NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

NIST Special Publications (SP)

NIST uses three NIST Special Publication subseries to publish computer/cyber/information security and guidelines, recommendations and reference materials:

  • SP 800, Computer Security (December 1990-present):
    NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials
    (SP 800s are also searchable in the NIST Library Catalog);
  • SP 1800, NIST Cybersecurity Practice Guides (2015-present):
    A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity;
  • SP 500, Computer Systems Technology (January 1977-present):
    A general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL), this page lists selected SP 500s related to NIST's computer security efforts. (Prior to the SP 800 subseries, NIST used the SP 500 subseries for computer security publications; see Archived NIST SPs for a list.)

Note: Publications that link to will redirect to another NIST website. See more details about DOIs.

SP 800s - Computer Security
SP 800-184 
Jun. 6, 2016DRAFT Guide for Cybersecurity Event Recovery
Announcement and Draft Publication
SP 800-180 
Feb. 18, 2016DRAFT NIST Definition of Microservices, Application Containers and System Virtual Machines
Announcement and Draft Publication
SP 800-179 
Jun 23, 2016DRAFT Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
Announcement and Draft Publication
SP 800-178 
Dec. 2, 2015DRAFT A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
Announcement and Draft Publication
SP 800-177 
Mar. 29, 2016DRAFT Trustworthy Email (Second Draft)
Announcement and Draft Publication
SP 800-176Aug 20152014 Computer Security Division Annual Report
SP 800-176 FAQ
doi:10.6028/NIST.SP.800-176 [Direct Link]
SP 800-175 A 
Apr. 5, 2016DRAFT Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
Announcement and Draft Publication
SP 800-175 B 
Mar. 11, 2016DRAFT Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
Announcement and Draft Publication
SP 800-171Jun 2015Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
SP 800-171 (including updates as of 01-14-2016) FAQ
doi:10.6028/NIST.SP.800-171 [Direct Link]
Press Release (06-19-2015)
SP 800-170Jun 20142013 Computer Security Division Annual Report
SP 800-170 - Annual Report (2013) FAQ
doi:10.6028/NIST.SP.800-170 [Direct Link]
SP 800-168May 2014Approximate Matching: Definition and Terminology
SP 800-168 FAQ
doi:10.6028/NIST.SP.800-168 [Direct Link]
SP 800-167Oct 2015Guide to Application Whitelisting
SP 800-167 FAQ
doi:10.6028/NIST.SP.800-167 [Direct Link]
Press Release
SP 800-166Jun. 2016Derived PIV Application and Data Model Test Guidelines
SP 800-166 FAQ
doi:10.6028/NIST.SP.800-166 [Direct Link]
SP 800-165Jun 20132012 Computer Security Division Annual Report
Annual Report (2012) - SP 800-165 FAQ
doi:10.6028/NIST.SP.800-165 [Direct Link]
SP 800-164 
Oct. 31, 2012DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
Announcement and Draft Publication
SP 800-163Jan. 2015Vetting the Security of Mobile Applications
SP 800-163 FAQ
doi:10.6028/NIST.SP.800-163 [Direct Link]
Press Release
SP 800-162Jan 2014Guide to Attribute Based Access Control (ABAC) Definition and Considerations
SP 800-162 FAQ
doi:10.6028/NIST.SP.800-162 [Direct Link]
SP 800-162 (EPUB) FAQ
SP 800-161Apr. 2015Supply Chain Risk Management Practices for Federal Information Systems and Organizations
SP 800-161 FAQ
doi:10.6028/NIST.SP.800-161 [Direct Link]
SP 800-160 
May 4, 2016DRAFT Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems (Second Draft)
Announcement and Draft Publication
SP 800-157Dec. 2014Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 FAQ
doi:10.6028/NIST.SP.800-157 [Direct Link]
SP 800-156May 2016Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 FAQ
doi:10.6028/NIST.SP.800-156 [Direct Link]
XSD Schema File for SP 800-156 Chain of Trust
SP 800-155 
Dec. 8, 2011DRAFT BIOS Integrity Measurement Guidelines
