NIST SP 800

#NumberRelease DateStatusTitle
1800-140C Rev. 12021-08-20DraftCMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
2800-140D Rev. 12021-08-20DraftCMVP Approved Sensitive Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759
3800-140F Rev. 12021-08-20DraftCMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759
4800-204B2021-08-06FinalAttribute-based Access Control for Microservices-based Applications using a Service Mesh
5800-160 Vol. 2 Rev. 12021-08-05DraftDeveloping Cyber-Resilient Systems: A Systems Security Engineering Approach
6800-53A Rev. 52021-08-03DraftAssessing Security and Privacy Controls in Information Systems and Organizations
7800-47 Rev. 12021-07-20FinalManaging the Security of Information Exchanges
8800-2162021-06-07DraftRecommendations for Federal Vulnerability Disclosure Guidelines
9800-161 Rev. 12021-04-29DraftCyber Supply Chain Risk Management Practices for Systems and Organizations
10800-66 Rev. 22021-04-29DraftPRE-DRAFT Call for Comments: Implementing the HIPAA Security Rule
11800-172A2021-04-27DraftAssessing Enhanced Security Requirements for Controlled Unclassified Information
12800-82 Rev. 32021-04-23DraftPRE-DRAFT Call for Comments: Guide to Industrial Control Systems (ICS) Security
13800-1722021-02-02FinalEnhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171
14800-171 Rev. 22021-01-28FinalProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations
15800-2132020-12-15DraftIoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements
16800-53 Rev. 52020-12-10FinalSecurity and Privacy Controls for Information Systems and Organizations
17800-53B2020-12-10FinalControl Baselines for Information Systems and Organizations
18800-181 Rev. 12020-11-16FinalWorkforce Framework for Cybersecurity (NICE Framework)
19800-2082020-10-29FinalRecommendation for Stateful Hash-Based Signature Schemes
20800-2092020-10-26FinalSecurity Guidelines for Storage Infrastructure
21800-55 Rev. 22020-09-24DraftPRE-DRAFT Call for Comments: Performance Measurement Guide for Information Security
22800-46 Rev. 32020-09-10DraftPRE-DRAFT Call for Comments: Guide to Enterprise Telework Security
23800-2112020-08-24Final2019 NIST/ITL Cybersecurity Program Annual Report
24800-56C Rev. 22020-08-18FinalRecommendation for Key-Derivation Methods in Key-Establishment Schemes
25800-2072020-08-11FinalZero Trust Architecture
26800-2102020-07-31FinalGeneral Access Control Guidance for Cloud Systems
27800-77 Rev. 12020-06-30FinalGuide to IPsec VPNs
28800-63-42020-06-08DraftPRE-DRAFT Call for Comments: Digital Identity Guidelines
29800-133 Rev. 22020-06-04FinalRecommendation for Cryptographic Key Generation
30800-204A2020-05-27FinalBuilding Secure Microservices-based Applications Using Service-Mesh Architecture
31800-137A2020-05-21FinalAssessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment
32800-57 Part 1 Rev. 52020-05-04FinalRecommendation for Key Management: Part 1 – General
33800-175B Rev. 12020-03-31FinalGuideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
34800-124 Rev. 22020-03-24DraftGuidelines for Managing the Security of Mobile Devices in the Enterprise
35800-1402020-03-20FinalFIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759
36800-140A2020-03-20FinalCMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759
37800-140B2020-03-20FinalCMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B
38800-140C2020-03-20FinalCMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
39800-140D2020-03-20FinalCMVP Approved Sensitive Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759
40800-140E2020-03-20FinalCMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17
41800-140F2020-03-20FinalCMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759
42800-2062020-03-13FinalAnnual Report 2018: NIST/ITL Cybersecurity Program
43800-63-32020-03-02FinalDigital Identity Guidelines
44800-63A2020-03-02FinalDigital Identity Guidelines: Enrollment and Identity Proofing
45800-63B2020-03-02FinalDigital Identity Guidelines: Authentication and Lifecycle Management
46800-63C2020-03-02FinalDigital Identity Guidelines: Federation and Assertions
47800-1892019-12-17FinalResilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation
