GVT PUBLICATIONS

http://csrc.nist.gov/publications/PubsTC.html

PUBLICATIONS

By Topic Clusters

Annual ReportsNumberDateTitleNIST IR 7816Mar. 20122011 Computer Security Division Annual Reportnistir_7816.pdfNIST IR 7751May 20112010 Computer Security Division Annual Reportnistir-7751_2010-csd-annual-report.pdfNIST IR 7653Mar. 20102009 Computer Security Division Annual Reportnistir-7653_2009-CSD-annual-report.pdfNIST IR 7536Mar. 20092008 Computer Security Division Annual ReportNISTIR-7536_2008-CSD-Annual-Report.pdfNIST IR 7442Apr 20082007 Computer Security Division Annual ReportNIST-IR-7442_2007CSDAnnualReport.pdfNIST IR 7399Mar 20072006 Computer Security Division Annual ReportNISTIR7399_CSDAnnualReport2006.pdfNIST IR 7285Feb 20062005 Computer Security Division Annual Reportnistir-7285-CSD-2005-Annual-Report.pdfNIST IR 7219Apr 20052004 Computer Security Division Annual ReportNISTIR7219-CSD-2004-Annual-Report.pdfNIST IR 7111Apr 20042003 Computer Security Division Annual ReportIR7111-CSDAnnualReport.pdfBack to TopAudit & AccountabilityNumberDateTitleFIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information SystemsFIPS-200-final-march.pdfFIPS 199Feb 2004Standards for Security Categorization of Federal Information and Information SystemsFIPS-PUB-199-final.pdfFIPS 191Nov 1994Guideline for The Analysis of Local Area Network Securityfips191.pdfFIPS 140--3Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)revised-draft-fips140-3_PDF-zip_document-annexA-to-annexG.ziprevised-fips140-3_comments-template.dotFIPS 140--2May 2001Security Requirements for Cryptographic Modules(*Includes Change Notices as of December 3, 2002*)fips1402.pdffips1402annexa.pdffips1402annexb.pdffips1402annexc.pdffips1402annexd.pdfFIPS 140--1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modulesfips1401.pdfSP 800-126 Rev. 2Sept. 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2SP800-126r2.pdfsp800-126r2-errata-20120409.pdfSP 800-126 Rev. 1Feb. 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1SP800-126r1.pdfSP 800-126Nov. 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0sp800-126.pdfSP 800-117 Rev. 1Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2Draft-SP800-117-r1.pdfSP 800-117July 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0sp800-117.pdfSP 800-115Sept 2008Technical Guide to Information Security Testing and AssessmentSP800-115.pdfSP 800-94 Rev. 1July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)draft_sp800-94-rev1.pdfSP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)SP800-94.pdfSP 800-92Sep 2006Guide to Computer Security Log ManagementSP800-92.pdfSP 800-68 Rev. 1Oct. 2008Guide to Securing Microsoft Windows XP Systems for IT Professionalsdownload_WinXP.htmlSP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information SecuritySP800-55-rev1.pdfSP 800-53 Rev. 4Feb. 5, 2013DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)sp800_53_r4_draft_fpd.pdfSP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations(*Includes Updates as of May 1, 2010*)sp800-53-rev3-final_updated-errata_05-01-2010.pdfsp-800-53-rev3_database-beta.html800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf800-53-rev3-Annex1_updated_may-01-2010.pdf800-53-rev3-Annex2_updated_may-01-2010.pdf800-53-rev3-Annex3_updated_may-01-2010.pdfSP_800-53_Rev-3_database-R1.4.1-BETA.zipSP 800-53 A Rev. 1Jun. 2010Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Planssp800-53A-rev1-final.pdfassessment.htmlSP 800-51 Rev. 1Feb. 2011Guide to Using Vulnerability Naming SchemesSP800-51rev1.pdfSP 800-50Oct 2003Building an Information Technology Security Awareness and Training ProgramNIST-SP800-50.pdfSP 800-41 Rev. 1Sept. 2009Guidelines on Firewalls and Firewall Policysp800-41-rev1.pdfSP 800-37 Rev. 1Feb. 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approachsp800-37-rev1-final.pdfsp800-37-rev1_markup-copy_final.pdfSP 800-30 Rev. 1Sept. 2012Guide for Conducting Risk Assessmentssp800_30_r1.pdfSP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systemssp800-18-Rev1-final.pdfSP 800-16 Rev. 1Mar. 20, 2009DRAFT Information Security Training Requirements: A Role- and Performance-Based ModelDraft-SP800-16-Rev1.pdfSP 800-16Apr 1998Information Technology Security Training Requirements: A Role- and Performance-Based Model800-16.pdfAppendixA-D.pdfAppendix_E.pdfNIST IR 7848May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0draft_nistir_7848.pdfNIST IR 7831Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0Draft-NISTIR-7831.pdfNIST IR 7802Sept. 2011Trust Model for Security Automation Data (TMSAD) Version 1.0NISTIR-7802.pdfNIST IR 7800Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management DomainsDraft-NISTIR-7800.pdfNIST IR 7799Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface SpecificationsDraft-NISTIR-7799.pdfNIST IR 7756Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference ArchitectureDraft-NISTIR-7756_second-public-draft.pdfNIST IR 7698Aug. 2011Common Platform Enumeration: Applicability Language Specification Version 2.3NISTIR-7698-CPE-Language.pdfNIST IR 7697Aug. 2011Common Platform Enumeration: Dictionary Specification Version 2.3NISTIR-7697-CPE-Dictionary.pdfNIST IR 7696Aug. 2011Common Platform Enumeration : Name Matching Specification Version 2.3NISTIR-7696-CPE-Matching.pdfNIST IR 7695Aug. 2011Common Platform Enumeration: Naming Specification Version 2.3NISTIR-7695-CPE-Naming.pdfNIST IR 7694June 2011Specification for the Asset Reporting Format 1.1NISTIR-7694.pdfNIST IR 7693June 2011Specification for Asset Identification 1.1NISTIR-7693.pdfNIST IR 7692April 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0nistir-7692.pdfNIST IR 7670Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation FrameworkDraft-NISTIR-7670_Feb2011.pdfNIST IR 7358Jan 2007Program Review for Information Security Management Assistance (PRISMA)NISTIR-7358.pdfNIST IR 7316Sep 2006Assessment of Access Control SystemsNISTIR-7316.pdfNIST IR 7284Jan 2006Personal Identity Verification Card Management Reportnistir-7284.pdfNIST IR 7275 Rev. 4Sept. 2011Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2NISTIR-7275r4.pdfnistir-7275r4_updated-march-2012_markup.pdfnistir-7275r4_updated-march-2012_clean.pdfNIST IR 7275 Rev. 3Jan 2008Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4NISTIR-7275r3.pdfNIST IR 6981Apr 2003Policy Expression and Enforcement for Handheld Devicesnistir-6981.pdfITL January 2007Jan 2007Security Controls For Information Systems: Revised Guidelines Issued By NIST - ITL Security Bulletinb-01-07.pdfITL October 2006Oct 2006Log Management: Using Computer And Network Records To Improve Information Security - ITL Security Bulletinb-10-06.pdfITL March 2006Mar 2006Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce - ITL Security Bulletinb-March-06.pdfITL January 2006Jan 2006Testing And Validation Of Personal Identity Verification (PIV) Components And Subsystems For Conformance To Federal Information Processing Standard 201 - ITL Security Bulletinb-01-06.pdfITL August 2005Aug 2005Implementation Of FIPS 201, Personal Identity Verification (PIV) Of Federal Employees And Contractors - ITL Security Bulletinb-08-05.pdfITL May 2005May 2005Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process - ITL Security Bulletinb-May-05.pdfITL November 2004Nov 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government - ITL Security BulletinNov-2004.pdfITL March 2004Mar 2004Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information And Information Systems - ITL Security Bulletin03-2004.pdfITL August 2003Aug 2003IT Security Metrics - ITL Security Bulletinbulletin08-03.pdfITL June 2003Jun 2003ASSET: Security Assessment Tool For Federal Agencies - ITL Security Bulletinitl-06-2003.pdfITL January 2002Jan 2002Guidelines on Firewalls and Firewall Policy - ITL Security Bulletin01-02.pdfITL September 2001Sep 2001Security Self-Assessment Guide for Information Technology Systems - ITL Security Bulletin09-01.pdfITL February 2000Feb 2000Guideline for Implementing Cryptography in the Federal Government - ITL Security Bulletin02-00.pdfITL April 1999Apr 1999Guide for Developing Security Plans for Information Technology Systems - ITL Security Bulletin04-99.pdfBack to TopAuthenticationNumberDateTitleFIPS 196Feb 1997Entity Authentication Using Public Key Cryptographyfips196.pdfFIPS 190Sep 1994Guideline for the Use of Advanced Authentication Technology Alternativesfip190.txtFIPS 186--3Jun. 2009Digital Signature Standard (DSS)fips_186-3.pdfFIPS 181Oct 1993Automated Password Generatorfips181.txtFIPS 180--4March 2012Secure Hash Standard (SHS)fips-180-4.pdfFIPS 140--3Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)revised-draft-fips140-3_PDF-zip_document-annexA-to-annexG.ziprevised-fips140-3_comments-template.dotFIPS 113May 1985Computer Data Authentication (no electronic version available)ordering-pubs.htmlSP 800-147 BJuly 30, 2012DRAFT BIOS Protection Guidelines for Serversdraft-sp800-147b_july2012.pdfSP 800-147Apr. 2011Basic Input/Output System (BIOS) Protection GuidelinesNIST-SP800-147-April2011.pdfSP 800-132Dec. 2010Recommendation for Password-Based Key Derivation Part 1: Storage Applicationsnist-sp800-132.pdfSP 800-127Sept. 2010Guide to Securing WiMAX Wireless Communicationssp800-127.pdfSP 800-124Oct 2008Guidelines on Cell Phone and PDA SecuritySP800-124.pdfSP 800-121 Rev. 1June 2012Guide to Bluetooth Securitysp800-121_rev1.pdfSP 800-120Sept. 2009Recommendation for EAP Methods Used in Wireless Network Access Authenticationsp800-120.pdfSP 800-118Apr. 21, 2009DRAFT Guide to Enterprise Password Managementdraft-sp800-118.pdfSP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)SP800-116.pdfSP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote AccessSP800-114.pdfSP 800-113Jul 2008Guide to SSL VPNsSP800-113.pdfSP 800-104Jun 2007A Scheme for PIV Visual Card TopographySP800-104-June29_2007-final.pdfSP 800-103Oct 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulationsp800-103-draft.pdfSP 800-102Sept. 2009Recommendation for Digital Signature Timelinesssp800-102.pdfSP 800-89Nov 2006Recommendation for Obtaining Assurances for Digital Signature ApplicationsSP-800-89_November2006.pdfSP 800-78 -3Dec. 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)sp800-78-3.pdfSP 800-73 -3Feb. 2010Interfaces for Personal Identity Verification (4 Parts)Pt. 1- End Point PIV Card Application Namespace, Data Model & RepresentationPt. 2- PIV Card Application Card Command InterfacePt. 3- PIV Client Application Programming InterfacePt. 4- The PIV Transitional Interfaces & Data Model Specificationsp800-73-3_PART1_piv-card-applic-namespace-date-model-rep.pdfsp800-73-3_PART2_piv-card-applic-card-common-interface.pdfsp800-73-3_PART3_piv-client-applic-programming-interface.pdfsp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdfSP 800-68 Rev. 1Oct. 2008Guide to Securing Microsoft Windows XP Systems for IT Professionalsdownload_WinXP.htmlSP 800-63 -1Dec. 2011Electronic Authentication GuidelineSP-800-63-1.pdfSP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)sp800-57_part1_rev3_general.pdfSP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management OrganizationSP800-57-Part2.pdfSP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidancesp800-57_PART3_key-management_Dec2009.pdfSP 800-53 Rev. 4Feb. 5, 2013DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)sp800_53_r4_draft_fpd.pdfSP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations(*Includes Updates as of May 1, 2010*)sp800-53-rev3-final_updated-errata_05-01-2010.pdfsp-800-53-rev3_database-beta.html800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf800-53-rev3-Annex1_updated_may-01-2010.pdf800-53-rev3-Annex2_updated_may-01-2010.pdf800-53-rev3-Annex3_updated_may-01-2010.pdfSP_800-53_Rev-3_database-R1.4.1-BETA.zipSP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless NetworksSP800-48r1.pdfSP 800-46 Rev. 1Jun. 2009Guide to Enterprise Telework and Remote Access Securitysp800-46r1.pdfSP 800-38 FDec. 2012Recommendation for Block Cipher Modes of Operation: Methods for Key Wrappingdx.doi.org/10.6028/NIST.SP.800-38FSP 800-38 ADec 2001Recommendation for Block Cipher Modes of Operation - Methods and Techniquessp800-38a.pdfSP 800-38 A - AddendumOct. 