Announcement and Draft Publication
SP 800-154 
Mar. 14, 2016DRAFT Guide to Data-Centric System Threat Modeling
Announcement and Draft Publication
SP 800-153Feb 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 FAQ
doi:10.6028/NIST.SP.800-153 [Direct Link]
Press Release
SP 800-152Oct. 2015A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS)
SP 800-152 FAQ
doi:10.6028/NIST.SP.800-152 [Direct Link]
Comments Received from Final Draft
SP 800-150 
Apr. 21, 2016DRAFT Guide to Cyber Threat Information Sharing (Second Draft)
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147 FAQ
doi:10.6028/NIST.SP.800-147 [Direct Link]
Press Release
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146 FAQ
doi:10.6028/NIST.SP.800-146 [Direct Link]
SP 800-146 (EPUB) FAQ
Press Release
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145 FAQ
doi:10.6028/NIST.SP.800-145 [Direct Link]
SP 800-145 (EPUB) FAQ
Press Release
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 FAQ
doi:10.6028/NIST.SP.800-144 [Direct Link]
SP 800-144 (EPUB) FAQ
Press Release
SP 800-142Oct 2010Practical Combinatorial Testing
SP 800-142 FAQ
doi:10.6028/NIST.SP.800-142 [Direct Link]
SP 800-137Sep 2011Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 FAQ
doi:10.6028/NIST.SP.800-137 [Direct Link]
Press Release
SP 800-135 Rev. 1Dec 2011Recommendation for Existing Application-Specific Key Derivation Functions
SP 800-135 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-135r1 [Direct Link]
SP 800-133Dec 2012Recommendation for Cryptographic Key Generation
SP 800-133 FAQ
doi:10.6028/NIST.SP.800-133 [Direct Link]
SP 800-133 (EPUB) FAQ
Press Release
SP 800-132Dec 2010Recommendation for Password-Based Key Derivation Part 1: Storage Applications
SP 800-132 FAQ
doi:10.6028/NIST.SP.800-132 [Direct Link]
SP 800-131 A Rev. 1Nov 2015Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
SP 800-131A Rev. 1 FAQ
doi:10.6028/NIST.SP.800-131Ar1 [Direct Link]
SP 800-130Aug 2013A Framework for Designing Cryptographic Key Management Systems
SP 800-130 FAQ
doi:10.6028/NIST.SP.800-130 [Direct Link]
SP 800-128Aug 2011Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 FAQ
doi:10.6028/NIST.SP.800-128 [Direct Link]
SP 800-127Sep 2010Guide to Securing WiMAX Wireless Communications
SP 800-127 FAQ
doi:10.6028/NIST.SP.800-127 [Direct Link]
SP 800-127 (EPUB) FAQ
Press Release
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-126r2 [Direct Link]
NIST Solicits Comments for SP 800-126 & SCAP
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-126r1 [Direct Link]
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126 FAQ
doi:10.6028/NIST.SP.800-126 [Direct Link]
SP 800-125 BMar 2016Secure Virtual Network Configuration for Virtual Machine (VM) Protection
SP 800-125B FAQ
doi:10.6028/NIST.SP.800-125B [Direct Link]
SP 800-125 A 
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-125Jan 2011Guide to Security for Full Virtualization Technologies
SP 800-125 FAQ
doi:10.6028/NIST.SP.800-125 [Direct Link]
Press Release
SP 800-124 Rev. 1Jun 2013Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
Press Release
SP 800-123Jul 2008Guide to General Server Security
SP 800-123 FAQ
doi:10.6028/NIST.SP.800-123 [Direct Link]
SP 800-123 (EPUB) FAQ
SP 800-122Apr 2010Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 FAQ
doi:10.6028/NIST.SP.800-122 [Direct Link]
SP 800-122 (EPUB) FAQ
SP 800-121 Rev. 1Jun 2012Guide to Bluetooth Security
SP 800-121 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-121r1 [Direct Link]
Press Release
SP 800-120Sep 2009Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120 FAQ
doi:10.6028/NIST.SP.800-120 [Direct Link]
SP 800-119Dec 2010Guidelines for the Secure Deployment of IPv6
SP 800-119 FAQ
doi:10.6028/NIST.SP.800-119 [Direct Link]
SP 800-117 Rev. 1 
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117 FAQ
