NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Publications By Topic/Project

To view CSD publications--FIPS, Special Publications, NISTIRs and ITL Bulletins--by topic or project, see the menu (on left).

[Publications that link to dx.doi.org/... will redirect to another NIST website. See more details about DOIs.]

Annual Reports
NumberDateTitle
SP 800-170June 20142013 Computer Security Division Annual Report
SP 800-170 - Annual Report (2013) FAQ
doi:10.6028/NIST.SP.800-170 [Direct Link]
SP 800-165Jun 20132012 Computer Security Division Annual Report
Annual Report (2012) - SP 800-165 FAQ
doi:10.6028/NIST.SP.800-165 [Direct Link]
NIST IR 7816Mar 20122011 Computer Security Division Annual Report
Annual Report (2011)
NIST IR 7751May 20112010 Computer Security Division Annual Report
Annual Report (2010)
NIST IR 7653Mar 20102009 Computer Security Division Annual Report
Annual Report (2009)
NIST IR 7536Mar 20092008 Computer Security Division Annual Report
Annual Report (2008)
NIST IR 7442Apr 20082007 Computer Security Division Annual Report
Annual Report (2007)
NIST IR 7399Mar 20072006 Computer Security Division Annual Report
Annual Report (2006)
NIST IR 7285Feb 20062005 Computer Security Division Annual Report
Annual Report (2005)
NIST IR 7219Apr 20052004 Computer Security Division Annual Report
Annual Report (2004)
NIST IR 7111Apr 20042003 Computer Security Division Annual Report
Annual Report (2003)
Back to Top
Audit & Accountability
NumberDateTitle
FIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information Systems
FIPS 200
FIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information Systems
FIPS 199
FIPS 191Nov 1994Guideline for The Analysis of Local Area Network Security
FIPS 191
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
FIPS 140-2May 2001Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002)
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Annex A: Approved Security Functions (EPUB) FAQ
Annex B: Approved Protection Profiles (EPUB) FAQ
Annex C: Approved Random Number Generators (EPUB) FAQ
Annex D: Approved Key Establishment Techniques (EPUB) FAQ
FIPS 140-1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modules
FIPS 140-1
SP 800-171 
(Draft)
Nov. 18, 2014DRAFT Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
Announcement and Draft Publication
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-115Sep 2008Technical Guide to Information Security Testing and Assessment
SP 800-115
SP 800-115 (EPUB) FAQ
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-92Sep 2006Guide to Computer Security Log Management
SP 800-92
SP 800-92 (EPUB) FAQ
SP 800-68 Rev. 1Oct 2008Guide to Securing Microsoft Windows XP Systems for IT Professionals
SP 800-68 Rev. 1
SP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information Security
SP 800-55 Rev. 1
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-53 A Rev.4Dec. 2014Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
SP 800-53 A Rev. 1Jun 2010Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans
SP 800-53A Rev. 1
Security Assessment Overview and Cases
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1
SP 800-50Oct 2003Building an Information Technology Security Awareness and Training Program
SP 800-50
SP 800-41 Rev. 1Sep 2009Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1
SP 800-37 Rev. 1Feb 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of June 05, 2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
SP 800-30 Rev. 1Sep 2012Guide for Conducting Risk Assessments
SP 800-30 Rev. 1
SP 800-30 Rev. 1 (EPUB) FAQ
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1
SP 800-16 Rev. 1 (3rd draft) 
(Draft)
Mar. 14, 2014DRAFT A Role-Based Model for Federal Information Technology / Cyber Security Training (3rd public draft)
Announcement and Draft Publication
SP 800-16Apr 1998Information Technology Security Training Requirements: A Role- and Performance-Based Model
SP 800-16
Appendices A, B, C, D
Appendix E
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7802Sep 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR 7802
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7698Aug 2011Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698
NIST IR 7697Aug 2011Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697
NIST IR 7696Aug 2011Common Platform Enumeration : Name Matching Specification Version 2.3
NISTIR 7696
NIST IR 7695Aug 2011Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695
NIST IR 7694Jun 2011Specification for the Asset Reporting Format 1.1
NISTIR 7694
NIST IR 7693Jun 2011Specification for Asset Identification 1.1
NISTIR 7693
NIST IR 7692Apr 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
NIST IR 7358Jan 2007Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358
NIST IR 7316Sep 2006Assessment of Access Control Systems
NISTIR 7316
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
NIST IR 7275 Rev. 4Sep 2011Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4
NISTIR 7275 Rev. 4 (03-2012 update)
NISTIR 7275 Rev. 4 (03-2012 update - markup)
NIST IR 7275 Rev. 3Jan 2008Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3
NIST IR 6981Apr 2003Policy Expression and Enforcement for Handheld Devices
NISTIR 6981
ITL October 2006Oct 2006Log Management: Using Computer and Network Records to Improve Information Security
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL January 2006Jan 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL August 2005Aug 2005Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL November 2004Nov 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL March 2004Mar 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
Back to Top
Authentication
NumberDateTitle
FIPS 196Feb 1997Entity Authentication Using Public Key Cryptography
FIPS 196
FIPS 190Sep 1994Guideline for the Use of Advanced Authentication Technology Alternatives
FIPS 190
FIPS 186-4Jul 2013Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link]
FIPS 186-2Jan 2000Digital Signature Standard (DSS)
fips186-2-change1.pdf
FIPS 181Oct 1993Automated Password Generator
FIPS 181
FIPS 180-4Mar 2012Secure Hash Standard (SHS)
FIPS 180-4
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-157Dec. 2014(PRE-PUBLICATION): Guidelines for Derived Personal Identity Verification (PIV) Credentials
(PRE-PUBLICATION) SP 800-157
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-132Dec 2010Recommendation for Password-Based Key Derivation Part 1: Storage Applications
SP 800-132
SP 800-127Sep 2010Guide to Securing WiMAX Wireless Communications
SP 800-127
SP 800-127 (EPUB) FAQ
SP 800-121 Rev. 1Jun 2012Guide to Bluetooth Security
SP 800-121 Rev. 1
SP 800-120Sep 2009Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120
SP 800-118 
(Draft)
Apr. 21, 2009DRAFT Guide to Enterprise Password Management
Announcement and Draft Publication
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote Access
SP 800-114
SP 800-113Jul 2008 Guide to SSL VPNs
SP 800-113
SP 800-103 
(Draft)
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-102Sep 2009Recommendation for Digital Signature Timeliness
SP 800-102
SP 800-89Nov 2006Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-73 -4 
(Draft)
May 19, 2014DRAFT Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

Announcement and Draft Publication
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification
SP 800-68 Rev. 1Oct 2008Guide to Securing Microsoft Windows XP Systems for IT Professionals
SP 800-68 Rev. 1
SP 800-63 -2Aug 2013Electronic Authentication Guideline
SP 800-63-2 FAQ
doi:10.6028/NIST.SP.800-63-2 [Direct Link]
SP 800-63 -1Dec 2011Electronic Authentication Guideline
SP 800-63-1
SP 800-57 Part 3-Rev.1 
(Draft)
May 5, 2014DRAFT Recommendation for Key Management: Part 3 - Application-Specific Key Management Guidance
Announcement and Draft Publication
SP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)
SP 800-57 Part 1, Rev. 3
SP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2
SP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidance
SP 800-57 Part 3
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1
SP 800-46 Rev. 1Jun 2009Guide to Enterprise Telework and Remote Access Security
SP 800-46 Rev. 1
SP 800-38 ADec 2001Recommendation for Block Cipher Modes of Operation - Methods and Techniques
SP 800-38A
SP 800-38 A - AddendumOct 2010Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A Addendum
SP 800-38 BMay 2005Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
SP 800-38B
CMAC Examples (updated)
SP 800-38 CMay 2004Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (including updates as of 07-20-2007)
SP 800-38 DNov 2007Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D
SP 800-38 EJan 2010Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E
SP 800-38 FDec 2012Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link]
SP 800-38 G 
(Draft)
July 8, 2013DRAFT Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
Announcement and Draft Publication
SP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
SP 800-21 2nd Edition
SP 800-17Feb 1998Modes of Operation Validation System (MOVS): Requirements and Procedures
SP 800-17
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 8014 
(Draft)
July 15, 2014DRAFT Considerations for Identity Management in Public Safety Mobile Networks
Announcement and Draft Publication
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7849Mar 2014A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7802Sep 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR 7802
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7601Aug 2010Framework for Emergency Response Officials (ERO)
NISTIR 7601
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7290Mar 2006Fingerprint Identification and Mobile Handheld Devices: Overview and Implementation
NISTIR 7290
NIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementation
NISTIR 7206
NIST IR 7200Jun 2005Proximity Beacons and Mobile Handheld Devices: Overview and Implementation
NISTIR 7200
