NIST Special Publications

Overview
NIST Special Publications are publications from the National Institute of Standards and Technology. These publications are developed and issued by NIST as recommendations and guidance documents. For other than national security programs and systems, federal agencies must follow those NIST Special Publications mandated in a Federal Information Processing Standard.

While federal agencies are required to follow certain specific NIST Special Publications in accordance with OMB policy, there is flexibility in how agencies apply the guidance. Federal agencies apply the security concepts and principles articulated in the NIST Special Publications in accordance with and in the context of the agency’s missions, business functions, and environment of operation. Consequently, the application of NIST guidance by federal agencies can result in different security solutions that are equally acceptable, compliant with the guidance, and meet the OMB definition of adequate security for federal information systems.

Given the high priority of information sharing and transparency within the federal government, agencies also consider reciprocity in developing their information security solutions. When assessing federal agency compliance with NIST Special Publications, Inspectors General, evaluators, auditors, and assessors consider the intent of the security concepts and principles articulated within the specific guidance document and how the agency applied the guidance in the context of its mission/business responsibilities, operational environment, and unique organizational conditions.

Special Publications 800 series
Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Publications in this series include:


 * NIST Special Publication 800-12: An Introduction to Computer Security: The NIST Handbook (Oct. 1995) (full-text).
 * NIST Special Publication 800-13: Telecommunications Security Guidelines for Telecommunications Management Network (Oct. 1995) (full-text).
 * NIST Special Publication 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (Sept. 1996) (full-text).
 * NIST Special Publication 800-16: Information Technology Security Training Requirements: A Role- and Performance-Based Model (Apr. 1998) (full-text).
 * NIST Special Publication 800-18: Guide for Developing Security Plans for Federal Information Systems (GSSP) (Rev. 1, Feb. 2006) (full-text).
 * NIST Special Publication 800-19: Mobile Agent Security (Aug. 1999) (full-text).
 * NIST Special Publication 800-21: Guideline for Implementing Cryptography In the Federal Government (2d ed. Dec. 2005) (full-text).
 * NIST Special Publication 800-26: Security Self-Assessment Guide for Information Technology Systems (Nov. 2001) (full-text).
 * NIST Special Publication 800-27A: Engineering Principles for Information Technology Security (A Baseline for Achieving Security) (June 2004) (full-text).
 * NIST Special Publication 800-28: Guidelines on Active Content and Mobile Code (ver. 2) (Mar. 2008) (full-text).
 * NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems (July 2002) (full-text).
 * NIST Special Publication 800-30, Rev. 1: DRAFT Guide for Conducting Risk Assessments (Sept. 19, 2011) (full-text).
 * NIST Special Publication 800-31, Intrusion Detection Systems (Nov. 2001) (full-text).
 * NIST Special Publication 800-32: Introduction to Public Key Technology and the Federal PKI Infrastructure (Feb. 26, 2001) (full-text).
 * NIST Special Publication 800-33: Underlying Technical Models for Information Technology Security (Dec. 2001) (full-text).
 * NIST Special Publication 800-34: Contingency Planning Guide for Federal Information Systems (Rev. 1) (May 2010) (full-text).
 * NIST Special Publication 800-35: Guide to Information Technology Security Services (Oct. 2003) (full-text).
 * NIST Special Publication 800-36: Guide to Selecting Information Technology Security Products (Oct. 2003) (full-text).
 * NIST Special Publication 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (Rev. 1) (Feb. 2010) (full-text).
 * NIST Special Publication 800-39: Integrated Enterprise-Wide Risk Management: Organization, Mission, and Information System View (Dec. 14, 2010) (full-text).
 * NIST Special Publication 800-40: Creating a Patch and Vulnerability Management Program (Ver. 2.0) (Nov. 2005) (full-text).
 * NIST Special Publication 800-41: Guidelines on Firewalls and Firewall Policy (Rev. 1) (Sept. 2009) (full-text).
 * NIST Special Publication 800-44: Guidelines on Securing Public Web Servers (Sept. 2007) (full-text).
 * NIST Special Publication 800-45: Guidelines on Electronic Mail Security (Ver. 2) (Feb. 2007) (full-text).
 * NIST Special Publication 800-46: Guide to Enterprise Telework and Remote Access Security (June 2009) (full-text).
 * NIST Special Publication 800-47: Security Guide for Interconnecting Information Technology Systems (Aug. 2002) (full-text).
 * NIST Special Publication 800-48: Guide to Securing Legacy IEEE 802.11 Wireless Networks (July 2008) (full-text).
 * NIST Special Publication 800-49: Federal S/MIME V3 Client Profile (Nov. 2002) (full-text).
 * NIST Special Publication 800-50, Building Information Technology Security Awareness and Training Program (Oct. 2003) (full-text).
 * NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems (Rev. 3) (Aug. 2009) (full-text).
 * NIST Special Publications 800-53, Appendix J: Privacy Control Catalog (Draft) (July 19, 2011) (full-text).
 * NIST Special Publication 800-53A: Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (Rev. 1) (Jun. 2010) (full-text).
 * NIST Special Publication 800-55: Security Metrics Guide for Information Technology System (July 2003) (full-text).
 * NIST Special Publication 800-57: Recommendation for Key Management (Mar. 2007) (full-text).
 * NIST Special Publication 800-58: Security Considerations for Voice Over IP Systems (Jan. 2005) (full-text).
 * NIST Special Publication 800-59: Guideline for Identifying an Information System as a National Security System (Aug. 2003) (full-text).