2010Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Modeaddendum-to-nist_sp800-38A.pdfSP 800-38 BMay 2005Recommendation for Block Cipher Modes of Operation: The CMAC Mode for AuthenticationSP_800-38B.pdfUpdated_CMAC_Examples.pdfSP 800-38 CMay 2004Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and ConfidentialitySP800-38C_updated-July20_2007.pdfSP 800-38 DNov 2007Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMACSP-800-38D.pdfSP 800-38 EJan. 2010Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devicesnist-sp-800-38E.pdfSP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructuresp800-32.pdfSP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authenticationsp800-25.pdfSP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Governmentsp800-21-1_Dec2005.pdfSP 800-17Feb 1998Modes of Operation Validation System (MOVS): Requirements and Procedures800-17.pdfNIST IR 7817Nov. 2012A Credential Reliability and Revocation Model for Federated Identitiesdx.doi.org/10.6028/NIST.IR.7817NIST IR 7802Sept. 2011Trust Model for Security Automation Data (TMSAD) Version 1.0NISTIR-7802.pdfNIST IR 7611Aug. 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentialsnistir7611_use-of-isoiec24727.pdfNIST IR 7601Aug. 2010Framework for Emergency Response Officials (ERO)nistir-7601_framework-ERO.pdfNIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility ReportNISTIR-7452.pdfNIST IR 7290Mar 2006Fingerprint Identification and Mobile Handheld Devices: Overview and ImplementationNIST-IR-7290-pp-mobileFprint-final.pdfNIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementationnist-IR-7206.pdfNIST IR 7200Jun 2005Proximity Beacons and Mobile Handheld Devices: Overview and ImplementationNIST-IR-7200.pdfNIST IR 7046Aug 2003A Framework for Multi-Mode Authentication: Overview and Implementation Guidenistir-7046.pdfNIST IR 7030Jul 2003Picture Password: A Visual Login Technique for Mobile Devicesnistir-7030.pdfITL April 2007Apr 2007Securing Wireless Networks - ITL Security Bulletinb-April-07.pdfITL February 2007Feb 2007Intrusion Detection And Prevention Systems - ITL Security Bulletinb-02-07.pdfITL May 2006May 2006An Update On Cryptographic Standards, Guidelines, And Testing Requirements - ITL Security Bulletinb-05-06.pdfITL September 2005Sep 2005Biometric Technologies: Helping To Protect Information And Automated Transactions In Information Technology Systems - ITL Security Bulletinbulletin-Sept-05.pdfITL July 2005Jul 2005Protecting Sensitive Information That Is Transmitted Across Networks: NIST Guidance For Selecting And Using Transport Layer Security Implementations - ITL Security BulletinJuly-2005.pdfITL August 2004Aug 2004Electronic Authentication: Guidance For Selecting Secure Techniques - ITL Security BulletinAugust-2004.pdfITL March 2003Mar 2003Security For Wireless Networks And Devices - ITL Security Bulletinmarch-03.pdfITL May 2001May 2001Biometrics - Technologies for Highly Secure Personal Authentication - ITL Security Bulletin05-01.pdfITL March 2001Mar 2001An Introduction to IPsec (Internet Protocol Security) - ITL Security Bulletin03-01.pdfITL February 2000Feb 2000Guideline for Implementing Cryptography in the Federal Government - ITL Security Bulletin02-00.pdfBack to TopAwareness & TrainingNumberDateTitleSP 800-147 BJuly 30, 2012DRAFT BIOS Protection Guidelines for Serversdraft-sp800-147b_july2012.pdfSP 800-147Apr. 2011Basic Input/Output System (BIOS) Protection GuidelinesNIST-SP800-147-April2011.pdfSP 800-66 Rev 1Oct 2008An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security RuleSP-800-66-Revision1.pdfSP 800-53 Rev. 4Feb. 5, 2013DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)sp800_53_r4_draft_fpd.pdfSP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations(*Includes Updates as of May 1, 2010*)sp800-53-rev3-final_updated-errata_05-01-2010.pdfsp-800-53-rev3_database-beta.html800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf800-53-rev3-Annex1_updated_may-01-2010.pdf800-53-rev3-Annex2_updated_may-01-2010.pdf800-53-rev3-Annex3_updated_may-01-2010.pdfSP_800-53_Rev-3_database-R1.4.1-BETA.zipSP 800-50Oct 2003Building an Information Technology Security Awareness and Training ProgramNIST-SP800-50.pdfSP 800-16 Rev. 1Mar. 20, 2009DRAFT Information Security Training Requirements: A Role- and Performance-Based ModelDraft-SP800-16-Rev1.pdfSP 800-16Apr 1998Information Technology Security Training Requirements: A Role- and Performance-Based Model800-16.pdfAppendixA-D.pdfAppendix_E.pdfNIST IR 7611Aug. 