NIST IR 7046Aug 2003A Framework for Multi-Mode Authentication: Overview and Implementation Guide
NISTIR 7046
NIST IR 7030Jul 2003Picture Password: A Visual Login Technique for Mobile Devices
NISTIR 7030
NIST IR 6192July 1998A Revised Model for Role-Based Access Control
NISTIR 6192
Citation Page for NISTIR 6192
NIST IR 5820April 1996Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications
NISTIR 5820
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
Back to Top
Awareness & Training
NumberDateTitle
SP 800-171 
(Draft)
Nov. 18, 2014DRAFT Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-66 Rev 1Oct 2008An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-50Oct 2003Building an Information Technology Security Awareness and Training Program
SP 800-50
SP 800-16 Rev. 1 (3rd draft) 
(Draft)
Mar. 14, 2014DRAFT A Role-Based Model for Federal Information Technology / Cyber Security Training (3rd public draft)
Announcement and Draft Publication
SP 800-16Apr 1998Information Technology Security Training Requirements: A Role- and Performance-Based Model
SP 800-16
Appendices A, B, C, D
Appendix E
NIST IR 7621 Rev.1 
(Draft)
Dec. 16, 2014DRAFT Small Business Information Security: The Fundamentals
Announcement and Draft Publication
NIST IR 7621Oct 2009Small Business Information Security: The Fundamentals
NISTIR 7621
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7359Jan 2007Information Security Guide For Government Executives
NISTIR 7359
Booklet
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL May 2014May 2014Small and Medium-Size Business Information Security Outreach Program
ITL November 2006Nov 2006Guide to Securing Computers Using Windows XP Home Edition
ITL October 2003Oct 2003Information Technology Security Awareness, Training, Education, and Certification
Back to Top
Biometrics
NumberDateTitle
FIPS 201-2Aug 2013Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-103 
(Draft)
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-76 -2Jul 2013Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73 -4 
(Draft)
May 19, 2014DRAFT Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

Announcement and Draft Publication
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification
NIST IR 8014 
(Draft)
July 15, 2014DRAFT Considerations for Identity Management in Public Safety Mobile Networks
Announcement and Draft Publication
NIST IR 7957Aug. 2013Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2011 NIEM XML Encoded Transactions
NISTIR 7957 FAQ
doi:10.6028/NIST.IR.7957 [Direct Link]
NIST IR 7933May 2013Requirements and Conformance Test Assertions for ANSI/NIST-ITL 1-2011 Record Type 18 - DNA Record
NISTIR 7933 FAQ
doi:10.6028/NIST.IR.7933 [Direct Link]
NIST IR 7771Feb 2011Conformance Test Architecture for Biometric Data Interchange Formats - Version Beta 2.0
NISTIR 7771
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7290Mar 2006Fingerprint Identification and Mobile Handheld Devices: Overview and Implementation
NISTIR 7290
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
NIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementation
NISTIR 7206
NIST IR 7056Mar 2004Card Technology Development and Gap Analysis Interagency Report
NISTIR 7056
NIST IR 6887Jul 2003Government Smart Card Interoperability Specification
NISTIR 6887
NIST IR 6529 AApr 2004Common Biometric Exchange Formats Framework (CBEFF)
NISTIR 6529A
ITL October 2013Oct 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
Oct. 2013 ITL Bulletin (EPUB) FAQ
ITL January 2006Jan 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL August 2005Aug 2005Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
Back to Top
Certification & Accreditation (C&A)
NumberDateTitle
FIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information Systems
FIPS 200
FIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information Systems
FIPS 199
FIPS 191Nov 1994Guideline for The Analysis of Local Area Network Security
FIPS 191
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-128Aug 2011Guide for Security-Focused Configuration Management of Information Systems
SP 800-128
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-115Sep 2008Technical Guide to Information Security Testing and Assessment
SP 800-115
SP 800-115 (EPUB) FAQ
SP 800-88 Rev. 1Dec. 2014Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84
SP 800-84 (EPUB) FAQ
SP 800-60 Rev. 1Aug 2008Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 1: Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 2: Appendices
SP 800-59Aug 2003Guideline for Identifying an Information System as a National Security System
SP 800-59
SP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information Security
SP 800-55 Rev. 1
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-53 A Rev.4Dec. 2014Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
SP 800-53A Revision 4 FAQ
doi:10.6028/NIST.SP.800-53Ar4 [Direct Link]
SP 800-53 A Rev. 1Jun 2010Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans
SP 800-53A Rev. 1
Security Assessment Overview and Cases
SP 800-47Aug 2002Security Guide for Interconnecting Information Technology Systems
SP 800-47
SP 800-37 Rev. 1Feb 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of June 05, 2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
SP 800-34 Rev. 1May 2010Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010)
Business Impact Analysis (BIA) Template (SP 800-34 Rev. 1)
Contingency Planning: Low Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: Moderate Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: High Impact System Template (SP 800-34 Rev. 1)
SP 800-30 Rev. 1Sep 2012Guide for Conducting Risk Assessments
SP 800-30 Rev. 1
SP 800-30 Rev. 1 (EPUB) FAQ
SP 800-23Aug 2000Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-23
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7802Sep 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR 7802
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7692Apr 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL November 2004Nov 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL March 2004Mar 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
ITL February 2003Feb 2003Secure Interconnections for Information Technology Systems
Back to Top
Cloud Computing & Virtualization
NumberDateTitle
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-125Jan 2011Guide to Security for Full Virtualization Technologies
SP 800-125
NIST IR 8006 
(Draft)
Jun. 23, 2014DRAFT NIST Cloud Computing Forensic Science Challenges
Announcement and Draft Publication
NIST IR 7956Sep 2013Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link]
NIST IR 7904 
(Draft)
Dec. 21, 2012DRAFT Trusted Geolocation in the Cloud: Proof of Concept Implementation
Announcement and Draft Publication
ITL June 2012Jun 2012Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations
ITL March 2012Mar 2012Guidelines for Improving Security and Privacy in Public Cloud Computing
ITL April 2011Apr 2011Full Virtualization Technologies: Guidelines for Secure Implementation and Management
Back to Top
Communications & Wireless
NumberDateTitle
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
FIPS 140-2May 2001Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002)
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Annex A: Approved Security Functions (EPUB) FAQ
Annex B: Approved Protection Profiles (EPUB) FAQ
Annex C: Approved Random Number Generators (EPUB) FAQ
Annex D: Approved Key Establishment Techniques (EPUB) FAQ
FIPS 140-1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modules
FIPS 140-1
SP 800-164 
(Draft)
Oct. 31, 2012DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
Announcement and Draft Publication
SP 800-157Dec. 2014(PRE-PUBLICATION): Guidelines for Derived Personal Identity Verification (PIV) Credentials
(PRE-PUBLICATION) SP 800-157
SP 800-153Feb 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153
SP 800-127Sep 2010Guide to Securing WiMAX Wireless Communications
SP 800-127
SP 800-127 (EPUB) FAQ
SP 800-124 Rev. 1Jun 2013Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
SP 800-121 Rev. 1Jun 2012Guide to Bluetooth Security
SP 800-121 Rev. 1
SP 800-120Sep 2009Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120
SP 800-119Dec 2010Guidelines for the Secure Deployment of IPv6
SP 800-119
SP 800-115Sep 2008Technical Guide to Information Security Testing and Assessment
SP 800-115
SP 800-115 (EPUB) FAQ
SP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote Access
SP 800-114
SP 800-113Jul 2008 Guide to SSL VPNs
SP 800-113
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
SP 800-81 -2Sep 2013Secure Domain Name System (DNS) Deployment Guide
SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-77Dec 2005Guide to IPsec VPNs
SP 800-77
SP 800-58Jan 2005Security Considerations for Voice Over IP Systems
SP 800-58
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-52 Rev. 1Apr. 2014Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
SP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
SP800-52.pdf
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1
SP 800-46 Rev. 1Jun 2009Guide to Enterprise Telework and Remote Access Security
SP 800-46 Rev. 1
SP 800-45 Version 2Feb 2007Guidelines on Electronic Mail Security
SP 800-45 Version 2
SP 800-41 Rev. 1Sep 2009Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1
SP 800-24Apr 2001PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
SP 800-24
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 8018 
(Draft)
July 29, 2014DRAFT Public Safety Mobile Application Security Requirements Workshop Summary
Announcement and Draft Publication
NIST IR 8014 
(Draft)
July 15, 2014DRAFT Considerations for Identity Management in Public Safety Mobile Networks
Announcement and Draft Publication
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7617Oct 2009Mobile Forensic Reference Materials: A Methodology and Reification
NISTIR 7617
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,
NISTIR 7387
NIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementation
NISTIR 7206