doi:10.6028/NIST.SP.800-117 [Direct Link]
SP 800-116 Rev. 1 
Dec. 28, 2015DRAFT A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
Announcement and Draft Publication
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116 FAQ
doi:10.6028/NIST.SP.800-116 [Direct Link]
SP 800-115Sep 2008Technical Guide to Information Security Testing and Assessment
SP 800-115 FAQ
doi:10.6028/NIST.SP.800-115 [Direct Link]
SP 800-115 (EPUB) FAQ
SP 800-114 Rev. 1 
Mar. 14, 2016DRAFT User's Guide to Telework and Bring Your Own Device (BYOD) Security
Announcement and Draft Publication
SP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote Access
SP 800-114 FAQ
doi:10.6028/NIST.SP.800-114 [Direct Link]
SP 800-113Jul 2008 Guide to SSL VPNs
SP 800-113 FAQ
doi:10.6028/NIST.SP.800-113 [Direct Link]
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP 800-111 FAQ
doi:10.6028/NIST.SP.800-111 [Direct Link]
SP 800-108Oct 2009Recommendation for Key Derivation Using Pseudorandom Functions
SP 800-108 FAQ
doi:10.6028/NIST.SP.800-108 [Direct Link]
SP 800-107 Rev. 1Aug 2012Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-107r1 [Direct Link]
SP 800-106Feb 2009Randomized Hashing for Digital Signatures
SP 800-106 FAQ
doi:10.6028/NIST.SP.800-106 [Direct Link]
SP 800-103 
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-102Sep 2009Recommendation for Digital Signature Timeliness
SP 800-102 FAQ
doi:10.6028/NIST.SP.800-102 [Direct Link]
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-100Oct 2006Information Security Handbook: A Guide for Managers
SP 800-100 (including updates as of 03-07-2007) FAQ
doi:10.6028/NIST.SP.800-100 [Direct Link]
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 FAQ
doi:10.6028/NIST.SP.800-98 [Direct Link]
SP 800-97Feb 2007Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP 800-97 FAQ
doi:10.6028/NIST.SP.800-97 [Direct Link]
SP 800-96Sep 2006PIV Card to Reader Interoperability Guidelines
SP 800-96 FAQ
doi:10.6028/NIST.SP.800-96 [Direct Link]
SP 800-95Aug 2007Guide to Secure Web Services
SP 800-95 FAQ
doi:10.6028/NIST.SP.800-95 [Direct Link]
SP 800-94 Rev. 1 
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 FAQ
doi:10.6028/NIST.SP.800-94 [Direct Link]
SP 800-92Sep 2006Guide to Computer Security Log Management
SP 800-92 FAQ
doi:10.6028/NIST.SP.800-92 [Direct Link]
SP 800-92 (EPUB) FAQ
SP 800-90 A Rev.1Jun 2015Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP 800-90A Revision 1 FAQ
doi:10.6028/NIST.SP.800-90Ar1 [Direct Link]
Press Release
SP 800-90 B 
Jan. 27, 2016DRAFT Draft SP 800-90 Series: Random Bit Generators
Recommendation for the Entropy Sources Used for Random Bit Generation

Announcement and Draft Publication
SP 800-90 C 
Apr. 13, 2016DRAFT Recommendation for Random Bit Generator (RBG) Constructions (Second Draft)
Announcement and Draft Publication
SP 800-89Nov 2006Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 FAQ
doi:10.6028/NIST.SP.800-89 [Direct Link]
SP 800-88 Rev. 1Dec. 2014Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-87 Rev 1Apr 2008Codes for Identification of Federal and Federally-Assisted Organizations
SP 800-87 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-87r1 [Direct Link]
SP 800-86Aug 2006Guide to Integrating Forensic Techniques into Incident Response
SP 800-86 FAQ
doi:10.6028/NIST.SP.800-86 [Direct Link]
SP 800-85 B-4 
Aug. 6, 2014DRAFT PIV Data Model Test Guidelines
Announcement and Draft Publication
SP 800-85 BJul 2006PIV Data Model Test Guidelines
SP 800-85B FAQ
doi:10.6028/NIST.SP.800-85B [Direct Link]
SP 800-85 A-4Apr 2016PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
SP 800-85A-4 FAQ
doi:10.6028/NIST.SP.800-85A-4 [Direct Link]
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 FAQ
doi:10.6028/NIST.SP.800-84 [Direct Link]
SP 800-84 (EPUB) FAQ
SP 800-83 Rev. 1Jul 2013Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-82 Rev.2May 2015Guide to Industrial Control Systems (ICS) Security