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentialsnistir7611_use-of-isoiec24727.pdfNIST IR 7359Jan 2007Information Security Guide For Government ExecutivesCSD_ExecGuide-booklet.pdfNISTIR-7359.pdfNIST IR 7284Jan 2006Personal Identity Verification Card Management Reportnistir-7284.pdfITL November 2006Nov 2006Guide To Securing Computers Using Windows XP Home Edition - ITL Security Bulletinb-11-06.pdfITL October 2003Oct 2003Information Technology Security Awareness, Training, Education, and Certification - ITL Security Bulletinb-10-03.pdfITL November 2002Nov 2002Security For Telecommuting And Broadband Communication - ITL Security Bulletinitl11-02.pdfBack to TopBiometricsNumberDateTitleFIPS 201--2Jul 9, 2012DRAFT Personal Identity Verification (PIV) of Federal Employees and Contractors (REVISED DRAFT)draft_nist-fips-201-2_revised.pdfcomment-template_draft-nist-fips201-2_revised.xlsdraft-nist-fips-201-2-revised_track-changes.pdfdraft-fips-201-2_comments_disposition-for-2011-draft.pdfFIPS 201--1Mar 2006Personal Identity Verification (PIV) of Federal Employees and Contractors(*including Change Notice 1 of June 23, 2006*)FIPS-201-1-chng1.pdfSP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)SP800-116.pdfSP 800-103Oct 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulationsp800-103-draft.pdfSP 800-76 -2Jul. 9, 2012DRAFT Biometric Data Specification for Personal Identity Verificationdraft-sp-800-76-2_revised.pdfcomments-template-for_draft-sp800-76-2.docxSP 800-76 -1Jan 2007Biometric Data Specification for Personal Identity VerificationSP800-76-1_012407.pdfSP 800-73 -3Feb. 2010Interfaces for Personal Identity Verification (4 Parts)Pt. 1- End Point PIV Card Application Namespace, Data Model & RepresentationPt. 2- PIV Card Application Card Command InterfacePt. 3- PIV Client Application Programming InterfacePt. 4- The PIV Transitional Interfaces & Data Model Specificationsp800-73-3_PART1_piv-card-applic-namespace-date-model-rep.pdfsp800-73-3_PART2_piv-card-applic-card-common-interface.pdfsp800-73-3_PART3_piv-client-applic-programming-interface.pdfsp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdfNIST IR 7771Feb. 2011Conformance Test Architecture for Biometric Data Interchange Formats - Version Beta 2.0NISTIR-7771.pdfNIST IR 7611Aug. 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentialsnistir7611_use-of-isoiec24727.pdfNIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility ReportNISTIR-7452.pdfNIST IR 7290Mar 2006Fingerprint Identification and Mobile Handheld Devices: Overview and ImplementationNIST-IR-7290-pp-mobileFprint-final.pdfNIST IR 7284Jan 2006Personal Identity Verification Card Management Reportnistir-7284.pdfNIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementationnist-IR-7206.pdfNIST IR 7056Mar 2004Card Technology Development and Gap Analysis Interagency Reportnistir-7056.pdfNIST IR 6887Jul 2003Government Smart Card Interoperability Specificationnistir-6887.pdfNIST IR 6529 AApr 2004Common Biometric Exchange Formats Framework 


Communications & WirelessNumberDateTitleFIPS 140--3Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)revised-draft-fips140-3_PDF-zip_document-annexA-to-annexG.ziprevised-fips140-3_comments-template.dotFIPS 140--2May 2001Security Requirements for Cryptographic Modules(*Includes Change Notices as of December 3, 2002*)fips1402.pdffips1402annexa.pdffips1402annexb.pdffips1402annexc.pdffips1402annexd.pdfFIPS 140--1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modulesfips1401.pdfSP 800-164Oct. 31, 2012DRAFT Guidelines on Hardware-Rooted Security in Mobile Devicessp800_164_draft.pdfSP 800-153Feb. 2012Guidelines for Securing Wireless Local Area Networks (WLANs)sp800-153.pdfSP 800-127Sept. 2010Guide to Securing WiMAX Wireless Communicationssp800-127.pdfSP 800-124 Rev 1Jul 10, 2012DRAFT Guidelines for Managing and Securing Mobile Devices in the Enterprisedraft_sp800-124-rev1.pdfSP 800-124Oct 2008Guidelines on Cell Phone and PDA SecuritySP800-124.pdfSP 800-121 Rev. 1June 2012Guide to Bluetooth Securitysp800-121_rev1.pdfSP 800-120Sept. 2009Recommendation for EAP Methods Used in Wireless Network Access Authenticationsp800-120.pdfSP 800-119Dec. 2010Guidelines for the Secure Deployment of IPv6sp800-119.pdfSP 800-115Sept 2008Technical Guide to Information Security Testing and AssessmentSP800-115.pdfSP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote AccessSP800-114.pdfSP 800-113Jul 2008Guide to SSL VPNsSP800-113.pdfSP 800-101May 2007Guidelines on Cell Phone ForensicsSP800-101.pdfSP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) SystemsSP800-98_RFID-2007.pdfSP 800-82Jun. 2011Guide to Industrial Control Systems (ICS) SecuritySP800-82-final.pdfSP 800-81 Rev. 1Apr. 2010Secure Domain Name System (DNS) Deployment Guidesp-800-81r1.pdfSP 800-77Dec 2005Guide to IPsec VPNssp800-77.pdfSP 800-58Jan 2005Security Considerations for Voice Over IP SystemsSP800-58-final.pdfSP 800-54Jul 2007Border Gateway Protocol SecuritySP800-54.pdfSP 800-53 Rev. 4Feb. 5, 2013DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)sp800_53_r4_draft_fpd.pdfSP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations(*Includes Updates as of May 1, 2010*)sp800-53-rev3-final_updated-errata_05-01-2010.pdfsp-800-53-rev3_database-beta.html800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf800-53-rev3-Annex1_updated_may-01-2010.pdf800-53-rev3-Annex2_updated_may-01-2010.pdf800-53-rev3-Annex3_updated_may-01-2010.pdfSP_800-53_Rev-3_database-R1.4.1-BETA.zipSP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) ImplementationsSP800-52.pdfSP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless NetworksSP800-48r1.pdfSP 800-46 Rev. 1Jun. 2009Guide to Enterprise Telework and Remote Access Securitysp800-46r1.pdfSP 800-45 Version 2Feb 2007Guidelines on Electronic Mail SecuritySP800-45v2.pdfSP 800-41 Rev. 1Sept. 2009Guidelines on Firewalls and Firewall Policysp800-41-rev1.pdfSP 800-24Apr 2001PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Doessp800-24pbx.pdfNIST IR 7617Oct. 2009Mobile Forensic Reference Materials: A Methodology and Reificationnistir-7617.pdfNIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility ReportNISTIR-7452.pdfNIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,nistir-7387.pdfNIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementationnist-IR-7206.pdfNIST IR 7046Aug 2003A Framework for Multi-Mode Authentication: Overview and Implementation Guidenistir-7046.pdfITL July 2007Jul 2007Border Gateway Protocol Security - ITL Security Bulletinb-July-2007.pdfITL June 2007Jun 2007Forensic Techniques for Cell Phones - ITL Security Bulletinb-June-2007.pdfITL May 2007May 2007Securing