NIST IR 7046Aug 2003A Framework for Multi-Mode Authentication: Overview and Implementation Guide
NISTIR 7046
ITL April 2014Apr 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
Apr. 2014 ITL Bulletin (EPUB) FAQ
ITL July 2007Jul 2007Border Gateway Protocol (BGP) Security
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL May 2007May 2007Securing Radio Frequency Identification (RFID) Systems
ITL March 2007Mar 2007Improving The Security of Electronic Mail: Updated Guidelines Issued by NIST
ITL June 2006Jun 2006Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks
ITL October 2004Oct 2004Securing Voice Over Internet Protocol (IP) Networks
Back to Top
Conferences & Workshops
NumberDateTitle
NIST IR 8018 
(Draft)
July 29, 2014DRAFT Public Safety Mobile Application Security Requirements Workshop Summary
Announcement and Draft Publication
NIST IR 7916Feb 2013Proceedings of the Cybersecurity in Cyber-Physical Systems Workshop, April 23-24, 2012
NISTIR 7916 FAQ
doi:10.6028/NIST.IR.7916 [Direct Link]
NIST IR 7665Mar 2010Proceedings of the Privilege Management Workshop, September 1-3, 2009
NISTIR 7665
NIST IR 7657Mar 2010A Report on the Privilege (Access) Management Workshop
NISTIR 7657
NIST IR 7609Jan 2010Cryptographic Key Management Workshop Summary
NISTIR 7609
NIST IR 7427Sep 20076th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313
NIST IR 7224Aug 20054th Annual PKI R&D Workshop: Multiple Paths to Trust Proceedings
NISTIR 7224
NIST IR 5472Mar 1994A Head Start on Assurance Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness
NISTIR 5472
Back to Top
Contingency Planning
NumberDateTitle
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84
SP 800-84 (EPUB) FAQ
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-46 Rev. 1Jun 2009Guide to Enterprise Telework and Remote Access Security
SP 800-46 Rev. 1
SP 800-34 Rev. 1May 2010Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (including updates as of 11-11-2010)
Business Impact Analysis (BIA) Template (SP 800-34 Rev. 1)
Contingency Planning: Low Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: Moderate Impact System Template (SP 800-34 Rev. 1)
Contingency Planning: High Impact System Template (SP 800-34 Rev. 1)
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL February 2014Feb 2014Framework for Improving Critical Infrastructure Cybersecurity
Feb. 2014 ITL Bulletin (EPUB) FAQ
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL April 2002Apr 2002Techniques for System and Data Recovery
Back to Top
Cryptography
NumberDateTitle
FIPS 198-1Jul 2008 The Keyed-Hash Message Authentication Code (HMAC)
FIPS 198-1
FIPS 197Nov 2001Advanced Encryption Standard
FIPS 197
FIPS 196Feb 1997Entity Authentication Using Public Key Cryptography
FIPS 196
FIPS 190Sep 1994Guideline for the Use of Advanced Authentication Technology Alternatives
FIPS 190
FIPS 186-4Jul 2013Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link]
FIPS 186-2Jan 2000Digital Signature Standard (DSS)
fips186-2-change1.pdf
FIPS 185Feb 1994Escrowed Encryption Standard
FIPS 185
FIPS 181Oct 1993Automated Password Generator
FIPS 181
FIPS 180-4Mar 2012Secure Hash Standard (SHS)
FIPS 180-4
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
FIPS 140-2May 2001Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002)
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Annex A: Approved Security Functions (EPUB) FAQ
Annex B: Approved Protection Profiles (EPUB) FAQ
Annex C: Approved Random Number Generators (EPUB) FAQ
Annex D: Approved Key Establishment Techniques (EPUB) FAQ
FIPS 140-1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modules
FIPS 140-1
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-152 
(Draft)
Dec. 18, 2014DRAFT A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS) (Third Draft)
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-135 Rev. 1Dec 2011Recommendation for Existing Application-Specific Key Derivation Functions
SP 800-135 Rev. 1
SP 800-133Dec 2012Recommendation for Cryptographic Key Generation
SP 800-133 FAQ
doi:10.6028/NIST.SP.800-133 [Direct Link]
SP 800-133 (EPUB) FAQ
SP 800-132Dec 2010Recommendation for Password-Based Key Derivation Part 1: Storage Applications
SP 800-132
SP 800-131 AJan 2011Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
SP 800-131A
SP 800-130Aug 2013A Framework for Designing Cryptographic Key Management Systems
SP 800-130
SP 800-127Sep 2010Guide to Securing WiMAX Wireless Communications
SP 800-127
SP 800-127 (EPUB) FAQ
SP 800-120Sep 2009Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120
SP 800-118 
(Draft)
Apr. 21, 2009DRAFT Guide to Enterprise Password Management
Announcement and Draft Publication
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-113Jul 2008 Guide to SSL VPNs
SP 800-113
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP 800-111
SP 800-108Oct 2009Recommendation for Key Derivation Using Pseudorandom Functions
SP 800-108
SP 800-107 Rev. 1Aug 2012Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1
SP 800-106Feb 2009Randomized Hashing for Digital Signatures
SP 800-106
SP 800-102Sep 2009Recommendation for Digital Signature Timeliness
SP 800-102
SP 800-90 A Rev.1 
(Draft)
Nov. 21, 2014DRAFT Recommendation for Random Number Generation Using Deterministic Random Bit Generators
Announcement and Draft Publication
SP 800-90 AJan 2012Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP 800-90A
SP 800-90 Arev1-B-C 
(Draft)
Sep. 9, 2013DRAFT Draft SP 800-90 Series: Random Bit Generators
800-90 A Rev. 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators
800-90 B: Recommendation for the Entropy Sources Used for Random Bit Generation
800-90 C: Recommendation for Random Bit Generator (RBG) Constructions

Announcement and Draft Publication
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-73 -4 
(Draft)
May 19, 2014DRAFT Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

Announcement and Draft Publication
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification
SP 800-67 Rev. 1Jan 2012Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
SP 800-67 Rev. 1
SP 800-63 -2Aug 2013Electronic Authentication Guideline
SP 800-63-2 FAQ
doi:10.6028/NIST.SP.800-63-2 [Direct Link]
SP 800-63 -1Dec 2011Electronic Authentication Guideline
SP 800-63-1
SP 800-57 Part 3-Rev.1 
(Draft)
May 5, 2014DRAFT Recommendation for Key Management: Part 3 - Application-Specific Key Management Guidance
Announcement and Draft Publication
SP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)
SP 800-57 Part 1, Rev. 3
SP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2
SP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidance
SP 800-57 Part 3
SP 800-56 A Rev. 2May 2013Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
SP 800-56A Rev. 2 FAQ
doi:10.6028/NIST.SP.800-56Ar2 [Direct Link]
Public Comments received on Draft SP 800-56A Rev. 2
SP 800-56 B Rev. 1Sep 2014Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography
SP 800-56B Revision 1 FAQ
doi:10.6028/NIST.SP.800-56Br1 [Direct Link]
SP 800-56 CNov 2011Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-52 Rev. 1Apr. 2014Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
SP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
SP800-52.pdf
SP 800-49Nov 2002Federal S/MIME V3 Client Profile
SP 800-49
SP 800-38 ADec 2001Recommendation for Block Cipher Modes of Operation - Methods and Techniques
SP 800-38A
SP 800-38 A - AddendumOct 2010Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A Addendum
SP 800-38 BMay 2005Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
SP 800-38B
CMAC Examples (updated)
SP 800-38 CMay 2004Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (including updates as of 07-20-2007)
SP 800-38 DNov 2007Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D
SP 800-38 EJan 2010Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E
SP 800-38 FDec 2012Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F FAQ
doi:10.6028/NIST.SP.800-38F [Direct Link]
SP 800-38 G 
(Draft)
July 8, 2013DRAFT Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
Announcement and Draft Publication
SP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25
SP 800-22 Rev. 1aApr 2010A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
SP 800-22 Rev. 1a
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
SP 800-21 2nd Edition
SP 800-17Feb 1998Modes of Operation Validation System (MOVS): Requirements and Procedures
SP 800-17
SP 800-15Jan 1998MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7977 
(Draft)
Feb. 18, 2014DRAFT NIST Cryptographic Standards and Guidelines Development Process
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7956Sep 2013Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link]
NIST IR 7924 
(Draft)
May 29, 2014DRAFT Reference Certificate Policy (Second Draft)
Announcement and Draft Publication
NIST IR 7896Nov 2012Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7896 FAQ
doi:10.6028/NIST.IR.7896 [Direct Link]
NIST IR 7849Mar 2014A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7802Sep 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR 7802
NIST IR 7764Feb 2011Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7764
NIST IR 7676Jun 2010Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676
NIST IR 7620Sep 2009Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7620
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7609Jan 2010Cryptographic Key Management Workshop Summary
NISTIR 7609
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementation
NISTIR 7206
NIST IR 7046Aug 2003A Framework for Multi-Mode Authentication: Overview and Implementation Guide
NISTIR 7046
ITL November 2014Nov. 2014Cryptographic Module Validation Program (CMVP)
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL April 2014Apr 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
Apr. 2014 ITL Bulletin (EPUB) FAQ
ITL January 2014Jan 2014A Profile of the Key Management Framework for the Federal Government
Jan. 2014 ITL Bulletin (EPUB) FAQ
