go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 CSRC Homepage
 
 CSRC Site Map

   Search CSRC:

 CSD Publications:
   - Draft Publications
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Guidance

 General Information:
   - Site Map
   - List of Acronyms
   - Archived Projects
        & Conferences
   - Virus Information
   - ICAT Alerts

 News & Events  
   - Federal News
   - Security Events


 Services For the: 
   - Federal Community
   - Vendor
   - User


 Links & Organizations
   - Academic
   - Government
   - Professional
   - Additional Links

 Search NIST's ICAT
 Vulnerability Archive:
   Enter vendor, software, or keyword
   
   

NIST Special Publications Header image

800 Series

Draft
SP
800-79

Draft NIST Special Publication 800-79, Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations


SP
800-78

Cryptographic Algorithms and Key Sizes for Personal Identity Verification
April 2005

Adobe .pdf (200 KB)

Draft
SP
800-77

Draft NIST Special Publication 800-77, Guide to IPsec VPNs


Draft
SP
800-76

Draft NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification


SP
800-73

Interfaces for Personal Identity Verification

Adobe .pdf (860 KB)
(File updated April 12, 2005)
  Errata Sheet (April 12, 2005)

SP
800-72

Guidelines on PDA Forensics
November 2004

Adobe .pdf (1.12 MB)

SP
800-70

The NIST Security Configuration Checklists Program


Draft
SP
800-68

Draft NIST Special Publication 800-68, Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist


SP
800-67

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher,
May 2004

Adobe .pdf (960 KB)

SP
800-66

An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule,
March 2005

Adobe .pdf (1,725 KB)
Zipped .pdf file (1,378 KB)

SP
800-65

Integrating Security into the Capital Planning and Investment Control Process,
January 2005

Adobe .pdf (4.05 MB)
Zipped .pdf file (3.48 MB)

SP
800-64

Security Considerations in the Information System Development Life Cycle,
October 2003 (publication original release date)
(revision 1 released June 2004)

Adobe .pdf (1,083 KB)
Zipped .pdf file (669 KB)

SP
800-63

Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology,
June 2004 (publication original release date)
(revision 1.0.1 released September 2004)

Adobe .pdf (217 KB)

SP
800-61

Computer Security Incident Handling Guide,
January 2004

Adobe .pdf (2.71 MB)
Zipped .pdf file (1.6 MB)

SP
800-60

Guide for Mapping Types of Information and Information Systems to Security Categories,
June 2004

Volume I Adobe .pdf file (444 KB)
Volume II: Appendixes Adobe .pdf (2,003 KB)

SP
800-59

Guideline for Identifying an Information System as a National Security System,
August 2003

Adobe .pdf (95.5 KB)
Zipped .pdf file (72.9 KB)

SP
800-58

Security Considerations for Voice Over IP Systems,
January 2005

Adobe .pdf (1.24 MB)
Zipped .pdf file (854 KB)

Draft
SP
800-57

DRAFT Special Publication 800-57 Recommendation on Key Management
 


Draft
SP
800-56

DRAFT Special Publication 800-56, Recommendation on Key Establishment Schemes
 


SP
800-55

Security Metrics Guide for Information Technology Systems,
July 2003

Adobe .pdf (569 KB)
Zipped .pdf file (465 KB)

SP
800-53

Recommended Security Controls for Federal Information Systems,
February 2005 (Including errata updates through 05-04-2005)

 

Adobe .pdf (1,817 KB)
Zipped .pdf file (1,326 KB)

 
Annex 1: Consolidated Security Controls-Low Baseline (.pdf)
 
Annex 2: Consolidated Security Controls-Moderate Baseline (.pdf)
(includes updates through 4/22/05)
 
Annex 3: Consolidated Security Controls-High Baseline (.pdf)
(includes updates through 4/22/05)

SP
800-52

Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations,
June 2005
 

Adobe .pdf (325 KB)

SP
800-51

Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme,
September 2002

Adobe .pdf (204 KB)
Zipped .pdf file (177 KB)

SP
800-50

Building an Information Technology Security Awareness and Training Program,
October 2003

Adobe .pdf (4,131 KB)
Zipped .pdf file (3,565 KB)

SP
800-49

Federal S/MIME V3 Client Profile,
November 2002

Adobe .pdf (151 KB)
Zipped .pdf file (112 KB)

SP
800-48

Wireless Network Security: 802.11, Bluetooth, and Handheld Devices,
November 2002

Adobe .pdf (1,027 KB)
Zipped .pdf file (780 KB)

SP
800-47

Security Guide for Interconnecting Information Technology Systems,
August 2002

Adobe .pdf (729 KB)
Zipped .pdf file (505 KB)

SP
800-46

Security for Telecommuting and Broadband Communications,
August 2002

Adobe pdf (3,779 KB)
Zipped .pdf file (2,156 KB)

SP
800-45

Guidelines on Electronic Mail Security,
September 2002

Adobe .pdf (1,098 KB)
Zipped .pdf file (1,019 KB)

SP
800-44

Guidelines on Securing Public Web Servers,
September 2002

Adobe .pdf (2,183 KB)
Zipped .pdf file (2,073 KB)

SP
800-43

Systems Administration Guidance for Windows 2000 Professional,
November 2002

Download the guidance document and security templates.