 * NIST Special Publication 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories (Aug. 2008) (full-text).
 * NIST Special Publication 800-61: Computer Security Incident Handling Guide (rev. 1) (Mar. 2008) (full-text); (rev. 2) (Jan. 2012) (full-text).
 * NIST Special Publication 800-63: Electronic Authentication Guideline (Apr. 2006) (full-text).
 * NIST Special Publications 800-63, Rev. 1: DRAFT Electronic Authentication Guideline (June 2011) (full-text).
 * NIST Special Publication 800-64: Security Considerations in the Information System Development Life Cycle {Rev. 2) (Oct. 2008) (full-text).
 * NIST Special Publication 800-65: Recommendations for Integrating Information Security into the Capital Planning and Investment Control Process (CPIC) (Ver. 1) (Jan. 2005) (full-text).
 * NIST Special Publication 800-66: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (Oct. 2008) (full-text).
 * NIST Special Publication 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher (Ver. 1.1) (May 19, 2008) (full-text).
 * NIST Special Publication 800-69: Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist (Sept. 2006) (full-text).
 * NIST Special Publication 800-70, Rev. 1: National Checklist Program for IT Products—Guidelines for Checklist Users and Developers (Sept. 11, 2009).
 * NIST Special Publication 800-72: Guidelines on PDA Forensics (Nov. 2004) (full-text).
 * NIST Special Publications 800-76-2: (Draft) Biometric Data Specification for Personal Identity Verification (Apr. 11, 2011) (full-text).
 * NIST Special Publications 800-81: Secure Domain Name System (DNS) Deployment Guide (Rev. 1) (Apr. 2010) (full-text).
 * NIST Special Publication 800-83: Guide to Malware Incident Prevention and Handling (Nov. 2005) (full-text).
 * NIST Special Publication 800-84: Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities (Sept. 2006) (full-text).
 * NIST Special Publication 800-86: Guide to Integrating Forensic Techniques into Incident Response (Aug. 2006) (full-text).
 * NIST Special Publication 800-88: Guidelines for Media Sanitization (Sept. 2006) (full-text).
 * NIST Special Publication 800-90: Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Mar. 2007 rev.) (full-text).
 * NIST Special Publication 800-92: Guide to Computer Security Log Management (Sept. 2006) (full-text).
 * NIST Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems (Feb. 2007) (full-text).
 * NIST Special Publication 800-95: Guide to Secure Web Services (Aug. 2007) (full-text).
 * NIST Special Publication 800-97: Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i (Feb. 2007) (full-text).
 * NIST Special Publication 800-98: Guidelines for Securing Radio Frequency Identification (RFID) Systems (Apr. 2007) (full-text).
 * NIST Special Publication 800-100, Information Security Handbook: A Guide for Managers (Oct. 2006) (full-text).
 * NIST Special Publication 800-101: Guidelines on Cell Phone Forensics (May 2007) (full-text).
 * NIST Special Publication 800-111: Guide to Storage Encryption Technologies for End User Devices (Nov. 2007) (full-text).
 * NIST Special Publication 800-114: User’s Guide to Securing External Devices for Telework and Remote Access (Nov. 2007) (full-text).
 * NIST Special Publication 800-115: Technical Guide to Information Security Testing and Assessment (Sept. 2008) (full-text).
 * NIST Special Publication 800-116: A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) (Nov. 2008) (full-text).
 * NIST Special Publication 800-121: Guide to Bluetooth Security (Sept. 2008) (full-text).
 * NIST Special Publication 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (April 2010) (full-text).
 * NIST Special Publication 800-123: Guide to General Server Security (July 2008) (full-text).
 * NIST Special Publication 800-124: Guidelines on Cell Phone and PDA Security (full-text).
 * NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies (Jan. 2011) (full-text).
 * NIST Special Publication 800-127: Guide to Securing WiMAX Wireless Communications (Sept. 2010) (full-text).
 * NIST Special Publication 800-128: Guide for Security Configuration Management of Information Systems (Initial Public Draft) (Mar. 2010) (full-text).
 * NIST Special Publication 800-130: (Draft) A Framework for Designing Cryptographic Key Management Systems (June 16, 2010) (full-text).
 * NIST Special Publication 800-131A: (Draft) Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (Jan. 2011) (full-text).
 * NIST Special Publication 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations (Sept. 2011) (full-text).
 * NIST Special Publication 800-144: Guidelines on Security and Privacy in Public Cloud Computing (Dec. 2011) (full-text).
 * NIST Special Publication 800-145: (Draft) A NIST Definition of Cloud Computing (Sept. 2011) (full-text).
 * NIST Special Publication 800-146: Cloud Computing Synopsis and Recommendations (May 2012) (full-text).
 * NIST Special Publication 800-147: Basic Input/Output System (BIOS) Protection Guidelines (Apr. 2011) (full-text).
 * NIST Special Publication 800-153: Guidelines for Securing Wireless Local Area Networks (WLANs) (full-text).

Special Publications 500 series
Publications in this series include:


 * NIST Special Publication 500-293: US Government Cloud Computing Technology Roadmap
 * Vol. I, Rel. 1.0 (Draft) (High-Priority Requirements to Further USG Agency Cloud Computing Adoption) (Dec. 1, 2011) (full-text)
 * Vol. II Rel. 1.0 (Draft) (Useful Information for Cloud Adopters) (Dec. 1, 2011) (full-text).


 * NIST Special Publication 500-292: NIST Cloud Computing Reference Architecture (Sept. 2011) (full-text).


 * NIST Special Publication 500-291: NIST Cloud Computing Standards Roadmap (July 2011) (full-text).


 * NIST Special Publication 500-271: American National Standard for Information Systems — Data Format for the Interchange of Fingerprint, Facial, & Other Biometric Information – Part 1 (ANSI/NIST-ITL 1-2007) (May 2007) (full-text).

Other Special Publications

 * NIST Special Publication 1108, Rel. 1: NIST Framework and Roadmap for Smart Grid Interoperability Standards (Jan. 2010).