Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-189

Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation

Date Published: December 2019

Supersedes: SP 800-54 (07/17/2007)


Kotikalapudi Sriram (NIST), Douglas Montgomery (NIST)



routing security and robustness; Internet infrastructure security; Border Gateway Protocol (BGP) security; prefix hijacks; IP address spoofing; distributed denial-of-service (DDoS); Resource Public Key Infrastructure (RPKI); BGP origin validation (BGP-OV); prefix filtering; BGP path validation (BGP-PV); BGPsec; route leaks; source address validation (SAV); unicast Reverse Path Forwarding (uRPF); remotely triggered black hole (RTBH) filtering; flow specification (Flowspec)
Control Families

None selected


SP 800-189 (DOI)
Local Download

Supplemental Material:
None available

Document History:
12/17/18: SP 800-189 (Draft)
10/17/19: SP 800-189 (Draft)
12/17/19: SP 800-189 (Final)