NIST to Withdraw Eleven Outdated SP 800 Publications
July 17, 2018

After performing an internal review of some of its older publications, NIST’s Computer Security Division has decided to withdraw eleven (11) SP 800 publications on August 1, 2018. These publications are out of date and will not be revised or superseded.

After they are withdrawn, their details pages, Digital Object Identifiers (DOIs) and fulltext PDF links will remain available for historical reference under CSRC publications, with their status changing from “Final” to “Withdrawn.”

The publications are listed below, along with brief statements about their withdrawal:

• SP 800-13 (October 1995), Telecommunications Security Guidelines for Telecommunications Management Network:
  • Describes technologies that are out of date.
     
• SP 800-17 (February 1998), Modes of Operation Validation System (MOVS): Requirements and Procedures:
  • This validation system is for algorithms that have been deprecated (e.g., DES, Skipjack). For information on current algorithm validation systems, see the Cryptographic Algorithm Validation Program (CAVP).
     
• SP 800-19 (October 1999), Mobile Agent Security:
• • Today’s environment and technologies are significantly more complex than the environment treated in this publication.
     
• SP 800-23 (August 2000), Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products:
• • Pre-dates many relevant laws, regulations, and executive directives, and does not reflect NIST’s current validation programs, Risk Management Framework, or the Cybersecurity Framework. For a current overview, see SP 800-12 Rev. 1, An Introduction to Information Security.
     
• SP 800-24 (April 2001), PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does:
• • Does not address newer technologies, such as Voice Over IP (VOIP); includes references to “security controls” that pre-date SP 800-53.
     
• SP 800-33 (December 2001), Underlying Technical Models for Information Technology Security:
• • Describes a model that pre-dates the Risk Management Framework and Cybersecurity Framework.
     
• SP 800-36 (October 2003), Guide to Selecting Information Technology Security Products:
• • Does not reflect current security product types, and references are outdated.
     
• SP 800-43 (November 2002), Systems Administration Guidance for Securing Windows 2000 Professional System:
• • This operating system is no longer supported.
     
• SP 800-65 (January 2005), Integrating IT Security into the Capital Planning and Investment Control Process:
• • Pre-dates important NIST guidance such as SP 800-53 Rev. 4, SP 800-53A Rev. 4, and the Cybersecurity Framework.
     
• SP 800-68 Rev. 1 (October 2008), Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist:
• • This operating system is no longer supported.
     
• SP 800-69 (September 2006), Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist:
• • This operating system is no longer supported.