12 - NIST Publications |
for best viewing this tab should be set at
a size of 75% |
|
|
Control Categories |
Return to Main |
Number |
Title |
Date of Publish |
Assets. Hardware |
Encryption, PKI |
IdAM |
Access Control |
Technology |
Data & Storage |
Wireless Mobile |
Educ Train |
Mgmt |
Systems, Risk, Test, Assess |
Network Tele |
NIST Reports |
Software /Apps |
Web |
Forensics Respond Recover |
Threat & Vuln |
Cloud |
Physical,Process |
Specialty |
Backup Continuity Archive |
Cyber Threat Intelligence |
IOT ICS |
sum |
1 |
1800-40 |
Automation of the NIST Cryptographic Module
Validation Program |
6/7/2023 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
1800-39 |
Implementing Data Classification Practices |
4/25/2023 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
1800-38 |
Migration to Post-Quantum Cryptography: Preparation
for Considering the Implementation and Adoption of Quantum Safe Cryptography |
4/24/2023 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
1800-37 |
Addressing Visibility Challenges with TLS 1.3 |
5/12/2023 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
1800-36 |
Trusted Internet of Things (IoT) Device
Network-Layer Onboarding and Lifecycle Management: Enhancing Internet
Protocol-Based IoT Device and Network Security |
5/3/2023 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 |
1800-35 |
Implementing a Zero Trust Architecture (Preliminary Draft) |
8/9/2022 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
7 |
1800-34 |
Validating
the Integrity of Computing Devices (Preliminary Draft) |
3/17/2021 |
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
8 |
1800-33 |
5G
Cybersecurity (Preliminary Draft) |
2/1/2021 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
9 |
1800-32 |
Securing
the Industrial Internet of Things: Cybersecurity for Distributed Energy
Resources (Preliminary Draft) |
4/22/2021 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
1 |
10 |
1800-31 |
Improving
Enterprise Patching for General IT Systems: Utilizing Existing Tools and
Performing Processes in Better Ways (Preliminary Draft) |
9/10/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
11 |
1800-30 |
Securing
Telehealth Remote Patient Monitoring Ecosystem |
11/16/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
1 |
12 |
1800-27 |
Securing
Property Management Systems |
3/30/2021 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
1 |
13 |
1800-26 |
Data
Integrity: Detecting and Responding to Ransomware and Other Destructive
Events |
12/8/2020 |
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
14 |
1800-25 |
Data
Integrity: Identifying and Protecting Assets Against Ransomware and Other
Destructive Events |
12/8/2020 |
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
2 |
15 |
1800-24 |
Securing
Picture Archiving and Communication System (PACS): Cybersecurity for the
Healthcare Sector |
12/21/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
1 |
16 |
1800-23 |
Energy
Sector Asset Management: For Electric Utilities, Oil & Gas Industry |
5/20/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
1 |
17 |
1800-22 |
Mobile
Device Security: Bring Your Own Device (BYOD) |
3/18/2021 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
18 |
1800-21 |
Mobile
Device Security: Corporate-Owned Personally-Enabled (COPE) |
9/15/2020 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
19 |
1800-19 |
Trusted
Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a
Service (IaaS) Environments |
4/13/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
1 |
20 |
1800-18 |
Privileged
Account Management for the Financial Services Sector |
9/28/2018 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
21 |
1800-17 |
Multifactor
Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor
Implementations for Purchasers |
7/30/2019 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
22 |
1800-16 |
Securing
Web Transactions: TLS Server Certificate Management |
6/16/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
1 |
23 |
1800-15 |
Securing
Small Business and Home Internet of Things (IoT) Devices: Mitigating
Network-Based Attacks Using Manufacturer Usage Description (MUD) |
9/16/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
1 |
24 |
1800-14 |
Protecting
the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin
Validation |
6/28/2019 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
25 |
1800-13 |
Mobile
Application Single Sign-On: Improving Authentication for Public Safety First
Responders (2nd Draft) |
5/29/2019 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
26 |
1800-12 |
Derived Personal Identity
Verification (PIV) Credentials |
9/29/2017 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
27 |
1800-11 |
Data Integrity: Recovering from
Ransomware and Other Destructive Events |
9/6/2017 |
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
28 |
1800-9 |
Access Rights Management for
the Financial Services Sector |
8/31/2017 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
29 |
1800-8 |
Securing Wireless Infusion
Pumps in Healthcare Delivery Organizations |
5/8/2017 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
30 |
1800-7 |
Situational Awareness for
Electric Utilities |
2/16/2017 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
