Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-14 (Initial Public Draft)

Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation

Date Published: August 2018
Comments Due: October 15, 2018 (public comment period is CLOSED)
Email Questions to:


William Haag (NIST), Douglas Montgomery (NIST), Allen Tan (MITRE), William Barker (Dakota Consulting)


It is difficult to overstate the importance of the internet to modern business and society in general. The internet is not a single network, but rather a complex grid of independent interconnected networks that relies on a protocol known as Border Gateway Protocol (BGP) to route traffic to its intended destination.

Unfortunately, BGP was not designed with security in mind and a route hijack attack can deny access to internet services, misdeliver traffic to malicious endpoints, and cause routing instability. A technique known as BGP route origin validation (ROV) is designed to protect against route hijacking.

The NCCoE, together with several technology vendors, has developed proof-of-concept demonstrations of BGP ROV implementation designed to improve the security of the internet's routing infrastructure. 

This cybersecurity practice guide contains step-by-step example solutions using commercially available technologies. By implementing the example solutions, organizations can better secure the safe delivery of internet traffic to its intended destination, reduce the number of outages due to BGP route hijacks, and make more informed decisions regarding routes that may be compromised. 



AS; autonomous systems; BGP; Border Gateway Protocol; DDoS; denial-of-service (DoS) attacks; internet service provider; ISP; Regional Internet Registry; Resource Public Key Infrastructure; RIR; ROA; route hijack; route origin authorization; route origin validation; routing domain; ROV; RPKI
Control Families

None selected


Draft SP 1800-14

Supplemental Material:
None available

Related NIST Publications:
Project Description

Document History:
09/04/18: SP 1800-14 (Draft)
06/28/19: SP 1800-14 (Final)


Security and Privacy

authentication, public key infrastructure