ITL September 2013Sep 2013NIST Opens Draft Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, For Review and Comment (Supplemental ITL Bulletin for September 2013)
ITL December 2012Dec 2012Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information
Back to Top
Cyber-Physical Systems & Smart Grid
NumberDateTitle
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-82 Rev.2 
(Draft)
May 14, 2014DRAFT Guide to Industrial Control Systems (ICS) Security
Announcement and Draft Publication
SP 800-82 Rev. 1Apr 2013Guide to Industrial Control Systems (ICS) Security
SP 800-82 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-82r1 [Direct Link]
NIST IR 7916Feb 2013Proceedings of the Cybersecurity in Cyber-Physical Systems Workshop, April 23-24, 2012
NISTIR 7916 FAQ
doi:10.6028/NIST.IR.7916 [Direct Link]
NIST IR 7823 
(Draft)
Jul. 10, 2012DRAFT Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
Announcement and Draft Publication
NIST IR 7628 Rev. 1Sep 2014Guidelines for Smart Grid Cybersecurity:
Vol. 1 - Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements
Vol. 2 - Privacy and the Smart Grid
Vol. 3 - Supportive Analyses and References

NISTIR 7628 Rev. 1, (Volumes 1-3) FAQ
doi:10.6028/NIST.IR.7628r1 [Direct Link]
ITL September 2014Sept. 2014Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity
ITL August 2011Aug 2011Protecting Industrial Control Systems Key Components of Our Nation's Critical Infrastructures
ITL October 2010Oct 2010Cyber Security Strategies for the Smart Grid: Protecting the Advanced Digital Infrastructure for Electric Power
Back to Top
Digital Signatures
NumberDateTitle
FIPS 186-4Jul 2013Digital Signature Standard (DSS)
FIPS 186-4 FAQ
doi:10.6028/NIST.FIPS.186-4 [Direct Link]
FIPS 186-2Jan 2000Digital Signature Standard (DSS)
fips186-2-change1.pdf
FIPS 180-4Mar 2012Secure Hash Standard (SHS)
FIPS 180-4
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
FIPS 140-2May 2001Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002)
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Annex A: Approved Security Functions (EPUB) FAQ
Annex B: Approved Protection Profiles (EPUB) FAQ
Annex C: Approved Random Number Generators (EPUB) FAQ
Annex D: Approved Key Establishment Techniques (EPUB) FAQ
FIPS 140-1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modules
FIPS 140-1
SP 800-157Dec. 2014(PRE-PUBLICATION): Guidelines for Derived Personal Identity Verification (PIV) Credentials
(PRE-PUBLICATION) SP 800-157
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-107 Rev. 1Aug 2012Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1
SP 800-106Feb 2009Randomized Hashing for Digital Signatures
SP 800-106
SP 800-102Sep 2009Recommendation for Digital Signature Timeliness
SP 800-102
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-57 Part 3-Rev.1 
(Draft)
May 5, 2014DRAFT Recommendation for Key Management: Part 3 - Application-Specific Key Management Guidance
Announcement and Draft Publication
SP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)
SP 800-57 Part 1, Rev. 3
SP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2
SP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidance
SP 800-57 Part 3
SP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
SP800-52.pdf
SP 800-49Nov 2002Federal S/MIME V3 Client Profile
SP 800-49
SP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
SP 800-21 2nd Edition
SP 800-15Jan 1998MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15
NIST IR 7896Nov 2012Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7896 FAQ
doi:10.6028/NIST.IR.7896 [Direct Link]
NIST IR 7802Sep 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR 7802
NIST IR 7764Feb 2011Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
NISTIR 7764
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
Back to Top
Forensics
NumberDateTitle
SP 800-168May 2014Approximate Matching: Definition and Terminology
SP 800-168 FAQ
doi:10.6028/NIST.SP.800-168 [Direct Link]
SP 800-150 
(Draft)
Oct. 28, 2014DRAFT Guide to Cyber Threat Information Sharing
Announcement and Draft Publication
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-86Aug 2006Guide to Integrating Forensic Techniques into Incident Response
SP 800-86
SP 800-72Nov 2004Guidelines on PDA Forensics
SP 800-72
NIST IR 8006 
(Draft)
Jun. 23, 2014DRAFT NIST Cloud Computing Forensic Science Challenges
Announcement and Draft Publication
NIST IR 7933May 2013Requirements and Conformance Test Assertions for ANSI/NIST-ITL 1-2011 Record Type 18 - DNA Record
NISTIR 7933 FAQ
doi:10.6028/NIST.IR.7933 [Direct Link]
NIST IR 7658Feb 2010Guide to SIMfill Use and Development
NISTIR 7658
NIST IR 7617Oct 2009Mobile Forensic Reference Materials: A Methodology and Reification
NISTIR 7617
NIST IR 7559Jun 2010Forensics Web Services (FWS)
NISTIR 7559
NIST IR 7516Aug 2008Forensic Filtering of Cell Phone Protocols
NISTIR 7516
NIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,
NISTIR 7387
NIST IR 7250Oct 2005Cell Phone Forensic Tools: An Overview and Analysis
NISTIR 7250
NIST IR 7100Aug 2004PDA Forensic Tools: An Overview and Analysis
NISTIR 7100
ITL June 2014Jun 2014ITL Forensic Science Program
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
ITL September 2006Sep 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
Back to Top
General IT Security
NumberDateTitle
FIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information Systems
FIPS 200
SP 800-171 
(Draft)
Nov. 18, 2014DRAFT Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
Announcement and Draft Publication
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-164 
(Draft)
Oct. 31, 2012DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
Announcement and Draft Publication
SP 800-163 
(Draft)
Aug 19, 2014DRAFT Technical Considerations for Vetting 3rd Party Mobile Applications
Announcement and Draft Publication
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-157Dec. 2014(PRE-PUBLICATION): Guidelines for Derived Personal Identity Verification (PIV) Credentials
(PRE-PUBLICATION) SP 800-157
SP 800-155 
(Draft)
Dec. 8, 2011DRAFT BIOS Integrity Measurement Guidelines
Announcement and Draft Publication
SP 800-153Feb 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153
SP 800-150 
(Draft)
Oct. 28, 2014DRAFT Guide to Cyber Threat Information Sharing
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-132Dec 2010Recommendation for Password-Based Key Derivation Part 1: Storage Applications
SP 800-132
SP 800-128Aug 2011Guide for Security-Focused Configuration Management of Information Systems
SP 800-128
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-124 Rev. 1Jun 2013Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
SP 800-123Jul 2008Guide to General Server Security
SP 800-123
SP 800-123 (EPUB) FAQ
SP 800-122Apr 2010Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122
SP 800-122 (EPUB) FAQ
SP 800-120Sep 2009Recommendation for EAP Methods Used in Wireless Network Access Authentication
SP 800-120
SP 800-119Dec 2010Guidelines for the Secure Deployment of IPv6
SP 800-119
SP 800-118 
(Draft)
Apr. 21, 2009DRAFT Guide to Enterprise Password Management
Announcement and Draft Publication
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote Access
SP 800-114
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP 800-111
SP 800-108Oct 2009Recommendation for Key Derivation Using Pseudorandom Functions
SP 800-108
SP 800-103 
(Draft)
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-100Oct 2006Information Security Handbook: A Guide for Managers
SP 800-100 (including updates as of 03-07-2007)
SP 800-95Aug 2007Guide to Secure Web Services
SP 800-95
SP 800-88 Rev. 1Dec. 2014Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-70 Rev. 2Feb 2011National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 2
SP 800-64 Rev. 2Oct 2008Security Considerations in the System Development Life Cycle
SP 800-64 Rev. 2
SP 800-56 CNov 2011Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-52 Rev. 1Apr. 2014Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1
SP 800-47Aug 2002Security Guide for Interconnecting Information Technology Systems
SP 800-47
SP 800-46 Rev. 1Jun 2009Guide to Enterprise Telework and Remote Access Security
SP 800-46 Rev. 1
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-33Dec 2001Underlying Technical Models for Information Technology Security
SP 800-33
SP 800-27 Rev. AJun 2004Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
SP 800-27 Rev. A
SP 800-14Sep 1996Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-14
SP 800-12Oct 1995An Introduction to Computer Security: The NIST Handbook
SP 800-12
SP 800-12 (HTML)
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 8018 
(Draft)
July 29, 2014DRAFT Public Safety Mobile Application Security Requirements Workshop Summary
Announcement and Draft Publication
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7946Apr. 2014CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link]
NIST IR 7864Jul 2012The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities
NISTIR 7864 FAQ
doi:10.6028/NIST.IR.7864 [Direct Link]
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
NIST IR 7669 
(Draft)
Mar. 10, 2010DRAFT Open Vulnerability Assessment Language (OVAL) Validation Program Derived Test Requirements
Announcement and Draft Publication
NIST IR 7622Oct 2012Notional Supply Chain Risk Management Practices for Federal Information Systems
NISTIR 7622 FAQ
doi:10.6028/NIST.IR.7622 [Direct Link]
NIST IR 7621 Rev.1 
(Draft)
Dec. 16, 2014DRAFT Small Business Information Security: The Fundamentals
Announcement and Draft Publication
NIST IR 7621Oct 2009Small Business Information Security: The Fundamentals
NISTIR 7621
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7581Sep 2009System and Network Security Acronyms and Abbreviations
NISTIR 7581
NIST IR 7564Apr 2009Directions in Security Metrics Research
NISTIR 7564
NIST IR 7559Jun 2010Forensics Web Services (FWS)
NISTIR 7559
NIST IR 7435Aug 2007The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems
NISTIR 7435
NIST IR 7359Jan 2007Information Security Guide For Government Executives