SP
800-42

Guideline on Network Security Testing,
October 2003

Adobe .pdf (1,554 KB)
Zipped .pdf file (1,104 KB)

SP
800-41

Guidelines on Firewalls and Firewall Policy,
January 2002

Adobe .pdf (1,180 KB)

SP
800-40

Procedures for Handling Security Patches,
August 2002

Adobe .pdf (3,773 KB)
Zipped .pdf file (1,949 KB)

SP
800-38C
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality,
May 2004
Adobe .pdf (104 KB)

SP
800-38B

Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
May 2005

Adobe .pdf (180 KB)


SP
800-38A
Recommendation for Block Cipher Modes of Operation - Methods and Techniques,
December 2001
Adobe .pdf (225 KB)

SP
800-37

Guide for the Security Certification and Accreditation of Federal Information Systems,
May 2004

Adobe .pdf (738 KB)

SP
800-36
Guide to Selecting Information Security Products,
October 2003
Adobe .pdf (464 KB)
Zipped .pdf file (339 KB)

SP
800-35

Guide to Information Technology Security Services,
October 2003

Adobe .pdf (2,920 KB)
Zipped .pdf file (2,426 KB)

SP
800-34

Contingency Planning Guide for Information Technology Systems,
June 2002

Adobe .pdf (1,937 KB)
Zipped Adobe .pdf (1,164 KB)

SP
800-33

Underlying Technical Models for Information Technology Security,
December 2001

Adobe .pdf (453 KB)

SP
800-32

Introduction to Public Key Technology and the Federal PKI Infrastructure,
February 2001

Adobe .pdf (256 KB)

SP
800-31

Intrusion Detection Systems (IDS),
November 2001

Adobe .pdf (851 KB)

SP
800-30

Risk Management Guide for Information Technology Systems,
July 2002

Adobe .pdf (479 KB)

SP
800-29

A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2,
June 2001

Adobe .pdf (274 KB)

SP
800-28

Guidelines on Active Content and Mobile Code,
October 2001

Adobe .pdf (498 KB)

SP
800-27
Rev. A

Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A,
June 2004

Adobe .pdf (291 KB)

SP
800-26

Security Self-Assessment Guide for Information Technology Systems,
November 2001

Adobe .pdf (1,522 KB)
MS Word .doc (922 KB)

Revised NIST SP 800-26 System Questionnaire with NIST SP 800-53 References and Associated Security Control Mappings
April 2005

MS Word .doc (484 KB)

SP
800-25

Federal Agency Use of Public Key Technology for Digital Signatures and Authentication,
October 2000

Choose 1 of 2 ways to download document
1. Adobe .pdf (130 KB)
2. MS Word .doc (421 KB)

SP
800-24

PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does,
August 2000

Adobe .pdf (225 KB)

SP
800-23

Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products,
August 2000

Choose 1 of 2 ways to download document:
1. Adobe .pdf (837 KB)
2. Zipped .pdf file (803 KB)

SP
800-22

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications,
October 2000 (publication original release date)

Revised: May 15, 2001
Adobe .pdf (1,422 KB)
Errata sheet for originally published version (.pdf file)

SP
800-21

Guideline for Implementing Cryptography in the Federal Government,
November 1999

Adobe .pdf (612 KB)

SP
800-20

Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures,
October 1999 (Publication original release date)
Revised April 2000

Adobe .pdf (1,246 KB)

SP
800-19

Mobile Agent Security,
October 1999

Adobe .pdf (136 KB)

SP
800-18

Guide for Developing Security Plans for Information Technology Systems,
December 1998

2 different file formats:
MS Word .doc (540 KB)
Adobe .pdf (306 KB)
Letter from CIO Council Security Committee
Adobe .pdf (31 KB)

SP
800-17

Modes of Operation Validation System (MOVS): Requirements and Procedures,
February 1998

Adobe .pdf (406 KB)

SP
800-16

Information Technology Security Training Requirements: A Role- and Performance-Based Model (supersedes NIST Spec. Pub. 500-172),
April 1998

broken down into 3 parts:
Pt. 1 - document: Adobe .pdf (845 KB)
Pt. 2 - Appendix A-D: Adobe .pdf (96 KB)
Part 3 - Appendix E: Adobe .pdf (374 KB)

