Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-14

Generally Accepted Principles and Practices for Securing Information Technology Systems

Date Published: September 1996

Planning Note (03/16/2018):

SP 800-14 is withdrawn in its entirety. Revised content from the original publication can now be found in the following publications:


Marianne Swanson (NIST), Barbara Guttman (NIST)



IT security; security baseline; security practices; security principles
Control Families

Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity


Download URL

Supplemental Material:
None available

Related NIST Publications:
ITL Bulletin

Document History:
09/03/96: SP 800-14 (Final)


Security and Privacy

general security & privacy