NISTIR 7359
Booklet
NIST IR 7358Jan 2007Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358
NIST IR 7298 Rev. 2May 2013Glossary of Key Information Security Terms
NISTIR 7298 Rev. 2 FAQ
doi:10.6028/NIST.IR.7298r2 [Direct Link]
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL July 2014Jul 2014Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL May 2014May 2014Small and Medium-Size Business Information Security Outreach Program
ITL April 2014Apr 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
Apr. 2014 ITL Bulletin (EPUB) FAQ
ITL February 2014Feb 2014Framework for Improving Critical Infrastructure Cybersecurity
Feb. 2014 ITL Bulletin (EPUB) FAQ
ITL December 2013Dec 2013The National Vulnerability Database (NVD): Overview
Dec. 2013 ITL Bulletin (EPUB) FAQ
ITL July 2013Jul 2013ITL Issues Guidelines for Managing the Security of Mobile Devices
ITL June 2013Jun 2013ITL Updates Glossary Of Key Information Security Terms
ITL October 2008Oct 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL November 2006Nov 2006Guide to Securing Computers Using Windows XP Home Edition
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL September 2004Sep 2004Information Security Within the System Development Life Cycle (SDLC)
Back to Top
Historical Archives
NumberDateTitle
SP 800-29Jun 2001A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
SP 800-29
SP 800-13Oct 1995Telecommunications Security Guidelines for Telecommunications Management Network
SP 800-13
NIST IR 6483Mar 2000Randomness Testing of the Advanced Encryption Standard Finalist Candidates
NISTIR 6483
NIST IR 6390Sep 1999Randomness Testing of the Advanced Encryption Standard Candidate Algorithms
NISTIR 6390
NIST IR 54951994Computer Security Training & Awareness Course Compendium
NISTIR 5495
NIST IR 5472Mar 1994A Head Start on Assurance Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness
NISTIR 5472
NIST IR 5308Dec 1993General Procedures for Registering Computer Security Objects
NISTIR 5308
NIST IR 5153Mar 1993Minimum Security Requirements for Multi-User Operating Systems
NISTIR 5153
NIST IR 4976Nov 1992Assessing Federal and Commercial Information Security Needs
NISTIR 4976
NIST IR 4939Oct 1992Threat Assessment of Malicious Code and External Attacks
NISTIR 4939 (HTML)
NISTIR 4939 (TXT)
NIST IR 4749Jun 1992Sample Statements of Work for Federal Computer Security Services: For use In-House or Contracting Out
NISTIR 4749
NIST IR 4734Feb 1992Foundations of a Security Policy for use of the National Research and Educational Network
NISTIR 4734
Back to Top
Incident Response
NumberDateTitle
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-150 
(Draft)
Oct. 28, 2014DRAFT Guide to Cyber Threat Information Sharing
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-86Aug 2006Guide to Integrating Forensic Techniques into Incident Response
SP 800-86
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84
SP 800-84 (EPUB) FAQ
SP 800-83 Rev. 1Jul 2013Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-61 Rev. 2Aug 2012Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1
SP 800-40 Rev. 3Jul 2013Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
NIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,
NISTIR 7387
NIST IR 7250Oct 2005Cell Phone Forensic Tools: An Overview and Analysis
NISTIR 7250
NIST IR 7100Aug 2004PDA Forensic Tools: An Overview and Analysis
NISTIR 7100
NIST IR 6981Apr 2003Policy Expression and Enforcement for Handheld Devices
NISTIR 6981
NIST IR 6416Oct 1999Applying Mobile Agents to Intrusion Detection and Response
NISTIR 6416
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL February 2014Feb 2014Framework for Improving Critical Infrastructure Cybersecurity
Feb. 2014 ITL Bulletin (EPUB) FAQ
ITL September 2013Sep 2013ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL August 2013Aug 2013ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL September 2012Sep 2012Revised Guide Helps Organizations Handle Security Related Incidents
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL September 2006Sep 2006Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents
ITL February 2006Feb 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL April 2002Apr 2002Techniques for System and Data Recovery
Back to Top
Maintenance
NumberDateTitle
FIPS 191Nov 1994Guideline for The Analysis of Local Area Network Security
FIPS 191
FIPS 188Sep 1994Standard Security Label for Information Transfer
FIPS 188
SP 800-171 
(Draft)
Nov. 18, 2014DRAFT Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
Announcement and Draft Publication
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-128Aug 2011Guide for Security-Focused Configuration Management of Information Systems
SP 800-128
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-123Jul 2008Guide to General Server Security
SP 800-123
SP 800-123 (EPUB) FAQ
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-88 Rev. 1Dec. 2014Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84
SP 800-84 (EPUB) FAQ
SP 800-83 Rev. 1Jul 2013Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-69Sep 2006Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
SP 800-69
SP 800-68 Rev. 1Oct 2008Guide to Securing Microsoft Windows XP Systems for IT Professionals
SP 800-68 Rev. 1
SP 800-61 Rev. 2Aug 2012Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
SP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information Security
SP 800-55 Rev. 1
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-43Nov 2002Systems Administration Guidance for Windows 2000 Professional System
SP 800-43
SP 800-40 Rev. 3Jul 2013Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
SP 800-40 Version 2.0Nov 2005Creating a Patch and Vulnerability Management Program
SP 800-40 Version 2.0
SP 800-24Apr 2001PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
SP 800-24
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7823 
(Draft)
Jul. 10, 2012DRAFT Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
Announcement and Draft Publication
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
NIST IR 7275 Rev. 4Sep 2011Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4
NISTIR 7275 Rev. 4 (03-2012 update)
NISTIR 7275 Rev. 4 (03-2012 update - markup)
NIST IR 7275 Rev. 3Jan 2008Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3
NIST IR 6985Apr 2003COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP)
NISTIR 6985
NIST IR 6462Dec 1999CSPP - Guidance for COTS Security Protection Profiles
NISTIR 6462
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL February 2014Feb 2014Framework for Improving Critical Infrastructure Cybersecurity
Feb. 2014 ITL Bulletin (EPUB) FAQ
ITL December 2013Dec 2013The National Vulnerability Database (NVD): Overview
Dec. 2013 ITL Bulletin (EPUB) FAQ
ITL September 2013Sep 2013ITL Publishes Guidance on Preventing and Handling Malware Incidents
ITL August 2013Aug 2013ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL October 2008Oct 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL November 2006Nov 2006Guide to Securing Computers Using Windows XP Home Edition
ITL August 2006Aug 2006Protecting Sensitive Information Processed and Stored in Information Technology (IT) Systems
ITL February 2006Feb 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL October 2004Oct 2004Securing Voice Over Internet Protocol (IP) Networks
Back to Top
Personal Identity Verification (PIV)
NumberDateTitle
FIPS 201-2Aug 2013Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
SP 800-157Dec. 2014(PRE-PUBLICATION): Guidelines for Derived Personal Identity Verification (PIV) Credentials
(PRE-PUBLICATION) SP 800-157
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-103 
(Draft)
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-85 B-4 
(Draft)
Aug. 6, 2014DRAFT PIV Data Model Conformance Test Guidelines
Announcement and Draft Publication
SP 800-85 BJul 2006PIV Data Model Test Guidelines
SP 800-85B
SP 800-85 A-2Jul 2010PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 Compliance)
SP 800-85A-2
SP 800-79 2 
(Draft)
Jun 2, 2014DRAFT Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
Announcement and Draft Publication
SP 800-79 -1Jun 2008Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
SP 800-79-1
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-76 -2Jul 2013Biometric Specifications for Personal Identity Verification
SP 800-76-2 FAQ
doi:10.6028/NIST.SP.800-76-2 [Direct Link]
SP 800-73 -4 
(Draft)
May 19, 2014DRAFT Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

Announcement and Draft Publication
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification
NIST IR 8014 
(Draft)
July 15, 2014DRAFT Considerations for Identity Management in Public Safety Mobile Networks
Announcement and Draft Publication
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7863 
(Draft)
Dec 13, 2013DRAFT Cardholder Authentication for the PIV Digital Signature Key
Announcement and Draft Publication
NIST IR 7849Mar 2014A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7676Jun 2010Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7337Aug 2006Personal Identity Verification Demonstration Summary
NISTIR 7337
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
ITL October 2013Oct 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
Oct. 2013 ITL Bulletin (EPUB) FAQ
ITL February 2009Feb 2009Using Personal Identity Verification (Piv) Credentials in Physical Access Control Systems (PACS)
ITL January 2006Jan 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL August 2005Aug 2005Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
Back to Top
PKI
NumberDateTitle
FIPS 196Feb 1997Entity Authentication Using Public Key Cryptography
FIPS 196
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
FIPS 140-2May 2001Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002)
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Annex A: Approved Security Functions (EPUB) FAQ
Annex B: Approved Protection Profiles (EPUB) FAQ
Annex C: Approved Random Number Generators (EPUB) FAQ