SP
800-15

Minimum Interoperability Specification for PKI Components (MISPC), Version 1,
September 1997

3 different file formats:
Adobe .pdf (278 KB)
MS Word .doc (339 KB)
Postscript file (886 KB)

SP
800-14

Generally Accepted Principles and Practices for Securing Information Technology Systems,
September 1996

3 different file formats:
Postscript file (480 KB)
WordPerfect file (182 KB)
Adobe .pdf (188 KB)

SP
800-13

Telecommunications Security Guidelines for Telecommunications Management Network,
October 1995

WordPerfect file (217 KB)

SP
800-12

An Introduction to Computer Security: The NIST Handbook,
October 1995

800-12 in .HTML format
 
Adobe .PDF File [1,685 KB]
Postscript File 1 of 5 [602 KB]
Postscript File 2 of 5 [3,051 KB]
Postscript File 3 of 5 [1,345 KB]
Postscript File 4 of 5 [575 KB]
Postscript File 5 of 5 [1,247 KB]


 
Archived Special Publications from 500 & 800 Series

Archived Special Publications:
The following Special Publications are no longer available on the CSRC website to view and/or download. If for some reason you still need to refer to a particular archived Special Publication, we can e-mail it to you. Please send e-mail to Pat O'Reilly. In the e-mail please specify which Special Publication number you need. If we have the archived electronic file we can send it to you, if not we can send you a paper copy by postal mail. Please look at list below to see which document you need, and if you see that the document you need is only available in paper format, in your e-mail please include your postal address so we can mail out a paper copy to you quicker. NOTE: Due to e-mail volume, it may take a couple days to get back to you. Thanks for understanding.

These publications we have electronic copies:

      500 Series
  • SP 500-166 Computer Viruses and Related Threats: A Management Guide, August 1989
  • SP 500-169 Executive Guide to the Protection of Information Resources, 1989
  • SP 500-170 Management Guide to the Protection of Information Resources, 1989
  • SP 500-171 Computer Users' Guide to the Protection of Information Resources, 1989
  • SP 500-174 Guide for Selecting Automated Risk Analysis Tools, October 1989
  • SP 500-189 Security in ISDN, September 1991
     
      800 Series
  • SP 800-2 Public-Key Cryptography, April 1991
  • SP 800-3 Special Publication 800-3: Establishing a Computer Security Incident Response Capability (CSIRC), November 1991
           As of January 2004, 800-3 has been superceded by 800-61 Computer Security Incident Handling Guide
  • SP 800-4: Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiatiors, Contracting Officers, and Computer Security Officials, March 1992
          As of October 2003, 800-4 has been superceded by 800-64 Security Considerations in the Information System Development Life Cycle
  • SP 800-5 A Guide to the Selection of Anti-Virus Tools and Techniques, December 1992
  • SP 800-6 Automated Tools for Testing Computer System Vulnerability, December 1992
  • SP 800-7 Security in Open Systems, July 1994
  • SP 800-8 Security Issues in the Database Language SQL, August 1993
  • SP 800-9 Good Security Practices for Electronic Commerce, Including Electronic Data Interchange, December 1993
  • SP 800-10 Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls, December 1994
  • SP 800-11 The Impact of the FCC's Open Network Architecture on NS/EP Telecommunications Security, February 1995

The documents listed below (500 series), we only have "paper" copies of. (No electronic file is available for the documents listed below.) If you want us to send you a paper copy of any of these documents listed below, please include your postal address in the e-mail. That way we can ship out the document to you quicker. Thanks. NIST Computer Security Webmaster.

  • SP 500-61 Maintenance Testing for the Data Encryption Standard, August 1980
  • SP 500-120 Security of Personal Computer Systems - A Management Guide, January 1985
  • SP 500-133 Technology Assessment: Methods for Measuring the Level of Computer Security, October 1985
  • SP 500-134 Guide on Selecting ADP Backup Process Alternatives, November 1985
  • SP 500-153 Guide to Auditing for Controls and Security: A System Development Life Cycle Approach, April 1988
  • SP 500-156 Message Authentication Code (MAC) Validation System: Requirements and Procedures, May 1988
  • SP 500-158 Accuracy, Integrity, and Security in Computerized Vote-Tallying, August 1988
  • SP 500-157 Smart Card Technology: New Methods for Computer Access Control, September 1988
  • SP 500-172 Computer Security Training Guidelines, November 1989
            Superseded by Special Publication 800-16 Information Technology Security Training Requirements: A Role- and Performance- Based Model, April 1998
 :

Last updated: June 17, 2005
Page created: February 23, 2001

Disclaimer Notice & Privacy Policy
Send comments or suggestions to webmaster-csrc@nist.gov
NIST is an Agency of the U.S. Commerce Department's
Technology Administration