sp800-47.pdf
		sp800-47.zip
SP 800-46 Rev. 1	Jun. 2009	Guide to Enterprise Telework and Remote Access Security sp800-46r1.pdf
SP 800-45 Version 2	Feb 2007	Guidelines on Electronic Mail Security SP800-45v2.pdf
SP 800-44 Version 2	Sep 2007	Guidelines on Securing Public Web Servers SP800-44v2.pdf
		SP800-44v2.pdf.zip
SP 800-43	Nov 2002	Systems Administration Guidance for Windows 2000 Professional System guidance_W2Kpro.html
SP 800-41 Rev. 1	Sept. 2009	Guidelines on Firewalls and Firewall Policy sp800-41-rev1.pdf
SP 800-40 Version 2.0	Nov 2005	Creating a Patch and Vulnerability Management Program SP800-40v2.pdf
SP 800-39	Mar. 2011	Managing Information Security Risk: Organization, Mission, and Information System View SP800-39-final.pdf
SP 800-38 F	Aug. 11, 2011	DRAFT Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping Draft-SP800-38F_Aug2011.pdf
SP 800-38 A	Dec 2001	Recommendation for Block Cipher Modes of Operation - Methods and Techniques sp800-38a.pdf
SP 800-38 A - Addendum	Oct. 2010	Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode addendum-to-nist_sp800-38A.pdf
SP 800-38 B	May 2005	Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication SP_800-38B.pdf
		Updated_CMAC_Examples.pdf
SP 800-38 C	May 2004	Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality SP800-38C_updated-July20_2007.pdf
SP 800-38 D	Nov 2007	Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC SP-800-38D.pdf
SP 800-38 E	Jan. 2010	Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices nist-sp-800-38E.pdf
SP 800-37 Rev. 1	Feb. 2010	Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach sp800-37-rev1-final.pdf
		sp800-37-rev1_markup-copy_final.pdf
SP 800-36	Oct 2003	Guide to Selecting Information Technology Security Products NIST-SP800-36.pdf
		NIST-SP800-36.zip
SP 800-35	Oct 2003	Guide to Information Technology Security Services NIST-SP800-35.pdf
		NIST-SP800-35.zip
SP 800-34 Rev. 1	May 2010	Contingency Planning Guide for Federal Information Systems (Errata Page - Nov. 11, 2010) sp800-34-rev1_errata-Nov11-2010.pdf
SP 800-33	Dec 2001	Underlying Technical Models for Information Technology Security sp800-33.pdf
SP 800-32	Feb 2001	Introduction to Public Key Technology and the Federal PKI Infrastructure sp800-32.pdf
SP 800-30 Rev. 1	Sept. 19, 2011	DRAFT Guide for Conducting Risk Assessments SP800-30-Rev1-ipd.pdf
SP 800-30	Jul 2002	Risk Management Guide for Information Technology Systems sp800-30.pdf
SP 800-29	Jun 2001	A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 sp800-29.pdf
SP 800-28 Version 2	Mar 2008	Guidelines on Active Content and Mobile Code SP800-28v2.pdf
SP 800-27 Rev. A	Jun 2004	Engineering Principles for Information Technology Security (A Baseline for Achieving Security) SP800-27-RevA.pdf
SP 800-25	Oct 2000	Federal Agency Use of Public Key Technology for Digital Signatures and Authentication sp800-25.pdf
		sp800-25.doc
SP 800-24	Aug 2000	PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does sp800-24pbx.pdf
SP 800-23	Aug 2000	Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products sp800-23.pdf
		sp800-23.zip
SP 800-22 Rev. 1a	Apr. 2010	A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications SP800-22rev1a.pdf
		sp800-22rev1a.zip
SP 800-21 2nd edition	Dec 2005	Guideline for Implementing Cryptography in the Federal Government sp800-21-1_Dec2005.pdf
SP 800-20	Oct 1999	Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures 800-20.pdf
SP 800-19	Oct 1999	Mobile Agent Security sp800-19.pdf
SP 800-18 Rev.1	Feb 2006	Guide for Developing Security Plans for Federal Information Systems sp800-18-Rev1-final.pdf
SP 800-17	Feb 1998	Modes of Operation Validation System (MOVS): Requirements and Procedures 800-17.pdf
SP 800-16 Rev. 1	Mar. 20, 2009	DRAFT Information Security Training Requirements: A Role- and Performance-Based Model Draft-SP800-16-Rev1.pdf
SP 800-16	Apr 1998	Information Technology Security Training Requirements: A Role- and Performance-Based Model 800-16.pdf
		AppendixA-D.pdf
		Appendix_E.pdf
SP 800-15 Version 1	Sep 1997	MISPC Minimum Interoperability Specification for PKI Components SP800-15.PDF
		mispcv1.doc
		mispcv1.ps
SP 800-14	Sep 1996	Generally Accepted Principles and Practices for Securing Information Technology Systems 800-14.pdf
		800-14.ps
		800-14.wpd
SP 800-13	Oct 1995	Telecommunications Security Guidelines for Telecommunications Management Network sp800-13.pdf
SP 800-12	Oct 1995	An Introduction to Computer Security: The NIST Handbook handbook.pdf
		index.html
		800-12_1.ps
		800-12_2.ps
		800-12_3.ps
		800-12_4.ps
		800-12_5.ps

NIST, Computer Security Division, Computer Security Resource Center

Category types

NIST Information Security Document Categories

Publications

Special Publications (800 Series)