NIST Special Publications

Overview
NIST Special Publications are publications from the National Institute of Standards and Technology. These publications are developed and issued by NIST as recommendations and guidance documents.

While federal agencies are required to follow certain specific NIST Special Publications in accordance with OMB policy, there is flexibility in how agencies apply the guidance. Federal agencies apply the security concepts and principles articulated in the NIST Special Publications in accordance with and in the context of the agency’s missions, business functions, and environment of operation. Consequently, the application of NIST guidance by federal agencies can result in different security solutions that are equally acceptable, compliant with the guidance, and meet the OMB definition of adequate security for federal information systems.

Given the high priority of information sharing and transparency within the federal government, agencies also consider reciprocity in developing their information security solutions. When assessing federal agency compliance with NIST Special Publications, Inspectors General, evaluators, auditors, and assessors consider the intent of the security concepts and principles articulated within the specific guidance document and how the agency applied the guidance in the context of its mission/business responsibilities, operational environment, and unique organizational conditions.

Special Publications 800 series
Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Publications in this series include:


 * NIST Special Publication 800-12: An Introduction to Computer Security: The NIST Handbook (Oct. 1995) (full-text).
 * NIST Special Publication 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (Sept. 1996).
 * NIST Special Publication 800-16: Information Technology Security Training Requirements: A Role- and Performance-Based Model (Apr. 1998) (full-text).
 * NIST Special Publication 800-18: Guide for Developing Security Plans for Federal Information Systems (GSSP) (Rev. 1, Feb. 2006) (full-text).
 * NIST Special Publication 800-21: Guideline for Implementing Cryptography In the Federal Government (2d ed. Dec. 2005).(full-text).
 * NIST Special Publication 800-26: Security Self-Assessment Guide for Information Technology Systems
 * NIST Special Publication 800-27A: Engineering Principles for Information Technology Security (A Baseline for Achieving Security) (June 2004) (full-text).
 * NIST Special Publication 800-28: Guidelines on Active Content and Mobile Code (ver. 2) (Mar. 2008) (full-text).
 * NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems (July 2002) (full-text).
 * NIST Special Publication 800-32: Introduction to Public Key Technology and the Federal PKI Infrastructure (Feb. 26, 2001) (full-text).
 * NIST Special Publication 800-33: Underlying Technical Models for Information Technology Security (Dec. 2001) (full-text).
 * NIST Special Publication 800-34: Contingency Planning Guide for Federal Information Systems (Rev. 1) (May 2010) (full-text).
 * NIST Special Publication 800-36: Guide to Selecting Information Technology Security Products (Oct. 2003) (full-text).
 * NIST Special Publication 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (Rev. 1) (Feb. 2010)(full-text).
 * NIST Special Publication 800-39: Integrated Enterprise-Wide Risk Management: Organization, Mission, and Information System View (Dec. 14, 2010) (full-text).
 * NIST Special Publication 800-40: Creating a Patch and Vulnerability Management Program (Ver. 2.0) (Nov. 2005)(full-text).
 * NIST Special Publication 800-41: Guidelines on Firewalls and Firewall Policy (Rev. 1) (Sept. 2009) (full-text).
 * NIST Special Publication 800-44: Guidelines on Securing Public Web Servers (Sept. 2007) (full-text).
 * NIST Special Publication 800-46: Guide to Enterprise Telework and Remote Access Security (June 2009) (full-text).
 * NIST Special Publication 800-47: Security Guide for Interconnecting Information Technology Systems (Aug. 2002) (full-text).
 * NIST Special Publication 800-48: Guide to Securing Legacy IEEE 802.11 Wireless Networks (July 2008) (full-text).
 * NIST Special Publication 800-49: Federal S/MIME V3 Client Profile (Nov. 2002) (full-text).
 * NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems (Rev. 3) (Aug. 2009)(full-text).
 * NIST Special Publication 800-53A: Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (Rev. 1) (Jun. 2010)(full-text).
 * NIST Special Publication 800-55: Security Metrics Guide for Information Technology System (July 2003) (full-text).
 * NIST Special Publication 800-57: Recommendation for Key Management (Mar. 2007) (full-text).
 * NIST Special Publication 800-59: Guideline for Identifying an Information System as a National Security System (Aug. 2003) (full-text).
 * NIST Special Publication 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories (Aug. 2008) (full-text).
 * NIST Special Publication 800-61: Computer Security Incident Handling Guide (rev. 1) (Mar. 2008) (full-text).
 * NIST Special Publication 800-63: Electronic Authentication Guideline (Apr. 2006) (full-text).
 * NIST Special Publication 800-64: Security Considerations in the Information System Development Life Cycle {Rev. 2) (Oct. 2008) (full-text).
 * NIST Special Publication 800-66: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (Oct. 2008) (full-text).
 * NIST Special Publication 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher (Ver. 1.1) (May 19, 2008) (full-text).
 * NIST Special Publication 800-69: Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist (Sept. 2006) (full-text).
 * NIST Special Publication 800-72: Guidelines on PDA Forensics (Nov. 2004) (full-text).
 * NIST Special Publication 800-83: Guide to Malware Incident Prevention and Handling (Nov. 2005) (full-text).
 * NIST Special Publication 800-86: Guide to Integrating Forensic Techniques into Incident Response (Aug. 2006) (full-text).
 * NIST Special Publication 800-88: Guidelines for Media Sanitization (Sept. 2006) (full-text).
 * NIST Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems (Feb. 2007) (full-text).
 * NIST Special Publication 800-95: Guide to Secure Web Services (Aug. 2007).
 * NIST Special Publication 800-97: Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i (Feb. 2007) (full-text).
 * NIST Special Publication 800-101: Guidelines on Cell Phone Forensics (May 2007) (full-text).
 * NIST Special Publication 800-111: Guide to Storage Encryption Technologies for End User Devices (full-text).
 * NIST Special Publication 800-114: User’s Guide to Securing External Devices for Telework and Remote Access (Nov. 2007) (full-text).
 * NIST Special Publication 800-115: Technical Guide to Information Security Testing and Assessment (Sept. 2008) (full-text).
 * NIST Special Publication 800-121: Guide to Bluetooth Security (Sept. 2008) (full-text).
 * NIST Special Publication 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (April 2010).
 * NIST Special Publication 800-124: Guidelines on Cell Phone and PDA Security (full-text).
 * NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies (Jan. 2011) (full-text).
 * NIST Special Publication 800-128: Guide for Security Configuration Management of Information Systems (Initial Public Draft) (Mar. 2010) (full-text).
 * NIST Special Publication 800-130: (Draft) A Framework for Designing Cryptographic Key Management Systems (June 16, 2010) (full-text).
 * NIST Special Publication 800-144: (Draft) Guidelines on Security and Privacy in Public Cloud Computing (Jan. 28, 2011) (full-text).
 * NIST Special Publication 800-145: (Draft) A NIST Definition of Cloud Computing (Jan. 28, 2011) (full-text).
 * NIST Special Publication 800-146: (Draft) Cloud Computing Synopsis and Recommendations (May 12, 2011) (full-text).

Additional Publications
Additional NIST Special Publications include:


 * NIST Special Publication 500-271: American National Standard for Information Systems — Data Format for the Interchange of Fingerprint, Facial, & Other Biometric Information – Part 1 (ANSI/NIST-ITL 1-2007) (May 2007).