SP 800-82 Revision 2 FAQ
doi:10.6028/NIST.SP.800-82r2 [Direct Link]
Press Release
SP 800-81 -2Sep 2013Secure Domain Name System (DNS) Deployment Guide
SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-79 -2July 2015Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
SP 800-79-2 FAQ
doi:10.6028/NIST.SP.800-79-2 [Direct Link]
SP 800-78 -4May 2015Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-4 FAQ
doi:10.6028/NIST.SP.800-78-4 [Direct Link]
SP 800-77Dec 2005Guide to IPsec VPNs
SP 800-77 FAQ
doi:10.6028/NIST.SP.800-77 [Direct Link]
SP 800-76 -2Jul 2013Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73 -4May 2015Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

SP 800-73-4 (including updates as of 02-08-2016) FAQ
doi:10.6028/NIST.SP.800-73-4 [Direct Link]
Press Release (06-16-2015)
SP 800-72Nov 2004Guidelines on PDA Forensics
SP 800-72 FAQ
doi:10.6028/NIST.SP.800-72 [Direct Link]
SP 800-70 Rev. 3Dec 2015National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-70r3 [Direct Link]
SP 800-69Sep 2006Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
SP 800-69 FAQ
doi:10.6028/NIST.SP.800-69 [Direct Link]
SP 800-68 Rev. 1Oct 2008Guide to Securing Microsoft Windows XP Systems for IT Professionals
SP 800-68 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-68r1 [Direct Link]
SP 800-67 Rev. 1Jan 2012Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
SP 800-67 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-67r1 [Direct Link]
SP 800-66 Rev 1Oct 2008An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-66r1 [Direct Link]
SP 800-65Jan 2005Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65 FAQ
doi:10.6028/NIST.SP.800-65 [Direct Link]
SP 800-64 Rev. 2Oct 2008Security Considerations in the System Development Life Cycle
SP 800-64 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-64r2 [Direct Link]
SP 800-63 -2Aug 2013Electronic Authentication Guideline
SP 800-63-2 FAQ
doi:10.6028/NIST.SP.800-63-2 [Direct Link]
Draft SP 800-63-3 Development (Public Preview)
SP 800-61 Rev. 2Aug 2012Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
Press Release
SP 800-60 Rev. 1Aug 2008Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 1: Guide for Mapping Types of Information and Information Systems to Security Categories FAQ
doi:10.6028/NIST.SP.800-60v1r1 [Direct Link]
Vol. 2: Appendices
SP 800-59Aug 2003Guideline for Identifying an Information System as a National Security System
SP 800-59 FAQ
doi:10.6028/NIST.SP.800-59 [Direct Link]
SP 800-58Jan 2005Security Considerations for Voice Over IP Systems
SP 800-58 FAQ
doi:10.6028/NIST.SP.800-58 [Direct Link]
SP 800-57 Part 1-Rev. 4Jan. 2016Recommendation for Key Management, Part 1: General
SP 800-57 Part 1, Revision 4 FAQ
doi:10.6028/NIST.SP.800-57pt1r4 [Direct Link]
Comments Received & Resolutions for SP 800-57 Part 1, Rev. 4
SP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2 FAQ
doi:10.6028/NIST.SP.800-57p2 [Direct Link]
SP 800-57 Part 3-Rev.1Jan. 2015Recommendation for Key Management: Part 3 - Application-Specific Key Management Guidance
SP 800-57 Part 3, Revision 1 FAQ
doi:10.6028/NIST.SP.800-57pt3r1 [Direct Link]
SP 800-56 A Rev. 2May 2013Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
SP 800-56A Revision 2 FAQ
doi:10.6028/NIST.SP.800-56Ar2 [Direct Link]
Public Comments received on Draft SP 800-56A Rev. 2
SP 800-56 B Rev. 1Sep 2014Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography
SP 800-56B Revision 1 FAQ
doi:10.6028/NIST.SP.800-56Br1 [Direct Link]
SP 800-56 CNov 2011Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C FAQ
doi:10.6028/NIST.SP.800-56C [Direct Link]
SP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information Security
SP 800-55 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-55r1 [Direct Link]
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54 FAQ