1 |
31 |
1800-6 |
Domain Name System-Based
Electronic Mail Security |
1/19/2018 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
32 |
1800-5b |
IT Asset
Management: Financial Services |
9/1/2018 |
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
33 |
1800-4 |
Mobile
Device Security: Cloud and Hybrid Builds |
11/2/2015 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
34 |
1800-3 |
Attribute
Based Access Control (2nd Draft) |
9/20/2017 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
35 |
1800-2 |
Identity
and Access Management for Electric Utilities |
8/25/2015 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
1 |
36 |
1800-1 |
Securing
Electronic Health Records on Mobile Devices |
7/28/2015 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
37 |
800-223 |
High-Performance Computing
(HPC) Security: Architecture, Threat Analysis, and
Security Posture |
2/6/2023 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
38 |
800-221A |
Information and Communications Technology (ICT) Risk
Outcomes: Integrating ICT Risk Management Programs
with the Enterprise Risk Portfolio |
7/20/2022 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
39 |
800-221 |
Enterprise Impacts of Information and Communications
Technology Risk: Governing and Managing ICT Risk
Programs Within an Enterprise Risk Portfolio |
7/20/2022 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
40 |
800-219 |
Automated Secure Configuration Guidance from the macOS
Security Compliance Project (mSCP) |
6/24/2022 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
41 |
800-218 |
Secure Software
Development Framework |
2/3/2022 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
42 |
800-216 |
Recommendations for Federal Vulnerability Disclosure Guidelines |
6/7/2021 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
1 |
43 |
800-215 |
Guide to a Secure Enterprise Network Landscape |
8/5/2022 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
44 |
800-214 |
2020 Cybersecurity and Privacy Annual Report |
9/28/2021 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
45 |
800-213A |
IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog |
11/29/2021 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
1 |
46 |
800-213 |
IoT Device Cybersecurity Guidance for the Federal
Government: Establishing IoT Device Cybersecurity
Requirements |
11/29/2021 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
1 |
47 |
800-211 |
2019 NIST/ITL Cybersecurity Program Annual Report |
8/24/2020 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
48 |
800-210 |
General Access Control Guidance for Cloud Systems |
7/31/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
1 |
49 |
800-209 |
Security Guidelines for Storage Infrastructure |
10/26/2020 |
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
50 |
800-208 |
Recommendation for Stateful Hash-Based Signature Schemes |
10/29/2020 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
51 |
800-207 |
Zero Trust Architecture |
8/11/2020 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
52 |
800-206 |
Annual Report 2018: NIST/ITL Cybersecurity Program |
3/13/2020 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
53 |
800-205 |
Attribute Considerations for Access Control Systems |
6/18/2019 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
54 |
800-204C |
Implementation of DevSecOps for a Microservices-based Application with Service Mesh |
3/8/2022 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
55 |
800-204B |
Attribute-based Access Control for Microservices-based
Applications using a Service Mesh |
8/6/2021 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
56 |
800-204A |
Building Secure Microservices-based Applications Using
Service-Mesh Architecture |
5/27/2020 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
1 |
57 |
800-204 |
Security Strategies for Microservices-based Application
Systems |
8/7/2019 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
1 |
58 |
800-203 |
2017 NIST/ITL Cybersecurity Program Annual Report |
7/2/2018 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
59 |
800-202 |
Quick Start Guide for Populating Mobile Test Devices |
5/10/2018 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
60 |
800-195 |
2016
NIST/ITL Cybersecurity Program Annual Report |
9/28/2017 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
61 |
800-193 |
Platform
Firmware Resiliency Guidelines |
5/30/2017 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
1 |
62 |
800-192 |
Verification
and Test Methods for Access Control Policies/Models |
6/27/2017 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
63 |
800-190 |
Application
Container Security Guide |
9/25/2017 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
64 |
800-188 |
De-Identifying
Government Datasets (2nd Draft) |
12/15/2016 |
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
65 |
800-187 |
Guide to
LTE Security |
12/21/2017 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
66 |
800-185 |
SHA-3
Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash |
12/22/2016 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
67 |
800-184 |
Guide
for Cybersecurity Event Recovery |
12/22/2016 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
1 |