Annex D: Approved Key Establishment Techniques (EPUB) FAQ
FIPS 140-1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modules
FIPS 140-1
SP 800-157Dec. 2014(PRE-PUBLICATION): Guidelines for Derived Personal Identity Verification (PIV) Credentials
(PRE-PUBLICATION) SP 800-157
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-89Nov 2006Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-73 -4 
(Draft)
May 19, 2014DRAFT Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

Announcement and Draft Publication
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification
SP 800-63 -2Aug 2013Electronic Authentication Guideline
SP 800-63-2 FAQ
doi:10.6028/NIST.SP.800-63-2 [Direct Link]
SP 800-63 -1Dec 2011Electronic Authentication Guideline
SP 800-63-1
SP 800-57 Part 3-Rev.1 
(Draft)
May 5, 2014DRAFT Recommendation for Key Management: Part 3 - Application-Specific Key Management Guidance
Announcement and Draft Publication
SP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)
SP 800-57 Part 1, Rev. 3
SP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2
SP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidance
SP 800-57 Part 3
SP 800-52 Rev. 1Apr. 2014Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-52r1 [Direct Link]
SP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25
SP 800-15Jan 1998MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7956Sep 2013Cryptographic Key Management Issues & Challenges in Cloud Services
NISTIR 7956 FAQ
doi:10.6028/NIST.IR.7956 [Direct Link]
NIST IR 7924 
(Draft)
May 29, 2014DRAFT Reference Certificate Policy (Second Draft)
Announcement and Draft Publication
NIST IR 7849Mar 2014A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7676Jun 2010Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7609Jan 2010Cryptographic Key Management Workshop Summary
NISTIR 7609
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7427Sep 20076th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313
NIST IR 7224Aug 20054th Annual PKI R&D Workshop: Multiple Paths to Trust Proceedings
NISTIR 7224
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL April 2014Apr 2014Release of NIST Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
Apr. 2014 ITL Bulletin (EPUB) FAQ
Back to Top
Planning
NumberDateTitle
FIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information Systems
FIPS 200
FIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information Systems
FIPS 199
FIPS 191Nov 1994Guideline for The Analysis of Local Area Network Security
FIPS 191
FIPS 188Sep 1994Standard Security Label for Information Transfer
FIPS 188
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
FIPS 140-2May 2001Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002)
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Annex A: Approved Security Functions (EPUB) FAQ
Annex B: Approved Protection Profiles (EPUB) FAQ
Annex C: Approved Random Number Generators (EPUB) FAQ
Annex D: Approved Key Establishment Techniques (EPUB) FAQ
FIPS 140-1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modules
FIPS 140-1
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-163 
(Draft)
Aug 19, 2014DRAFT Technical Considerations for Vetting 3rd Party Mobile Applications
Announcement and Draft Publication
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-153Feb 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-125 A 
(Draft)
Oct. 20, 2014DRAFT Security Recommendations for Hypervisor Deployment
Announcement and Draft Publication
SP 800-125Jan 2011Guide to Security for Full Virtualization Technologies
SP 800-125
SP 800-124 Rev. 1Jun 2013Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
SP 800-123Jul 2008Guide to General Server Security
SP 800-123
SP 800-123 (EPUB) FAQ
SP 800-122Apr 2010Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122
SP 800-122 (EPUB) FAQ
SP 800-119Dec 2010Guidelines for the Secure Deployment of IPv6
SP 800-119
SP 800-118 
(Draft)
Apr. 21, 2009DRAFT Guide to Enterprise Password Management
Announcement and Draft Publication
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-113Jul 2008 Guide to SSL VPNs
SP 800-113
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98
SP 800-95Aug 2007Guide to Secure Web Services
SP 800-95
SP 800-94 Rev. 1 
(Draft)
July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
Announcement and Draft Publication
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94
SP 800-81 -2Sep 2013Secure Domain Name System (DNS) Deployment Guide
SP 800-81-2 FAQ
doi:10.6028/NIST.SP.800-81-2 [Direct Link]
SP 800-65Jan 2005Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65
SP 800-57 Part 3-Rev.1 
(Draft)
May 5, 2014DRAFT Recommendation for Key Management: Part 3 - Application-Specific Key Management Guidance
Announcement and Draft Publication
SP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)
SP 800-57 Part 1, Rev. 3
SP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management Organization
SP 800-57 Part 2
SP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidance
SP 800-57 Part 3
SP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information Security
SP 800-55 Rev. 1
SP 800-54Jul 2007Border Gateway Protocol Security
SP 800-54
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1
SP 800-47Aug 2002Security Guide for Interconnecting Information Technology Systems
SP 800-47
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP 800-44 Version 2
SP 800-43Nov 2002Systems Administration Guidance for Windows 2000 Professional System
SP 800-43
SP 800-41 Rev. 1Sep 2009Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1
SP 800-40 Version 2.0Nov 2005Creating a Patch and Vulnerability Management Program
SP 800-40 Version 2.0
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
SP 800-37 Rev. 1Feb 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of June 05, 2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
SP 800-36Oct 2003Guide to Selecting Information Technology Security Products
SP 800-36
SP 800-35Oct 2003Guide to Information Technology Security Services
SP 800-35
SP 800-33Dec 2001Underlying Technical Models for Information Technology Security
SP 800-33
SP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32
SP 800-30 Rev. 1Sep 2012Guide for Conducting Risk Assessments
SP 800-30 Rev. 1
SP 800-30 Rev. 1 (EPUB) FAQ
SP 800-27 Rev. AJun 2004Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
SP 800-27 Rev. A
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
SP 800-21 2nd Edition
SP 800-19Oct 1999Mobile Agent Security
SP 800-19
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7981 
(Draft)
Mar. 7, 2014DRAFT Mobile, PIV, and Authentication
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7621 Rev.1 
(Draft)
Dec. 16, 2014DRAFT Small Business Information Security: The Fundamentals
Announcement and Draft Publication
NIST IR 7621Oct 2009Small Business Information Security: The Fundamentals
NISTIR 7621
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7497Sep 2010Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497
NIST IR 7359Jan 2007Information Security Guide For Government Executives
NISTIR 7359
Booklet
NIST IR 7358Jan 2007Program Review for Information Security Management Assistance (PRISMA)
NISTIR 7358
NIST IR 7316Sep 2006Assessment of Access Control Systems
NISTIR 7316
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
NIST IR 6985Apr 2003COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP)
NISTIR 6985
NIST IR 6981Apr 2003Policy Expression and Enforcement for Handheld Devices
NISTIR 6981
NIST IR 6887Jul 2003Government Smart Card Interoperability Specification
NISTIR 6887
NIST IR 6462Dec 1999CSPP - Guidance for COTS Security Protection Profiles
NISTIR 6462
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL May 2014May 2014Small and Medium-Size Business Information Security Outreach Program
ITL February 2014Feb 2014Framework for Improving Critical Infrastructure Cybersecurity
Feb. 2014 ITL Bulletin (EPUB) FAQ
ITL October 2008Oct 2008Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices
ITL July 2007Jul 2007Border Gateway Protocol (BGP) Security
ITL May 2007May 2007Securing Radio Frequency Identification (RFID) Systems
ITL February 2007Feb 2007Intrusion Detection and Prevention Systems
ITL November 2006Nov 2006Guide to Securing Computers Using Windows XP Home Edition
ITL June 2006Jun 2006Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment
ITL March 2006Mar 2006Minimum Security Requirements for Federal Information and Information Systems: Federal Information Processing Standard (FIPS) 200 Approved by the Secretary of Commerce
ITL February 2006Feb 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL January 2006Jan 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL August 2005Aug 2005Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL January 2005Jan 2005Integrating Information Technology (IT) Security into the Capital Planning and Investment Control Process
ITL November 2004Nov 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL June 2004Jun 2004Information Technology Security Services: How to Select, Implement, and Manage
ITL April 2004Apr 2004Selecting Information Technology Security Products
ITL March 2004Mar 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
ITL February 2003Feb 2003Secure Interconnections for Information Technology Systems
Back to Top
Research
NumberDateTitle
SP 800-162Jan 2014Guide to Attribute Based Access Control (ABAC) Definition and Considerations
SP 800-162 FAQ
doi:10.6028/NIST.SP.800-162 [Direct Link]
SP 800-162 (EPUB) FAQ
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
SP 800-146
SP 800-146 (EPUB) FAQ
SP 800-145Sep 2011The NIST Definition of Cloud Computing
SP 800-145
SP 800-145 (EPUB) FAQ
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-95Aug 2007Guide to Secure Web Services
SP 800-95
NIST IR 7904 
(Draft)
Dec. 21, 2012DRAFT Trusted Geolocation in the Cloud: Proof of Concept Implementation
Announcement and Draft Publication
NIST IR 7773Nov 2010An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events