Radio Frequency Identification (RFID) Systems - ITL Security Bulletinb-May-2007.pdfITL April 2007Apr 2007Securing Wireless Networks - ITL Security Bulletinb-April-07.pdfITL March 2007Mar 2007Improving The Security Of Electronic Mail: Updated Guidelines Issued By NIST - ITL Security Bulletinb-03-07.pdfITL June 2006Jun 2006Domain Name System (DNS) Services: NIST Recommendations For Secure Deployment - ITL Security Bulletinb-06-06.pdfITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks - ITL Security Bulletinb-04-06.pdfITL October 2004Oct 2004Securing Voice Over Internet Protocol (IP) Networks - ITL Security BulletinOct-2004.pdfITL March 2003Mar 2003Security For Wireless Networks And Devices - ITL Security Bulletinmarch-03.pdfITL January 2003Jan 2003Security Of Electronic Mail - ITL Security Bulletin01-03.pdfITL November 2002Nov 2002Security For Telecommuting And Broadband Communication - ITL Security Bulletinitl11-02.pdfITL January 2002Jan 2002Guidelines on Firewalls and Firewall Policy - ITL Security Bulletin01-02.pdfITL March 2001Mar 2001An Introduction to IPsec (Internet Protocol Security) - ITL Security Bulletin03-01.pdfITL August 2000Aug 2000Security for Private Branch Exchange Systems - ITL Security Bulletin08-00.pdfBack to TopContingency PlanningNumberDateTitleSP 800-147 BJuly 30, 2012DRAFT BIOS Protection Guidelines for Serversdraft-sp800-147b_july2012.pdfSP 800-147Apr. 2011Basic Input/Output System (BIOS) Protection GuidelinesNIST-SP800-147-April2011.pdfSP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and CapabilitiesSP800-84.pdfSP 800-53 Rev. 4Feb. 5, 2013DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)sp800_53_r4_draft_fpd.pdfSP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations(*Includes Updates as of May 1, 2010*)sp800-53-rev3-final_updated-errata_05-01-2010.pdfsp-800-53-rev3_database-beta.html800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf800-53-rev3-Annex1_updated_may-01-2010.pdf800-53-rev3-Annex2_updated_may-01-2010.pdf800-53-rev3-Annex3_updated_may-01-2010.pdfSP_800-53_Rev-3_database-R1.4.1-BETA.zipSP 800-46 Rev. 1Jun. 2009Guide to Enterprise Telework and Remote Access Securitysp800-46r1.pdfSP 800-34 Rev. 1May 2010Contingency Planning Guide for Federal Information Systems (Errata Page - Nov. 11, 2010)sp800-34-rev1_errata-Nov11-2010.pdfITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs - ITL Security Bulletinb-12-06.pdfITL January 2004Jan 2004Computer Security Incidents: Assessing, Managing, And Controlling The Risks - ITL Security Bulletinb-01-04.pdfITL June 2002Jun 2002Contingency Planning Guide For Information Technology Systems - ITL Security Bulletinbulletin06-02.pdfITL April 2002Apr 2002Techniques for System and Data Recovery - ITL Security Bulletin04-02.pdfBack to TopCryptographyNumberDateTitleFIPS 198--1Jul 2008The Keyed-Hash Message Authentication Code (HMAC)FIPS-198-1_final.pdfFIPS 197Nov 2001Advanced Encryption Standardfips-197.pdfFIPS 196Feb 1997Entity Authentication Using Public Key Cryptographyfips196.pdfFIPS 190Sep 1994Guideline for the Use of Advanced Authentication Technology Alternativesfip190.txtFIPS 186--3Jun. 2009Digital Signature Standard (DSS)fips_186-3.pdfFIPS 185Feb 1994Escrowed Encryption Standardfips185.txtFIPS 181Oct 1993Automated Password Generatorfips181.txtFIPS 180--4March 2012Secure Hash Standard (SHS)fips-180-4.pdfFIPS 140--3Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)revised-draft-fips140-3_PDF-zip_document-annexA-to-annexG.ziprevised-fips140-3_comments-template.dotFIPS 140--2May 2001Security Requirements for Cryptographic Modules(*Includes Change Notices as of December 3, 2002*)fips1402.pdffips1402annexa.pdffips1402annexb.pdffips1402annexc.pdffips1402annexd.pdfFIPS 140--1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modulesfips1401.pdfFIPS 113May 1985Computer Data Authentication (no electronic version available)ordering-pubs.htmlSP 800-152August 8, 2012DRAFT A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS)draft-sp-800-152.pdfSP 800-147 BJuly 30, 2012DRAFT BIOS Protection Guidelines for Serversdraft-sp800-147b_july2012.pdfSP 800-147Apr. 2011Basic Input/Output System (BIOS) Protection GuidelinesNIST-SP800-147-April2011.pdfSP 800-135 Rev. 1Dec. 2011Recommendation for Existing Application-Specific Key Derivation Functionssp800-135-rev1.pdfSP 800-133Dec. 2012Recommendation for Cryptographic Key Generationdx.doi.org/10.6028/NIST.SP.800-133SP 800-132Dec. 2010Recommendation for Password-Based Key Derivation Part 1: Storage Applicationsnist-sp800-132.pdfSP 800-131 AJan. 2011Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengthssp800-131A.pdfSP 800-130Apr. 13, 2012DRAFT A Framework for Designing Cryptographic Key Management Systemssecond-draft_sp-800-130_april-2012.pdfSP 800-127Sept. 2010Guide to Securing WiMAX Wireless Communicationssp800-127.pdfSP 800-120Sept. 2009Recommendation for EAP Methods Used in Wireless Network Access Authenticationsp800-120.pdfSP 800-118Apr. 21, 2009DRAFT Guide to Enterprise Password Managementdraft-sp800-118.pdfSP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)SP800-116.pdfSP 800-113Jul 2008Guide to SSL VPNsSP800-113.pdfSP 800-111Nov 2007Guide to Storage Encryption Technologies for End User DevicesSP800-111.pdfSP 800-108Oct. 2009Recommendation for Key Derivation Using Pseudorandom Functionssp800-108.pdfSP 800-107 Rev. 1Aug. 2012Recommendation for Applications Using Approved Hash Algorithmssp800-107-rev1.pdfSP 800-106Feb. 2009Randomized Hashing for Digital SignaturesNIST-SP-800-106.pdfSP 800-102Sept. 2009Recommendation for Digital Signature Timelinesssp800-102.pdfSP 800-90 CSept. 5, 2012DRAFT Recommendation for Random Bit Generator (RBG) Constructionsdraft-sp800-90c.pdfSP 800-90 BSept. 