68 |
800-183 |
Networks
of 'Things' |
7/28/2016 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
69 |
800-182 |
Computer
Security Division 2015 Annual Report |
8/10/2016 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
70 |
800-181 |
National
Initiative for Cybersecurity Education (NICE) Workforce Framework |
8/7/2017 |
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
71 |
800-180 |
Microservices,
Application Containers & System Virtual Machines |
2/18/2016 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
72 |
800-179 |
Guide to
Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security
Configuration Checklist |
12/5/2016 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
73 |
800-178 |
A
Comparison of Attribute Based Access Control (ABAC) Standards for Data
Service Applications |
10/3/2016 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
74 |
800-177r1 |
Trustworthy
Email r1 |
2/6/2019 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
75 |
800-177 |
Trustworthy
Email |
9/7/2016 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
76 |
800-176 |
Computer
Security Division 2014 Annual Report |
8/20/2015 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
77 |
800-175B |
Guideline
for Using Cryptographic Standards in the Federal Government: Cryptographic
Mechanisms |
8/22/2016 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
78 |
800-175A |
Guideline
for Using Cryptographic Standards in the Federal Government: Directives,
Mandates and Policies |
8/22/2016 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
79 |
800-171r1 |
Protecting
Controlled Unclassified Information in Nonfederal Systems and Organizations |
2/20/2018 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
80 |
800-171A |
Assessing
Security Requirements for Controlled Unclassified Information (Final Draft) |
2/20/2018 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
81 |
800-170 |
Computer
Security Division 2013 Annual Report |
9/4/2014 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
82 |
800-168 |
Approximate
Matching: Definition and Terminology |
7/2/2014 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
83 |
800-167 |
Guide to
Application Whitelisting |
10/28/2015 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
84 |
800-166 |
Derived
PIV Application and Data Model Test Guidelines |
6/6/2016 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
85 |
800-165 |
Computer
Security Division 2012 Annual Report |
7/22/2013 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
86 |
800-164 |
Guidelines
on Hardware-Rooted Security in Mobile Devices |
10/31/2012 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
87 |
800-163 |
Vetting
the Security of Mobile Applications |
1/26/2015 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
88 |
800-162 |
Guide to
Attribute Based Access Control (ABAC) Definition and Considerations |
1/16/2014 |
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
89 |
800-161 |
Supply
Chain Risk Management Practices for Federal Information Systems and
Organizations |
4/8/2015 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
90 |
800-160 |
Systems
Security Engineering: Considerations for a Multidisciplinary Approach in the
Engineering of Trustworthy Secure Systems |
1/3/2018 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
91 |
800-157 |
Guidelines
for Derived Personal Identity Verification (PIV) Credentials |
12/19/2014 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
92 |
800-156 |
Representation
of PIV Chain-of-Trust for Import and Export |
5/20/2016 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
93 |
800-155 |
BIOS
Integrity Measurement Guidelines |
12/8/2011 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
94 |
800-154 |
Guide to
Data-Centric System Threat Modeling |
3/14/2016 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
1 |
95 |
800-153 |
Guidelines
for Securing Wireless Local Area Networks (WLANs) |
2/21/2012 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
96 |
800-152 |
A Profile
for U.S. Federal Cryptographic Key Management Systems (CKMS) |
10/28/2015 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
97 |
800-150 |
Guide to
Cyber Threat Information Sharing |
10/4/2016 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
1 |
98 |
800-147B |
BIOS
Protection Guidelines for Servers |
8/28/2014 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
99 |
800-147 |
BIOS
Protection Guidelines |
4/29/2011 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
100 |
800-146 |
Cloud
Computing Synopsis and Recommendations |
5/29/2012 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
1 |
101 |
800-145 |
The NIST
Definition of Cloud Computing |
9/28/2011 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
1 |
102 |
800-144 |
Guidelines
on Security and Privacy in Public Cloud Computing |
12/9/2011 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
1 |
103 |
800-142 |
Practical
Combinatorial Testing |
10/7/2010 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
104 |
800-137 |
Information
Security Continuous Monitoring (ISCM) for Federal Information Systems and
Organizations |
9/30/2011 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
105 |
800-135 Rev. 1 |
Recommendation