NISTIR 7773
NIST IR 7771Feb 2011Conformance Test Architecture for Biometric Data Interchange Formats - Version Beta 2.0
NISTIR 7771
NIST IR 7658Feb 2010Guide to SIMfill Use and Development
NISTIR 7658
NIST IR 7617Oct 2009Mobile Forensic Reference Materials: A Methodology and Reification
NISTIR 7617
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7564Apr 2009Directions in Security Metrics Research
NISTIR 7564
NIST IR 7559Jun 2010Forensics Web Services (FWS)
NISTIR 7559
NIST IR 7539Dec 2008Symmetric Key Injection onto Smart Cards
NISTIR 7539
NIST IR 7516Aug 2008Forensic Filtering of Cell Phone Protocols
NISTIR 7516
NIST IR 7497Sep 2010Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497
NIST IR 7427Sep 20076th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR 7427
NIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,
NISTIR 7387
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313
NIST IR 7224Aug 20054th Annual PKI R&D Workshop: Multiple Paths to Trust Proceedings
NISTIR 7224
NIST IR 7200Jun 2005Proximity Beacons and Mobile Handheld Devices: Overview and Implementation
NISTIR 7200
NIST IR 7056Mar 2004Card Technology Development and Gap Analysis Interagency Report
NISTIR 7056
NIST IR 7007Jun 2003An Overview of Issues in Testing Intrusion Detection Systems
NISTIR 7007
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL March 2014Mar 2014Attribute Based Access Conctrol (ABAC) Definition and Considerations
Mar. 2014 ITL Bulletin (EPUB) FAQ
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL July 2003Jul 2003Testing Intrusion Detection Systems
Back to Top
Risk Assessment
NumberDateTitle
FIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information Systems
FIPS 199
FIPS 191Nov 1994Guideline for The Analysis of Local Area Network Security
FIPS 191
SP 800-167 
(Draft)
Aug. 22, 2014DRAFT Guide to Application Whitelisting
Announcement and Draft Publication
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-153Feb 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153
SP 800-150 
(Draft)
Oct. 28, 2014DRAFT Guide to Cyber Threat Information Sharing
Announcement and Draft Publication
SP 800-137Sep 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-137
SP 800-128Aug 2011Guide for Security-Focused Configuration Management of Information Systems
SP 800-128
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-125Jan 2011Guide to Security for Full Virtualization Technologies
SP 800-125
SP 800-122Apr 2010Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122
SP 800-122 (EPUB) FAQ
SP 800-118 
(Draft)
Apr. 21, 2009DRAFT Guide to Enterprise Password Management
Announcement and Draft Publication
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-115Sep 2008Technical Guide to Information Security Testing and Assessment
SP 800-115
SP 800-115 (EPUB) FAQ
SP 800-88 Rev. 1Dec. 2014Guidelines for Media Sanitization
SP 800-88 Revision 1 FAQ
doi:10.6028/NIST.SP.800-88r1 [Direct Link]
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84
SP 800-84 (EPUB) FAQ
SP 800-82 Rev.2 
(Draft)
May 14, 2014DRAFT Guide to Industrial Control Systems (ICS) Security
Announcement and Draft Publication
SP 800-82 Rev. 1Apr 2013Guide to Industrial Control Systems (ICS) Security
SP 800-82 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-82r1 [Direct Link]
SP 800-61 Rev. 2Aug 2012Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
SP 800-60 Rev. 1Aug 2008Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 1: Guide for Mapping Types of Information and Information Systems to Security Categories
Vol. 2: Appendices
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-47Aug 2002Security Guide for Interconnecting Information Technology Systems
SP 800-47
SP 800-40 Rev. 3Jul 2013Guide to Enterprise Patch Management Technologies
SP 800-40 Rev. 3 FAQ
doi:10.6028/NIST.SP.800-40r3 [Direct Link]
SP 800-40 Version 2.0Nov 2005Creating a Patch and Vulnerability Management Program
SP 800-40 Version 2.0
SP 800-39Mar 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
SP 800-37 Rev. 1Feb 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
SP 800-37 Rev. 1 (including updates as of June 05, 2014) FAQ
doi:10.6028/NIST.SP.800-37r1 [Direct Link]
Supplemental Guidance on Ongoing Authorization, (June 2014)
SP 800-30 Rev. 1Sep 2012Guide for Conducting Risk Assessments
SP 800-30 Rev. 1
SP 800-30 Rev. 1 (EPUB) FAQ
SP 800-28 Version 2Mar 2008Guidelines on Active Content and Mobile Code
SP 800-28 Version 2
SP 800-23Aug 2000Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
SP 800-23
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
SP 800-21 2nd Edition
SP 800-19Oct 1999Mobile Agent Security
SP 800-19
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7966 
(Draft)
Aug. 21, 2014DRAFT Security of Automated Access Management Using Secure Shell (SSH)
Announcement and Draft Publication
NIST IR 7864Jul 2012The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities
NISTIR 7864 FAQ
doi:10.6028/NIST.IR.7864 [Direct Link]
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7831 
(Draft)
Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Announcement and Draft Publication
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7692Apr 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692
NIST IR 7628 Rev. 1Sep 2014Guidelines for Smart Grid Cybersecurity:
Vol. 1 - Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements
Vol. 2 - Privacy and the Smart Grid
Vol. 3 - Supportive Analyses and References

NISTIR 7628 Rev. 1, (Volumes 1-3) FAQ
doi:10.6028/NIST.IR.7628r1 [Direct Link]
NIST IR 7564Apr 2009Directions in Security Metrics Research
NISTIR 7564
NIST IR 7502Dec 2010The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
NISTIR 7502
NIST IR 7497Sep 2010Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497
NIST IR 7316Sep 2006Assessment of Access Control Systems
NISTIR 7316
NIST IR 6981Apr 2003Policy Expression and Enforcement for Handheld Devices
NISTIR 6981
ITL September 2014Sept. 2014Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity
ITL February 2014Feb 2014Framework for Improving Critical Infrastructure Cybersecurity
Feb. 2014 ITL Bulletin (EPUB) FAQ
ITL August 2013Aug 2013ITL Publishes Guidance on Enterprise Patch Management Technologies
ITL August 2011Aug 2011Protecting Industrial Control Systems Key Components of Our Nation's Critical Infrastructures
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, and Exercise Programs
ITL February 2006Feb 2006Creating a Program to Manage Security Patches and Vulnerabilities: NIST Recommendations for Improving System Security
ITL November 2004Nov 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
ITL March 2004Mar 2004Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
ITL February 2003Feb 2003Secure Interconnections for Information Technology Systems
Back to Top
Security Automation
NumberDateTitle
SP 800-163 
(Draft)
Aug 19, 2014DRAFT Technical Considerations for Vetting 3rd Party Mobile Applications
Announcement and Draft Publication
SP 800-150 
(Draft)
Oct. 28, 2014DRAFT Guide to Cyber Threat Information Sharing
Announcement and Draft Publication
SP 800-128Aug 2011Guide for Security-Focused Configuration Management of Information Systems
SP 800-128
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-70 Rev. 2Feb 2011National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 2
NIST IR 7946Apr. 2014CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link]
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7802Sep 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR 7802
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7698Aug 2011Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR 7698
NIST IR 7697Aug 2011Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR 7697
NIST IR 7696Aug 2011Common Platform Enumeration : Name Matching Specification Version 2.3
NISTIR 7696
NIST IR 7695Aug 2011Common Platform Enumeration: Naming Specification Version 2.3
NISTIR 7695
NIST IR 7694Jun 2011Specification for the Asset Reporting Format 1.1
NISTIR 7694
NIST IR 7693Jun 2011Specification for Asset Identification 1.1
NISTIR 7693
NIST IR 7692Apr 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
NISTIR 7692
NIST IR 7511 Rev. 3Jan 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
NISTIR 7511 Rev. 3 (including updates as of 07-11-2013) FAQ
doi:10.6028/NIST.IR.7511 [Direct Link]
NIST IR 7502Dec 2010The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
NISTIR 7502
NIST IR 7435Aug 2007The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems
NISTIR 7435
NIST IR 7275 Rev. 4Sep 2011Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR 7275 Rev. 4
NISTIR 7275 Rev. 4 (03-2012 update)
NISTIR 7275 Rev. 4 (03-2012 update - markup)
NIST IR 7275 Rev. 3Jan 2008Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR 7275 Rev. 3
ITL July 2014Jul 2014Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL December 2013Dec 2013The National Vulnerability Database (NVD): Overview
Dec. 2013 ITL Bulletin (EPUB) FAQ
ITL April 2013Apr 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
ITL January 2012Jan 2012Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)
ITL September 2011Sep 2011Managing the Configuration of Information Systems with a Focus on Security
ITL May 2011May 2011Using Security Configuration Checklists and the National Checklist Program
ITL September 2010Sep 2010Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of Their Information Systems
ITL February 2008Feb 2008Federal Desktop Core Configuration (FDCC): Improving Security for Windows Desktop Operating Systems
Back to Top
Services & Acquisitions
NumberDateTitle
FIPS 201-2Aug 2013Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
FIPS 140-3 
(Draft)
Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Announcement and Draft Publication
FIPS 140-2May 2001Security Requirements for Cryptographic Modules
FIPS 140-2 (including change notices as of 12-03-2002)
Annex A: Approved Security Functions
Annex B: Approved Protection Profiles
Annex C: Approved Random Number Generators