48800-160 Vol. 22019-11-27FinalDeveloping Cyber Resilient Systems: A Systems Security Engineering Approach
49800-1862019-10-31DraftRecommendations for Discrete Logarithm-Based Cryptography: Elliptic Curve Domain Parameters
50800-1282019-10-10FinalGuide for Security-Focused Configuration Management of Information Systems
51800-52 Rev. 22019-08-29FinalGuidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
52800-2042019-08-07FinalSecurity Strategies for Microservices-based Application Systems
53800-1622019-08-02FinalGuide to Attribute Based Access Control (ABAC) Definition and Considerations
54800-2052019-06-18FinalAttribute Considerations for Access Control Systems
55800-57 Part 2 Rev. 12019-05-23FinalRecommendation for Key Management: Part 2 – Best Practices for Key Management Organizations
56800-163 Rev. 12019-04-19FinalVetting the Security of Mobile Applications
57800-131A Rev. 22019-03-21FinalTransitioning the Use of Cryptographic Algorithms and Key Lengths
58800-56B Rev. 22019-03-21FinalRecommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography
59800-38G Rev. 12019-02-28DraftRecommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
60800-177 Rev. 12019-02-26FinalTrustworthy Email
61800-37 Rev. 22018-12-20FinalRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
62800-179 Rev. 12018-10-19DraftGuide to Securing Apple macOS 10.12 Systems for IT Professionals: A NIST Security Configuration Checklist
63800-712018-07-02DraftRecommendation for Key Establishment Using Symmetric Block Ciphers
64800-2032018-07-02Final2017 NIST/ITL Cybersecurity Program Annual Report
65800-116 Rev. 12018-06-29FinalGuidelines for the Use of PIV Credentials in Facility Access
66800-171A2018-06-13FinalAssessing Security Requirements for Controlled Unclassified Information
67800-125A Rev. 12018-06-07FinalSecurity Recommendations for Server-based Hypervisor Platforms
68800-2022018-05-10FinalQuick Start Guide for Populating Mobile Test Devices
69800-1932018-05-04FinalPlatform Firmware Resiliency Guidelines
70800-87 Rev. 22018-04-19FinalCodes for Identification of Federal and Federally-Assisted Organizations
71800-56A Rev. 32018-04-16FinalRecommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
72800-160 Vol. 12018-03-21FinalSystems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
73800-70 Rev. 42018-02-15FinalNational Checklist Program for IT Products: Guidelines for Checklist Users and Developers
74800-126 Rev. 32018-02-14FinalThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
75800-126A2018-02-14FinalSCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
76800-90B2018-01-10FinalRecommendation for the Entropy Sources Used for Random Bit Generation
77800-1872017-12-21FinalGuide to LTE Security
78800-67 Rev. 22017-11-17FinalRecommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
79800-1952017-09-28Final2016 NIST/ITL Cybersecurity Program Annual Report
80800-1902017-09-25FinalApplication Container Security Guide
81800-1922017-06-27FinalVerification and Test Methods for Access Control Policies/Models
82800-12 Rev. 12017-06-22FinalAn Introduction to Information Security
83800-121 Rev. 22017-05-08FinalGuide to Bluetooth Security
84800-1842016-12-22FinalGuide for Cybersecurity Event Recovery
85800-1852016-12-22FinalSHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
86800-1882016-12-15DraftDe-Identifying Government Datasets (2nd Draft)
87800-1792016-12-05FinalGuide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
88800-38B2016-10-06FinalRecommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
89800-1502016-10-04FinalGuide to Cyber Threat Information Sharing
90800-1782016-10-03FinalA Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
91800-175A2016-08-22FinalGuideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
92800-1822016-08-10FinalComputer Security Division 2015 Annual Report
93800-114 Rev. 12016-07-29FinalUser’s Guide to Telework and Bring Your Own Device (BYOD) Security
94800-46 Rev. 22016-07-29FinalGuide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
95800-1832016-07-28FinalNetworks of ‘Things’
96800-1662016-06-06FinalDerived PIV Application and Data Model Test Guidelines
97800-1562016-05-20FinalRepresentation of PIV Chain-of-Trust for Import and Export