5, 2012DRAFT Recommendation for the Entropy Sources Used for Random Bit Generationdraft-sp800-90b.pdfquestions-about_draft-sp800-90b.pdfSP 800-90 AJan. 2012Recommendation for Random Number Generation Using Deterministic Random Bit GeneratorsSP800-90A.pdfSP 800-78 -3Dec. 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)sp800-78-3.pdfSP 800-73 -3Feb. 2010Interfaces for Personal Identity Verification (4 Parts)Pt. 1- End Point PIV Card Application Namespace, Data Model & RepresentationPt. 2- PIV Card Application Card Command InterfacePt. 3- PIV Client Application Programming InterfacePt. 4- The PIV Transitional Interfaces & Data Model Specificationsp800-73-3_PART1_piv-card-applic-namespace-date-model-rep.pdfsp800-73-3_PART2_piv-card-applic-card-common-interface.pdfsp800-73-3_PART3_piv-client-applic-programming-interface.pdfsp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdfSP 800-67 Rev. 1Jan. 2012Recommendation for the Triple Data Encryption Algorithm (TDEA) Block CipherSP-800-67-Rev1.pdfSP 800-63 -1Dec. 2011Electronic Authentication GuidelineSP-800-63-1.pdfSP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)sp800-57_part1_rev3_general.pdfSP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management OrganizationSP800-57-Part2.pdfSP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidancesp800-57_PART3_key-management_Dec2009.pdfSP 800-56 CNov. 2011Recommendation for Key Derivation through Extraction-then-ExpansionSP-800-56C.pdfSP 800-56 BAug. 2009Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptographysp800-56B.pdfSP 800-56 AMar 2007Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm CryptographySP800-56A_Revision1_Mar08-2007.pdfSP 800-56 A RevAug 20, 2012DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography (Draft Revision)draft-sp-800-56a.pdfSP 800-53 Rev. 4Feb. 5, 2013DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)sp800_53_r4_draft_fpd.pdfSP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations(*Includes Updates as of May 1, 2010*)sp800-53-rev3-final_updated-errata_05-01-2010.pdfsp-800-53-rev3_database-beta.html800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf800-53-rev3-Annex1_updated_may-01-2010.pdf800-53-rev3-Annex2_updated_may-01-2010.pdf800-53-rev3-Annex3_updated_may-01-2010.pdfSP_800-53_Rev-3_database-R1.4.1-BETA.zipSP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) ImplementationsSP800-52.pdfSP 800-49Nov 2002Federal S/MIME V3 Client Profilesp800-49.pdfSP 800-38 FDec. 2012Recommendation for Block Cipher Modes of Operation: Methods for Key Wrappingdx.doi.org/10.6028/NIST.SP.800-38FSP 800-38 ADec 2001Recommendation for Block Cipher Modes of Operation - Methods and Techniquessp800-38a.pdfSP 800-38 A - AddendumOct. 2010Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Modeaddendum-to-nist_sp800-38A.pdfSP 800-38 BMay 2005Recommendation for Block Cipher Modes of Operation: The CMAC Mode for AuthenticationSP_800-38B.pdfUpdated_CMAC_Examples.pdfSP 800-38 CMay 2004Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and ConfidentialitySP800-38C_updated-July20_2007.pdfSP 800-38 DNov 2007Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMACSP-800-38D.pdfSP 800-38 EJan. 2010Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devicesnist-sp-800-38E.pdfSP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructuresp800-32.pdfSP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authenticationsp800-25.pdfSP 800-22 Rev. 1aApr. 2010A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic ApplicationsSP800-22rev1a.pdfSP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Governmentsp800-21-1_Dec2005.pdfSP 800-17Feb 1998Modes of Operation Validation System (MOVS): Requirements and Procedures800-17.pdfSP 800-15 Version 1Jan 1998MISPC Minimum Interoperability Specification for PKI ComponentsSP800-15.PDFNIST IR 7896Nov. 2012Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competitiondx.doi.org/10.6028/NIST.IR.7896NIST IR 7817Nov. 2012A Credential Reliability and Revocation Model for Federated Identitiesdx.doi.org/10.6028/NIST.IR.7817NIST IR 7802Sept. 2011Trust Model for Security Automation Data (TMSAD) Version 1.0NISTIR-7802.pdfNIST IR 7764Feb. 2011Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competitionnistir-7764.pdfNIST IR 7676June 2010Maintaining and Using Key History on Personal Identity Verification (PIV) Cardsnistir-7676.pdfNIST IR 7620Sept. 2009Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competitionnistir_7620.pdfNIST IR 7611Aug. 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentialsnistir7611_use-of-isoiec24727.pdfNIST IR 7609Jan. 2010Cryptographic Key Management Workshop Summarynistir-7609.pdfNIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility ReportNISTIR-7452.pdfNIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementationnist-IR-7206.pdfNIST IR 7046Aug 2003A Framework for Multi-Mode Authentication: Overview and Implementation Guidenistir-7046.pdfITL December 2012Dec. 2012Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Informationitlbul2012_12.pdfITL May 2006May 2006An Update On Cryptographic Standards, Guidelines, And Testing Requirements - ITL Security Bulletinb-05-06.pdfITL September 2002Sep 2002Cryptographic Standards and Guidelines: A Status Report - ITL Security Bulletin09-02itl.pdfITL December 2000Dec 2000A Statistical Test Suite For Random And Pseudorandom Number Generators For Cryptographic Applications - ITL Security Bulletin12-00.pdfITL February 2000Feb 2000Guideline for Implementing Cryptography in the Federal Government - ITL Security Bulletin02-00.pdf


