Overview[edit | edit source]

NIST Special Publications are publications from the National Institute of Standards and Technology. These publications are developed and issued by NIST as recommendations and guidance documents. For other than national security programs and systems, federal agencies must follow those NIST Special Publications mandated in a Federal Information Processing Standard.

While federal agencies are required to follow certain specific NIST Special Publications in accordance with OMB policy, there is flexibility in how agencies apply the guidance. Federal agencies apply the security concepts and principles articulated in the NIST Special Publications in accordance with and in the context of the agency’s missions, business functions, and environment of operation. Consequently, the application of NIST guidance by federal agencies can result in different security solutions that are equally acceptable, compliant with the guidance, and meet the OMB definition of adequate security for federal information systems.

Given the high priority of information sharing and transparency within the federal government, agencies also consider reciprocity in developing their information security solutions. When assessing federal agency compliance with NIST Special Publications, Inspectors General, evaluators, auditors, and assessors consider the intent of the security concepts and principles articulated within the specific guidance document and how the agency applied the guidance in the context of its mission/business responsibilities, operational environment, and unique organizational conditions.

Special Publications 800 series (Computer Security) (December 1990-present)[edit | edit source]

Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Publications in this series includes:

Special Publications 500 series (Information Technology) (January 1977-present)[edit | edit source]

These publications are a general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL). Publications in this series include:

Special Publications 1800 series (NIST Cybersecurity Practice Guides (2015-present))[edit | edit source]

This subseries was created to complement the Special Publications 800 series. It targets specific cybersecurity challenges in the public and private sectors. It provides practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity.

They show members of the information security community how to implement example solutions that help them align more easily with relevant standards and best practices and provide users with the materials lists, configuration files, and other information they need to implement a similar approach.

The documents in this series describe example implementations of cybersecurity practices that businesses and other organizations may voluntarily adopt. These documents do not describe regulations or mandatory practices, nor do they carry statutory authority.

NIST Cloud Computing Research Papers[edit | edit source]

  • NIST Cloud Computing Public Security Working Group, White Paper "Challenging Security Requirements for US Government Cloud Computing Adoption", December 2012
  • C. Dabrowski and K. Mills, "VM Leakage and Orphan Control in Open-Source Clouds", Proceedings of IEEE CloudCom 2011, Nov. 29-Dec. 1, Athens, Greece, pp. 554-559.
  • K. Mills, J. Filliben and C. Dabrowski, "Comparing VM-Placement Algorithms for On-Demand Clouds", Proceedings of IEEE CloudCom 2011, Nov. 29-Dec. 1, Athens, Greece, pp. 91-98.
  • C. Dabrowski and K. Mills, "Extended Version of VM Leakage and Ophan Control in Open-Source Clouds", NIST Publication 909325; an abbreviated version of this paper was published in the Proceedings of IEEE CloudCom 2011, Nov. 29-Dec. 1, Athens, Greece.
  • C. Dabrowski and F. Hunt, "Identifying Failure Scenarios in Complex Systems by Perturbing Markov Chain Models", Proceedings of ASME 2011 Conference on Pressure Vessels & Piping, Baltimore, MD, July 17-22, 2011.
  • K. Mills, J. Filliben and C. Dabrowski, "An Efficient Sensitivity Analysis Method for Large Cloud Simulations", Proceedings of the 4th International Cloud Computing Conference, IEEE, Washington, D.C., July 5-9, 2011.

NiST Grant/Contract Reports (GCR)[edit | edit source]

  • NIST GCR 93-635, Private Branch Exchange (PBX) Security Guideline (PB94-100880) (Sept. 1993).
  • NIST GCR 94-654, Federal Certification Authority Liability and Policy-Law and Policy of Certificate-Based Public Key and Digital Signatures (PB94-191202) (June 1994).
  • NIST GCR 95-670, Standards Policy and Information Infrastructure (May 1995) (PB95-231882).

Other Special Publications[edit | edit source]

See also[edit | edit source]

Community content is available under CC-BY-SA unless otherwise noted.