98800-90C2016-04-13DraftRecommendation for Random Bit Generator (RBG) Constructions
99800-85A-42016-04-13FinalPIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
100800-38G2016-03-29FinalRecommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
101800-1542016-03-14DraftGuide to Data-Centric System Threat Modeling
102800-125B2016-03-07FinalSecure Virtual Network Configuration for Virtual Machine (VM) Protection
103800-1802016-02-18DraftNIST Definition of Microservices, Application Containers and System Virtual Machines
104800-73-42016-02-12FinalInterfaces for Personal Identity Verification
105800-1522015-10-28FinalA Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)
106800-1672015-10-28FinalGuide to Application Whitelisting
107800-1762015-08-20FinalComputer Security Division 2014 Annual Report
108800-79-22015-07-30FinalGuidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
109800-90A Rev. 12015-06-24FinalRecommendation for Random Number Generation Using Deterministic Random Bit Generators
110800-82 Rev. 22015-06-03FinalGuide to Industrial Control Systems (ICS) Security
111800-78-42015-05-29FinalCryptographic Algorithms and Key Sizes for Personal Identity Verification
112800-1612015-04-08FinalSupply Chain Risk Management Practices for Federal Information Systems and Organizations
113800-53 Rev. 42015-01-22FinalSecurity and Privacy Controls for Federal Information Systems and Organizations
114800-57 Part 3 Rev. 12015-01-22FinalRecommendation for Key Management, Part 3: Application-Specific Key Management Guidance
115800-1572014-12-19FinalGuidelines for Derived Personal Identity Verification (PIV) Credentials
116800-53A Rev. 42014-12-18FinalAssessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
117800-88 Rev. 12014-12-17FinalGuidelines for Media Sanitization
118800-1702014-09-04FinalComputer Security Division 2013 Annual Report
119800-147B2014-08-28FinalBIOS Protection Guidelines for Servers
120800-85B-42014-08-06DraftPIV Data Model Test Guidelines
121800-1682014-07-02FinalApproximate Matching: Definition and Terminology
122800-101 Rev. 12014-05-15FinalGuidelines on Mobile Device Forensics
123800-16 Rev. 12014-03-14DraftA Role-Based Model for Federal Information Technology/Cybersecurity Training (3rd Draft)
124800-81-22013-09-18FinalSecure Domain Name System (DNS) Deployment Guide
125800-1302013-08-15FinalA Framework for Designing Cryptographic Key Management Systems
126800-1652013-07-22FinalComputer Security Division 2012 Annual Report
127800-40 Rev. 32013-07-22FinalGuide to Enterprise Patch Management Technologies
128800-83 Rev. 12013-07-22FinalGuide to Malware Incident Prevention and Handling for Desktops and Laptops
129800-76-22013-07-11FinalBiometric Specifications for Personal Identity Verification
130800-124 Rev. 12013-06-21FinalGuidelines for Managing the Security of Mobile Devices in the Enterprise
131800-38F2012-12-13FinalRecommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
132800-1642012-10-31DraftGuidelines on Hardware-Rooted Security in Mobile Devices
133800-30 Rev. 12012-09-17FinalGuide for Conducting Risk Assessments
134800-107 Rev. 12012-08-24FinalRecommendation for Applications Using Approved Hash Algorithms
135800-61 Rev. 22012-08-06FinalComputer Security Incident Handling Guide
136800-94 Rev. 12012-07-25DraftGuide to Intrusion Detection and Prevention Systems (IDPS)
137800-1462012-05-29FinalCloud Computing Synopsis and Recommendations
138800-126 Rev. 22012-03-19FinalThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
139800-1532012-02-21FinalGuidelines for Securing Wireless Local Area Networks (WLANs)
140800-135 Rev. 12011-12-23FinalRecommendation for Existing Application-Specific Key Derivation Functions
141800-1442011-12-09FinalGuidelines on Security and Privacy in Public Cloud Computing
142800-1552011-12-08DraftBIOS Integrity Measurement Guidelines
143800-1372011-09-30FinalInformation Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
144800-1452011-09-28FinalThe NIST Definition of Cloud Computing
145800-1472011-04-29FinalBIOS Protection Guidelines
146800-392011-03-01FinalManaging Information Security Risk: Organization, Mission, and Information System View
147800-126 Rev. 12011-02-25FinalThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