for Existing Application-Specific Key Derivation Functions |
12/23/2011 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
106 |
800-133 |
Recommendation
for Cryptographic Key Generation |
12/21/2012 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
107 |
800-132 |
Recommendation
for Password-Based Key Derivation: Part 1: Storage Applications |
12/22/2010 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
108 |
800-131A Rev. 1 |
Transitions:
Recommendation for Transitioning the Use of Cryptographic Algorithms and Key
Lengths |
11/6/2015 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
109 |
800-130 |
A
Framework for Designing Cryptographic Key Management Systems |
8/15/2013 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
110 |
800-128 |
Guide
for Security-Focused Configuration Management of Information Systems |
8/12/2011 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
111 |
800-127 |
Guide to
Securing WiMAX Wireless Communications |
9/30/2010 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
112 |
800-126 Rev. 3 |
The
Technical Specification for the Security Content Automation Protocol (SCAP):
SCAP Version 1.3 |
2/14/2018 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
113 |
800-126 Rev. 2 |
The
Technical Specification for the Security Content Automation Protocol (SCAP):
SCAP Version 1.2 |
3/19/2012 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
114 |
800-126A |
SCAP 1.3
Component Specification Version Updates: An Annex to NIST Special Publication
800-126 Revision 3 |
2/14/2018 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
115 |
800-126 Rev. 1 |
The
Technical Specification for the Security Content Automation Protocol (SCAP):
SCAP Version 1.1 |
2/25/2011 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
116 |
800-126 |
The
Technical Specification for the Security Content Automation Protocol (SCAP):
SCAP Version 1.0 |
11/5/2009 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
117 |
800-125B |
Secure
Virtual Network Configuration for Virtual Machine (VM) Protection |
3/7/2016 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
118 |
800-125A |
Security
Recommendations for Hypervisor Deployment on Servers |
1/23/2018 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
119 |
800-125 |
Guide to
Security for Full Virtualization Technologies |
1/28/2011 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
120 |
800-124 Rev. 1 |
Guidelines
for Managing the Security of Mobile Devices in the Enterprise |
6/21/2013 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
121 |
800-123 |
Guide to
General Server Security |
7/25/2008 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
122 |
800-122 |
Guide to
Protecting the Confidentiality of Personally Identifiable Information (PII) |
4/6/2010 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
123 |
800-121 Rev. 2 |
Guide to
Bluetooth Security |
5/8/2017 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
124 |
800-120 |
Recommendation
for EAP Methods Used in Wireless Network Access Authentication |
9/17/2009 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
125 |
800-119 |
Guidelines
for the Secure Deployment of IPv6 |
12/29/2010 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
126 |
800-117 Rev. 1 |
Guide to
Adopting and Using the Security Content Automation Protocol (SCAP) Version
1.2 |
1/6/2012 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
127 |
800-117 |
Guide to
Adopting and Using the Security Content Automation Protocol (SCAP) Version
1.0 |
7/27/2010 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
128 |
800-116 Rev. 1 |
A
Recommendation for the Use of PIV Credentials in Physical Access Control
Systems (PACS) |
12/28/2015 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
129 |
800-116 |
A
Recommendation for the Use of PIV Credentials in Physical Access Control
Systems (PACS) |
11/20/2008 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
130 |
800-115 |
Technical
Guide to Information Security Testing and Assessment |
9/30/2008 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
131 |
800-114 Rev. 1 |
User's
Guide to Telework and Bring Your Own Device (BYOD) Security |
7/29/2016 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
132 |
800-113 |
Guide to
SSL VPNs |
7/1/2008 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
133 |
800-111 |
Guide to
Storage Encryption Technologies for End User Devices |
11/15/2007 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
134 |
800-108 |
Recommendation
for Key Derivation Using Pseudorandom Functions (Revised) |
11/12/2008 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
135 |
800-107 Rev. 1 |
Recommendation
for Applications Using Approved Hash Algorithms |
8/24/2012 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
136 |
800-106 |
Randomized
Hashing for Digital Signatures |
2/25/2009 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
137 |
800-102 |
Recommendation
for Digital Signature Timeliness |
9/23/2009 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
138 |
800-101 Rev. 1 |
Guidelines
on Mobile Device Forensics |
5/15/2014 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
139 |
800-100 |
Information
Security Handbook: A Guide for Managers |
3/7/2007 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
