Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-36

Guide to Selecting Information Technology Security Products

Date Published: October 2003

Planning Note (08/01/2018): Withdrawn: Does not reflect current security product types, and references are outdated.


Tim Grance (NIST), Marc Stevens (BAH), Marissa Myers (BAH)



computer security; enterprise architecture; life cycle; products; security controls
Control Families

Access Control; Assessment, Authorization and Monitoring; Identification and Authentication; Incident Response; Media Protection; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity


Download URL

Supplemental Material:
None available

Document History:
10/09/03: SP 800-36 (Final)


Security and Privacy

acquisition, planning