doi:10.6028/NIST.SP.800-54 [Direct Link]
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-22-2015) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-22-2015)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
Press Release (04-30-2013)
Pre-Draft Call for Comments for SP 800-53 Rev. 5
SP 800-53 A Rev.4Dec 2014Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
Word version of SP 800-53A Rev. 4 (12-18-2014)
XML file for SP 800-53A Rev. 4 (06-16-2015)
Press Release
SP 800-52 Rev. 1Apr 2014Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
Press Release
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-51r1 [Direct Link]
Press Release
SP 800-50Oct 2003Building an Information Technology Security Awareness and Training Program
SP 800-50 FAQ
doi:10.6028/NIST.SP.800-50 [Direct Link]
SP 800-49Nov 2002Federal S/MIME V3 Client Profile
SP 800-49 FAQ
doi:10.6028/NIST.SP.800-49 [Direct Link]
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-48r1 [Direct Link]
SP 800-47Aug 2002Security Guide for Interconnecting Information Technology Systems
SP 800-47 FAQ
doi:10.6028/NIST.SP.800-47 [Direct Link]
SP 800-46 Rev. 2 
Mar. 14, 2016DRAFT Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
Announcement and Draft Publication
SP 800-46 Rev. 1Jun 2009Guide to Enterprise Telework and Remote Access Security
SP 800-46 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-46r1 [Direct Link]
SP 800-45 Version 2Feb 2007Guidelines on Electronic Mail Security
SP 800-45 Version 2 FAQ
doi:10.6028/NIST.SP.800-45ver2 [Direct Link]
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2 FAQ
doi:10.6028/NIST.SP.800-44ver2 [Direct Link]
SP 800-43Nov 2002Systems Administration Guidance for Windows 2000 Professional System
SP 800-43 FAQ
doi:10.6028/NIST.SP.800-43 [Direct Link]
SP 800-41 Rev. 1Sep 2009Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-41r1 [Direct Link]
SP 800-40 Rev. 3Jul 2013Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
Press Release
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 FAQ
doi:10.6028/NIST.SP.800-39 [Direct Link]
Press Release
SP 800-38 ADec 2001Recommendation for Block Cipher Modes of Operation: Methods and Techniques
SP 800-38A FAQ
doi:10.6028/NIST.SP.800-38A [Direct Link]
SP 800-38 A - AddendumOct 2010Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A Addendum FAQ
doi:10.6028/NIST.SP.800-38A-Add [Direct Link]
SP 800-38 BMay 2005Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
SP 800-38B (with updated examples appended) FAQ
doi:10.6028/NIST.SP.800-38B [Direct Link]
SP 800-38 CMay 2004Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (including updates as of 07-20-2007) FAQ
doi:10.6028/NIST.SP.800-38C [Direct Link]
SP 800-38 DNov 2007Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D FAQ
doi:10.6028/NIST.SP.800-38D [Direct Link]
SP 800-38 EJan 2010Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E FAQ
doi:10.6028/NIST.SP.800-38E [Direct Link]
SP 800-38 FDec 2012Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link]
SP 800-38 GMar 2016Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-38G FAQ
doi:10.6028/NIST.SP.800-38G [Direct Link]
Press Release
SP 800-37 Rev. 1Feb 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of 6-05-2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
Press Release
SP 800-36Oct 2003Guide to Selecting Information Technology Security Products
SP 800-36 FAQ
doi:10.6028/NIST.SP.800-36 [Direct Link]
SP 800-35Oct 2003Guide to Information Technology Security Services
SP 800-35 FAQ
doi:10.6028/NIST.SP.800-35 [Direct Link]
SP 800-34 Rev. 1May 2010Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010) FAQ
doi:10.6028/NIST.SP.800-34r1 [Direct Link]
Business Impact Analysis (BIA) Template (SP 800-34 Rev. 1)
Contingency Planning: Low Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: Moderate Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: High Impact System Template (SP 800-34 Rev. 1)