Annex D: Approved Key Establishment Techniques
FIPS 140-2 (EPUB) FAQ
Annex A: Approved Security Functions (EPUB) FAQ
Annex B: Approved Protection Profiles (EPUB) FAQ
Annex C: Approved Random Number Generators (EPUB) FAQ
Annex D: Approved Key Establishment Techniques (EPUB) FAQ
FIPS 140-1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modules
FIPS 140-1
SP 800-161 
(Draft)
Jun. 3, 2014DRAFT Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Second Draft)
Announcement and Draft Publication
SP 800-144Dec 2011Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144
SP 800-144 (EPUB) FAQ
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-126 Rev. 1Feb 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1
SP 800-126Nov 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
SP 800-126
SP 800-124 Rev. 1Jun 2013Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-124r1 [Direct Link]
SP 800-124 Rev. 1 (EPUB) FAQ
SP 800-121 Rev. 1Jun 2012Guide to Bluetooth Security
SP 800-121 Rev. 1
SP 800-117 Rev. 1 
(Draft)
Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Announcement and Draft Publication
SP 800-117Jul 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
SP 800-117
SP 800-115Sep 2008Technical Guide to Information Security Testing and Assessment
SP 800-115
SP 800-115 (EPUB) FAQ
SP 800-101 Rev.1May 2014Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-101r1 [Direct Link]
SP 800-97Feb 2007Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP 800-97
SP 800-85 B-4 
(Draft)
Aug. 6, 2014DRAFT PIV Data Model Conformance Test Guidelines
Announcement and Draft Publication
SP 800-85 BJul 2006PIV Data Model Test Guidelines
SP 800-85B
SP 800-85 A-2Jul 2010PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 Compliance)
SP 800-85A-2
SP 800-79 2 
(Draft)
Jun 2, 2014DRAFT Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
Announcement and Draft Publication
SP 800-79 -1Jun 2008Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
SP 800-79-1
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-73 -4 
(Draft)
May 19, 2014DRAFT Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

Announcement and Draft Publication
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification
SP 800-66 Rev 1Oct 2008An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-66 Rev. 1
SP 800-65 Rev. 1 
(Draft)
July 14, 2009DRAFT Recommendations for Integrating Information Security into the Capital Planning and Investment Control Process (CPIC)
Announcement and Draft Publication
SP 800-65Jan 2005Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-65
SP 800-58Jan 2005Security Considerations for Voice Over IP Systems
SP 800-58
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-51 Rev. 1Feb 2011Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP 800-48 Rev. 1
SP 800-36Oct 2003Guide to Selecting Information Technology Security Products
SP 800-36
SP 800-35Oct 2003Guide to Information Technology Security Services
SP 800-35
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
SP 800-25
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
SP 800-21 2nd Edition
SP 800-15Jan 1998MISPC Minimum Interoperability Specification for PKI Components, Version 1
SP 800-15
NIST IR 8023 
(Draft)
Sept. 10, 2014DRAFT Risk Management for Replication Devices
Announcement and Draft Publication
NIST IR 7848 
(Draft)
May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
Announcement and Draft Publication
NIST IR 7800 
(Draft)
Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Announcement and Draft Publication
NIST IR 7799 
(Draft)
Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Announcement and Draft Publication
NIST IR 7756 
(Draft)
Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Announcement and Draft Publication
NIST IR 7670 
(Draft)
Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Announcement and Draft Publication
NIST IR 7622Oct 2012Notional Supply Chain Risk Management Practices for Federal Information Systems
NISTIR 7622 FAQ
doi:10.6028/NIST.IR.7622 [Direct Link]
NIST IR 7511 Rev. 3Jan 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
NISTIR 7511 Rev. 3 (including updates as of 07-11-2013) FAQ
doi:10.6028/NIST.IR.7511 [Direct Link]
NIST IR 7497Sep 2010Security Architecture Design Process for Health Information Exchanges (HIEs)
NISTIR 7497
NIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,
NISTIR 7387
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
NIST IR 7250Oct 2005Cell Phone Forensic Tools: An Overview and Analysis
NISTIR 7250
NIST IR 7100Aug 2004PDA Forensic Tools: An Overview and Analysis
NISTIR 7100
NIST IR 6887Jul 2003Government Smart Card Interoperability Specification
NISTIR 6887
ITL October 2013Oct 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
Oct. 2013 ITL Bulletin (EPUB) FAQ
ITL February 2008Feb 2008Federal Desktop Core Configuration (FDCC): Improving Security for Windows Desktop Operating Systems
ITL June 2007Jun 2007Forensic Techniques for Cell Phones
ITL January 2006Jan 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL August 2005Aug 2005Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
ITL January 2005Jan 2005Integrating Information Technology (IT) Security into the Capital Planning and Investment Control Process
ITL October 2004Oct 2004Securing Voice Over Internet Protocol (IP) Networks
ITL June 2004Jun 2004Information Technology Security Services: How to Select, Implement, and Manage
ITL April 2004Apr 2004Selecting Information Technology Security Products
Back to Top
Smart Cards
NumberDateTitle
FIPS 201-2Aug 2013Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-2 FAQ
doi:10.6028/NIST.FIPS.201-2 [Direct Link]
2012 Draft Comments and Dispositions
2011 Draft Comments and Dispositions
SP 800-157Dec. 2014(PRE-PUBLICATION): Guidelines for Derived Personal Identity Verification (PIV) Credentials
(PRE-PUBLICATION) SP 800-157
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-116
SP 800-103 
(Draft)
Oct. 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
Announcement and Draft Publication
SP 800-85 A-2Jul 2010PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 Compliance)
SP 800-85A-2
SP 800-78 -4 
(Draft)
May 19, 2014DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
Announcement and Draft Publication
SP 800-78 -3Dec 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
SP 800-78-3
SP 800-73 -4 
(Draft)
May 19, 2014DRAFT Interfaces for Personal Identity Verification (3 Parts)
Part 1- PIV Card Application Namespace, Data Model and Representation
Part 2- PIV Card Application Card Command Interface
Part 3- PIV Client Application Programming Interface

Announcement and Draft Publication
SP 800-73 -3Feb 2010Interfaces for Personal Identity Verification (4 Parts)
Part 1: End Point PIV Card Application Namespace, Data Model & Representation
Part 2: PIV Card Application Card Command Interface
Part 3: PIV Client Application Programming Interface
Part 4: The PIV Transitional Interfaces & Data Model Specification
NIST IR 7849Mar 2014A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification
NISTIR 7849 FAQ
doi:10.6028/NIST.IR.7849 [Direct Link]
NIST IR 7817Nov 2012A Credential Reliability and Revocation Model for Federated Identities
NISTIR 7817 FAQ
doi:10.6028/NIST.IR.7817 [Direct Link]
NIST IR 7676Jun 2010Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676
NIST IR 7611Aug 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
NISTIR 7611
NIST IR 7539Dec 2008Symmetric Key Injection onto Smart Cards
NISTIR 7539
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR 7452
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NISTIR 7313
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
NISTIR 7284
NIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementation
NISTIR 7206
NIST IR 7056Mar 2004Card Technology Development and Gap Analysis Interagency Report
NISTIR 7056
NIST IR 6887Jul 2003Government Smart Card Interoperability Specification
NISTIR 6887
ITL October 2013Oct 2013ITL Updates Federal Information Processing Standard (FIPS) for Personal Identity Verification (PIV) of Federal Employees and Contractors
Oct. 2013 ITL Bulletin (EPUB) FAQ
ITL January 2006Jan 2006Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
ITL August 2005Aug 2005Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
Back to Top
Viruses & Malware
NumberDateTitle
SP 800-163 
(Draft)
Aug 19, 2014DRAFT Technical Considerations for Vetting 3rd Party Mobile Applications
Announcement and Draft Publication
SP 800-147 BAug. 2014BIOS Protection Guidelines for Servers
SP 800-147B FAQ
doi:10.6028/NIST.SP.800-147B [Direct Link]
SP 800-147Apr 2011Basic Input/Output System (BIOS) Protection Guidelines
SP 800-147
SP 800-126 Rev. 2Sep 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2
Errata for SP 800-126 Rev. 2
SP 800-83 Rev. 1Jul 2013Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 FAQ
doi:10.6028/NIST.SP.800-83r1 [Direct Link]
SP 800-61 Rev. 2Aug 2012Computer Security Incident Handling Guide
SP 800-61 Rev. 2 FAQ
doi:10.6028/NIST.SP.800-61r2 [Direct Link]
SP 800-53 Rev. 4Apr 2013Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 4 (including updates as of 01-15-2014) FAQ
doi:10.6028/NIST.SP.800-53r4 [Direct Link]
Word version of SP 800-53 Rev. 4 (01-15-2014)
XML file for SP 800-53 Rev. 4 (01-15-2014)
Summary of NIST SP 800-53 Revision 4
SP 800-46 Rev. 1Jun 2009Guide to Enterprise Telework and Remote Access Security
SP 800-46 Rev. 1
SP 800-28 Version 2Mar 2008Guidelines on Active Content and Mobile Code
SP 800-28 Version 2
SP 800-19Oct 1999Mobile Agent Security
SP 800-19
NIST IR 7946Apr. 2014CVSS Implementation Guidance
NISTIR 7946 FAQ
doi:10.6028/NIST.IR.7946 [Direct Link]
NIST IR 7435Aug 2007The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems
NISTIR 7435
ITL October 2014Oct. 2014Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers
ITL July 2014Jul 2014Release of NIST Interagency Report 7946, CVSS Implementation Guidance
ITL September 2013Sep 2013ITL Publishes Guidance on Preventing and Handling Malware Incidents
Back to Top