Digital SignaturesNumberDateTitleFIPS 186--3Jun. 2009Digital Signature Standard (DSS)fips_186-3.pdfFIPS 180--4March 2012Secure Hash Standard (SHS)fips-180-4.pdfFIPS 140--3Dec. 11, 2009DRAFT Security Requirements for Cryptographic Modules (Revised Draft)revised-draft-fips140-3_PDF-zip_document-annexA-to-annexG.ziprevised-fips140-3_comments-template.dotFIPS 140--2May 2001Security Requirements for Cryptographic Modules(*Includes Change Notices as of December 3, 2002*)fips1402.pdffips1402annexa.pdffips1402annexb.pdffips1402annexc.pdffips1402annexd.pdfFIPS 140--1Jan 1994FIPS 140-1: Security Requirements for Cryptographic Modulesfips1401.pdfSP 800-147 BJuly 30, 2012DRAFT BIOS Protection Guidelines for Serversdraft-sp800-147b_july2012.pdfSP 800-147Apr. 2011Basic Input/Output System (BIOS) Protection GuidelinesNIST-SP800-147-April2011.pdfSP 800-126 Rev. 2Sept. 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2SP800-126r2.pdfsp800-126r2-errata-20120409.pdfSP 800-107 Rev. 1Aug. 2012Recommendation for Applications Using Approved Hash Algorithmssp800-107-rev1.pdfSP 800-106Feb. 2009Randomized Hashing for Digital SignaturesNIST-SP-800-106.pdfSP 800-102Sept. 2009Recommendation for Digital Signature Timelinesssp800-102.pdfSP 800-78 -3Dec. 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)sp800-78-3.pdfSP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)sp800-57_part1_rev3_general.pdfSP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management OrganizationSP800-57-Part2.pdfSP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidancesp800-57_PART3_key-management_Dec2009.pdfSP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) ImplementationsSP800-52.pdfSP 800-49Nov 2002Federal S/MIME V3 Client Profilesp800-49.pdfSP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructuresp800-32.pdfSP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authenticationsp800-25.pdfSP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Governmentsp800-21-1_Dec2005.pdfSP 800-15 Version 1Jan 1998MISPC Minimum Interoperability Specification for PKI ComponentsSP800-15.PDFNIST IR 7896Nov. 2012Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competitiondx.doi.org/10.6028/NIST.IR.7896NIST IR 7802Sept. 2011Trust Model for Security Automation Data (TMSAD) Version 1.0NISTIR-7802.pdfNIST IR 7764Feb. 2011Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competitionnistir-7764.pdfNIST IR 7611Aug. 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentialsnistir7611_use-of-isoiec24727.pdfNIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" ProceedingsNIST-IR-7313_Final.pdfITL May 2006May 2006An Update On Cryptographic Standards, Guidelines, And Testing Requirements - ITL Security Bulletinb-05-06.pdfITL February 2000Feb 2000Guideline for Implementing Cryptography in the Federal Government - ITL Security Bulletin02-00.pdfBack to TopForensicsNumberDateTitleSP 800-101May 2007Guidelines on Cell Phone ForensicsSP800-101.pdfSP 800-94 Rev. 1July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)draft_sp800-94-rev1.pdfSP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)SP800-94.pdfSP 800-88Sep 2006Guidelines for Media SanitizationNISTSP800-88_with-errata.pdfSP 800-86Aug 2006Guide to Integrating Forensic Techniques into Incident ResponseSP800-86.pdfSP 800-72Nov 2004Guidelines on PDA Forensicssp800-72.pdfNIST IR 7658Feb. 2010Guide to SIMfill Use and Developmentnistir-7658_SIMfill-users-guide.pdfNIST IR 7617Oct. 2009Mobile Forensic Reference Materials: A Methodology and Reificationnistir-7617.pdfNIST IR 7559Jun. 2010Forensics Web Services (FWS)nistir-7559_forensics-web-services.pdfNIST IR 7516Aug 2008Forensic Filtering of Cell Phone Protocolsnistir-7516_forensic-filter.pdfNIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,nistir-7387.pdfNIST IR 7250Oct 2005Cell Phone Forensic Tools: An Overview and Analysisnistir-7250.pdfNIST IR 7100Aug 2004PDA Forensic Tools: An Overview and Analysisnistir-7100-PDAForensics.pdfITL June 2007Jun 2007Forensic Techniques for Cell Phones - ITL Security Bulletinb-June-2007.pdfITL February 2007Feb 2007Intrusion Detection And Prevention Systems - ITL Security Bulletinb-02-07.pdfITL September 2006Sep 2006Forensic Techniques: Helping Organizations Improve Their Responses To Information Security Incidents - ITL Security Bulletinb-09-06.pdfITL November 2001Nov 2001Computer Forensics Guidance - ITL Security Bulletin11-01.pdfBack to TopGeneral IT SecurityNumberDateTitleFIPS 200Mar 2006Minimum Security Requirements for Federal Information and Information SystemsFIPS-200-final-march.pdfSP 800-164Oct. 31, 2012DRAFT Guidelines on Hardware-Rooted Security in Mobile Devicessp800_164_draft.pdfSP 800-155Dec. 8, 2011DRAFT BIOS Integrity Measurement Guidelinesdraft-SP800-155_Dec2011.pdfSP 800-153Feb. 2012Guidelines for Securing Wireless Local Area Networks (WLANs)sp800-153.pdfSP 800-147 BJuly 30, 2012DRAFT BIOS Protection Guidelines for Serversdraft-sp800-147b_july2012.pdfSP 800-147Apr. 2011Basic Input/Output System (BIOS) Protection GuidelinesNIST-SP800-147-April2011.pdfSP 800-146May 2012Cloud Computing Synopsis and Recommendationssp800-146.pdfSP 800-145Sept. 2011The NIST Definition of Cloud ComputingSP800-145.pdfSP 800-144Dec. 2011Guidelines on Security and Privacy in Public Cloud ComputingSP800-144.pdfSP 800-137Sept. 2011Information Security Continuous Monitoring for Federal Information Systems and OrganizationsSP800-137-Final.pdfSP 800-132Dec. 2010Recommendation for Password-Based Key Derivation Part 1: Storage Applicationsnist-sp800-132.pdfSP 800-128Aug. 2011Guide for Security-Focused Configuration Management of Information Systemssp800-128.pdfSP 800-126 Rev. 2Sept. 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2SP800-126r2.pdfsp800-126r2-errata-20120409.pdfSP 800-126 Rev. 1Feb. 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1SP800-126r1.pdfSP 800-126Nov. 