SP 800-33Dec 2001Underlying Technical Models for Information Technology Security
SP 800-33 FAQ
doi:10.6028/NIST.SP.800-33 [Direct Link]
SP 800-32Feb. 26, 2001Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32 FAQ
doi:10.6028/NIST.SP.800-32 [Direct Link]
SP 800-30 Rev. 1Sep 2012Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-30r1 [Direct Link]
SP 800-30 Rev. 1 (EPUB) FAQ
Press Release
SP 800-29Jun 2001A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
SP 800-29 FAQ
doi:10.6028/NIST.SP.800-29 [Direct Link]
SP 800-28 Version 2Mar 2008Guidelines on Active Content and Mobile Code
SP 800-28 Version 2 FAQ
doi:10.6028/NIST.SP.800-28ver2 [Direct Link]
SP 800-27 Rev. AJun 2004Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
SP 800-27 Rev. A FAQ
doi:10.6028/NIST.SP.800-27rA [Direct Link]
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25 FAQ
doi:10.6028/NIST.SP.800-25 [Direct Link]
SP 800-24Apr 2001PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
SP 800-24 FAQ
doi:10.6028/NIST.SP.800-24 [Direct Link]
SP 800-23Aug 2000Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-23 FAQ
doi:10.6028/NIST.SP.800-23 [Direct Link]
SP 800-22 Rev. 1aApr 2010A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
SP 800-22 Rev. 1a FAQ
doi:10.6028/NIST.SP.800-22r1a [Direct Link]
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
SP 800-21 2nd Edition FAQ
doi:10.6028/NIST.SP.800-21e2 [Direct Link]
SP 800-20Oct 1999Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures
SP 800-20 (including updates as of 03-2012) FAQ
doi:10.6028/NIST.SP.800-20 [Direct Link]
SP 800-19Oct 1999Mobile Agent Security
SP 800-19 FAQ
doi:10.6028/NIST.SP.800-19 [Direct Link]
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-18r1 [Direct Link]
SP 800-17Feb 1998Modes of Operation Validation System (MOVS): Requirements and Procedures
SP 800-17 FAQ
doi:10.6028/NIST.SP.800-17 [Direct Link]
SP 800-16 Rev. 1-3rd-draft 
Mar. 14, 2014DRAFT A Role-Based Model for Federal Information Technology / Cyber Security Training (3rd public draft)
Announcement and Draft Publication
SP 800-16Apr 1998Information Technology Security Training Requirements: A Role- and Performance-Based Model
SP 800-16 FAQ
doi:10.6028/NIST.SP.800-16 [Direct Link]
SP 800-15Jan 1998MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15 FAQ
doi:10.6028/NIST.SP.800-15 [Direct Link]
SP 800-14Sep 1996Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-14 FAQ
doi:10.6028/NIST.SP.800-14 [Direct Link]
SP 800-13Oct 1995Telecommunications Security Guidelines for Telecommunications Management Network
SP 800-13 FAQ
doi:10.6028/NIST.SP.800-13 [Direct Link]
SP 800-12Oct 1995An Introduction to Computer Security: The NIST Handbook
SP 800-12 FAQ
doi:10.6028/NIST.SP.800-12 [Direct Link]
SP 800-1Dec 1990Bibliography of Selected Computer Security Publications, January 1980 - October 1989
SP 800-1 FAQ
doi:10.6028/NIST.SP.800-1 [Direct Link]
Back to Top
SP 500s - Computer Systems Technology
SP 500-304Jun 2015Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information
SP 500-304 FAQ
doi:10.6028/NIST.SP.500-304 [Direct Link]
BioCTS homepage
SP 500-299 
May 2013DRAFT NIST Cloud Computing Security Reference Architecture
Announcement and Draft Publication
Back to Top
SP 1800s - NIST Cybersecurity Practice Guides
SP 1800-5 
Oct. 29, 2015DRAFT IT Asset Management
Announcement and Draft Publication
SP 1800-4 
Nov. 5, 2015DRAFT Mobile Device Security: Cloud & Hybrid Builds
Announcement and Draft Publication
SP 1800-3 
Sep. 29, 2015DRAFT Attribute Based Access Control
Announcement and Draft Publication
SP 1800-2 
Aug. 25, 2015DRAFT Identity and Access Management for Electric Utilities
Announcement and Draft Publication
SP 1800-1 
July 28, 2015DRAFT Securing Electronic Health Records on Mobile Devices
Announcement and Draft Publication
Back to Top