148800-51 Rev. 12011-02-25FinalGuide to Using Vulnerability Naming Schemes
149800-1252011-01-28FinalGuide to Security for Full Virtualization Technologies
150800-1192010-12-29FinalGuidelines for the Secure Deployment of IPv6
151800-1322010-12-22FinalRecommendation for Password-Based Key Derivation: Part 1: Storage Applications
152800-34 Rev. 12010-11-11FinalContingency Planning Guide for Federal Information Systems
153800-38A Addendum2010-10-21FinalRecommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
154800-1422010-10-07FinalPractical Combinatorial Testing
155800-22 Rev. 1a2010-04-30FinalA Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
156800-1222010-04-06FinalGuide to Protecting the Confidentiality of Personally Identifiable Information (PII)
157800-38E2010-01-18FinalRecommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
158800-1082009-10-01FinalRecommendation for Key Derivation Using Pseudorandom Functions (Revised)
159800-41 Rev. 12009-09-28FinalGuidelines on Firewalls and Firewall Policy
160800-1022009-09-23FinalRecommendation for Digital Signature Timeliness
161800-1062009-02-25FinalRandomized Hashing for Digital Signatures
162800-66 Rev. 12008-10-23FinalAn Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
163800-1152008-09-30FinalTechnical Guide to Information Security Testing and Assessment
164800-60 Vol. 1 Rev. 12008-08-01FinalGuide for Mapping Types of Information and Information Systems to Security Categories
165800-60 Vol. 2 Rev. 12008-08-01FinalGuide for Mapping Types of Information and Information Systems to Security Categories: Appendices
166800-1232008-07-25FinalGuide to General Server Security
167800-55 Rev. 12008-07-16FinalPerformance Measurement Guide for Information Security
168800-1132008-07-01FinalGuide to SSL VPNs
169800-28 Version 22008-03-07FinalGuidelines on Active Content and Mobile Code
170800-38D2007-11-28FinalRecommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
171800-1112007-11-15FinalGuide to Storage Encryption Technologies for End User Devices
172800-44 Version 22007-10-09FinalGuidelines on Securing Public Web Servers
173800-952007-08-29FinalGuide to Secure Web Services
174800-38C2007-07-20FinalRecommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
175800-982007-04-06FinalGuidelines for Securing Radio Frequency Identification (RFID) Systems
176800-1002007-03-07FinalInformation Security Handbook: A Guide for Managers
177800-45 Version 22007-02-20FinalGuidelines on Electronic Mail Security
178800-942007-02-20FinalGuide to Intrusion Detection and Prevention Systems (IDPS)
179800-972007-02-07FinalEstablishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
180800-962006-12-29FinalPIV Card to Reader Interoperability Guidelines
181800-892006-11-30FinalRecommendation for Obtaining Assurances for Digital Signature Applications
182800-842006-09-21FinalGuide to Test, Training, and Exercise Programs for IT Plans and Capabilities
183800-922006-09-13FinalGuide to Computer Security Log Management
184800-862006-09-01FinalGuide to Integrating Forensic Techniques into Incident Response
185800-85B2006-07-31FinalPIV Data Model Test Guidelines
186800-18 Rev. 12006-02-24FinalGuide for Developing Security Plans for Federal Information Systems
187800-582005-01-01FinalSecurity Considerations for Voice Over IP Systems
188800-722004-11-01FinalGuidelines on PDA Forensics
189800-352003-10-09FinalGuide to Information Technology Security Services
190800-502003-10-01FinalBuilding an Information Technology Security Awareness and Training Program
191800-592003-08-20FinalGuideline for Identifying an Information System as a National Security System
192800-492002-11-05FinalFederal S/MIME V3 Client Profile
193800-38A2001-12-01FinalRecommendation for Block Cipher Modes of Operation: Methods and Techniques
194800-322001-02-26FinalIntroduction to Public Key Technology and the Federal PKI Infrastructure
195800-252000-10-01FinalFederal Agency Use of Public Key Technology for Digital Signatures and Authentication
196800-161998-04-01FinalInformation Technology Security Training Requirements: a Role- and Performance-Based Model
197800-151998-01-01FinalMISPC Minimum Interoperability Specification for PKI Components, Version 1
Source: NIST Series Pubs