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0sp800-126.pdfSP 800-125Jan. 2011Guide to Security for Full Virtualization TechnologiesSP800-125-final.pdfSP 800-124 Rev 1Jul 10, 2012DRAFT Guidelines for Managing and Securing Mobile Devices in the Enterprisedraft_sp800-124-rev1.pdfSP 800-123Jul 2008Guide to General Server SecuritySP800-123.pdfSP 800-122Apr. 2010Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)sp800-122.pdfSP 800-120Sept. 2009Recommendation for EAP Methods Used in Wireless Network Access Authenticationsp800-120.pdfSP 800-119Dec. 2010Guidelines for the Secure Deployment of IPv6sp800-119.pdfSP 800-118Apr. 21, 2009DRAFT Guide to Enterprise Password Managementdraft-sp800-118.pdfSP 800-117 Rev. 1Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2Draft-SP800-117-r1.pdfSP 800-117July 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0sp800-117.pdfSP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)SP800-116.pdfSP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote AccessSP800-114.pdfSP 800-111Nov 2007Guide to Storage Encryption Technologies for End User DevicesSP800-111.pdfSP 800-108Oct. 2009Recommendation for Key Derivation Using Pseudorandom Functionssp800-108.pdfSP 800-103Oct 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulationsp800-103-draft.pdfSP 800-100Oct 2006Information Security Handbook: A Guide for ManagersSP800-100-Mar07-2007.pdfSP 800-95Aug 2007Guide to Secure Web ServicesSP800-95.pdfSP 800-88 Rev. 1Sept. 6, 2012DRAFT Guidelines for Media Sanitizationsp800_88_r1_draft.pdfSP 800-88Sep 2006Guidelines for Media SanitizationNISTSP800-88_with-errata.pdfSP 800-70 Rev. 2Feb. 2011National Checklist Program for IT Products: Guidelines for Checklist Users and DevelopersSP800-70-rev2.pdfSP 800-64 Rev. 2Oct 2008Security Considerations in the System Development Life CycleSP800-64-Revision2.pdfSP 800-56 CNov. 2011Recommendation for Key Derivation through Extraction-then-ExpansionSP-800-56C.pdfSP 800-53 Rev. 4Feb. 5, 2013DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)sp800_53_r4_draft_fpd.pdfSP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations(*Includes Updates as of May 1, 2010*)sp800-53-rev3-final_updated-errata_05-01-2010.pdfsp-800-53-rev3_database-beta.html800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf800-53-rev3-Annex1_updated_may-01-2010.pdf800-53-rev3-Annex2_updated_may-01-2010.pdf800-53-rev3-Annex3_updated_may-01-2010.pdfSP_800-53_Rev-3_database-R1.4.1-BETA.zipSP 800-51 Rev. 1Feb. 2011Guide to Using Vulnerability Naming SchemesSP800-51rev1.pdfSP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless NetworksSP800-48r1.pdfSP 800-47Aug 2002Security Guide for Interconnecting Information Technology Systemssp800-47.pdfSP 800-46 Rev. 1Jun. 2009Guide to Enterprise Telework and Remote Access Securitysp800-46r1.pdfSP 800-44 Version 2Sep 2007Guidelines on Securing Public Web ServersSP800-44v2.pdfSP 800-33Dec 2001Underlying Technical Models for Information Technology Securitysp800-33.pdfSP 800-27 Rev. AJun 2004Engineering Principles for Information Technology Security (A Baseline for Achieving Security)SP800-27-RevA.pdfSP 800-14Sep 1996Generally Accepted Principles and Practices for Securing Information Technology Systems800-14.pdfSP 800-12Oct 1995An Introduction to Computer Security: The NIST Handbookhandbook.pdfindex.htmlNIST IR 7864July 2012The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilitiesdx.doi.org/10.6028/NIST.IR.7864NIST IR 7848May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0draft_nistir_7848.pdfNIST IR 7831Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0Draft-NISTIR-7831.pdfNIST IR 7823Jul 10, 2012DRAFT Advanced Metering Infrastructure Smart Meter Upgradeability Test Frameworkdraft_nistir-7823.pdfdraft-nistir-7823_comment-form.docxNIST IR 7817Nov. 2012A Credential Reliability and Revocation Model for Federated Identitiesdx.doi.org/10.6028/NIST.IR.7817NIST IR 7800Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management DomainsDraft-NISTIR-7800.pdfNIST IR 7799Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface SpecificationsDraft-NISTIR-7799.pdfNIST IR 7756Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference ArchitectureDraft-NISTIR-7756_second-public-draft.pdfNIST IR 7670Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation FrameworkDraft-NISTIR-7670_Feb2011.pdfNIST IR 7669Mar. 10, 2010DRAFT Open Vulnerability Assessment Language (OVAL) Validation Program Derived Test Requirementsdraft-nistir-7669.pdfNIST IR 7622Oct. 2012Notional Supply Chain Risk Management Practices for Federal Information Systemsdx.doi.org/10.6028/NIST.IR.7622NIST IR 7621Oct. 2009Small Business Information Security: The Fundamentalsnistir-7621.pdfNIST IR 7611Aug. 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentialsnistir7611_use-of-isoiec24727.pdfNIST IR 7581Sept. 2009System and Network Security Acronyms and Abbreviationsnistir-7581.pdfNIST IR 7564Apr. 2009Directions in Security Metrics Researchnistir-7564_metrics-research.pdfNIST IR 7559Jun. 2010Forensics Web Services (FWS)nistir-7559_forensics-web-services.pdfNIST IR 7502Dec. 2010The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilitiesnistir-7502_CCSS.pdfNIST IR 7435Aug 2007The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency SystemsNISTIR-7435.pdfNIST IR 7359Jan 2007Information Security Guide For Government ExecutivesCSD_ExecGuide-booklet.pdfNISTIR-7359.pdfNIST IR 7358Jan 2007Program Review for Information Security Management Assistance (PRISMA)NISTIR-7358.pdfNIST IR 7298 Rev. 2Dec. 6, 2012DRAFT Glossary of Key Information Security Termsnistir7298_r2_draft.pdfNIST IR 7298 Rev. 1Feb. 2011Glossary of Key Information Security Termsnistir-7298-revision1.pdfITL October 2008Oct 2008Keeping Information Technology (It) System Servers Secure: A General Guide To Good PracticesOctober2008-bulletin_800-123.pdfITL April 2007Apr 2007Securing Wireless Networks - ITL Security Bulletinb-April-07.pdfITL November 2006Nov 2006Guide To Securing Computers Using Windows XP Home Edition - ITL Security Bulletinb-11-06.pdfITL March 2006Mar 2006Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce - ITL Security Bulletinb-March-06.pdf