Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-14

Generally Accepted Principles and Practices for Securing Information Technology Systems

Date Published: September 1996

Withdrawn: March 16, 2018

Planning Note (3/16/2018):

SP 800-14 is withdrawn in its entirety. Revised content from the original publication can now be found in the following publications:


Marianne Swanson (NIST), Barbara Guttman (NIST)



IT security; security baseline; security practices; security principles
Control Families

Access Control; Audit and Accountability; Awareness and Training; Security Assessment and Authorization; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Risk Assessment; System and Communications Protection; System and Information Integrity; System and Services Acquisition;


SP 800-14 (DOI)
Local Download

Supplemental Material:
None available


Security and Privacy
general security & privacy