140 |
800-98 |
Guidelines
for Securing Radio Frequency Identification (RFID) Systems |
4/6/2007 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
141 |
800-97 |
Establishing
Wireless Robust Security Networks: A Guide to IEEE 802.11i |
2/7/2007 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
142 |
800-96 |
PIV Card
to Reader Interoperability Guidelines |
12/29/2006 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
143 |
800-95 |
Guide to
Secure Web Services |
8/29/2007 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
1 |
144 |
800-94 Rev. 1 |
Guide to
Intrusion Detection and Prevention Systems (IDPS) |
7/25/2012 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
145 |
800-92 |
Guide to
Computer Security Log Management |
9/13/2006 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
146 |
800-90C |
Recommendation
for Random Bit Generator (RBG) Constructions |
4/13/2016 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
147 |
800-90B |
Recommendation
for the Entropy Sources Used for Random Bit Generation |
1/10/2018 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
148 |
800-90A Rev. 1 |
Recommendation
for Random Number Generation Using Deterministic Random Bit Generators |
6/24/2015 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
149 |
800-89 |
Recommendation
for Obtaining Assurances for Digital Signature Applications |
11/30/2006 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
150 |
800-88 Rev. 1 |
Guidelines
for Media Sanitization |
12/17/2014 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
1 |
151 |
800-87 Rev. 1 |
Codes
for Identification of Federal and Federally-Assisted Organizations |
4/25/2008 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
152 |
800-86 |
Guide to
Integrating Forensic Techniques into Incident Response |
9/1/2006 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
1 |
153 |
800-85B-4 |
PIV Data
Model Test Guidelines |
8/6/2014 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
154 |
800-85A-4 |
PIV Card
Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance) |
4/13/2016 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
155 |
800-84 |
Guide to
Test, Training, and Exercise Programs for IT Plans and Capabilities |
9/21/2006 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
156 |
800-83 Rev. 1 |
Guide to
Malware Incident Prevention and Handling for Desktops and Laptops |
7/22/2013 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
1 |
157 |
800-82 Rev. 2 |
Guide to
Industrial Control Systems (ICS) Security |
6/3/2015 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
1 |
158 |
800-81-2 |
Secure
Domain Name System (DNS) Deployment Guide |
9/18/2013 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
159 |
800-79-2 |
Guidelines
for the Authorization of Personal Identity Verification Card Issuers (PCI)
and Derived PIV Credential Issuers (DPCI) |
7/30/2015 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
160 |
800-78-4 |
Cryptographic
Algorithms and Key Sizes for Personal Identity Verification |
5/29/2015 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
161 |
800-77 |
Guide to
IPsec VPNs |
12/1/2005 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
162 |
800-76-2 |
Biometric
Specifications for Personal Identity Verification |
7/11/2013 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
163 |
800-73-4 |
Interfaces
for Personal Identity Verification |
2/12/2016 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
164 |
800-72 |
Guidelines
on PDA Forensics |
11/1/2004 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
1 |
165 |
800-70 Rev. 4 |
National
Checklist Program for IT Products: Guidelines for Checklist Users and
Developers |
2/15/2018 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
166 |
800-69 |
Guidance
for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration
Checklist |
9/29/2006 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
167 |
800-68 Rev. 1 |
Guide to
Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security
Configuration Checklist |
10/24/2008 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
168 |
800-67 Rev. 2 |
Recommendation
for the Triple Data Encryption Algorithm (TDEA) Block Cipher |
11/17/2017 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
169 |
800-66 Rev. 1 |
An
Introductory Resource Guide for Implementing the Health Insurance Portability
and Accountability Act (HIPAA) Security Rule |
10/23/2008 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
1 |
170 |
800-65 |
Integrating
IT Security into the Capital Planning and Investment Control Process |
1/1/2005 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
171 |
800-64 Rev. 2 |
Security
Considerations in the System Development Life Cycle |
10/16/2008 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
172 |
800-63-3 |
Digital
Identity Guidelines |
12/1/2017 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
173 |
800-63C |
Digital
Identity Guidelines: Federation and Assertions |
12/1/2017 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
174 |
800-63B |
Digital
Identity Guidelines: Authentication and Lifecycle Management |
12/1/2017 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
175 |
800-63A |
Digital
Identity Guidelines: Enrollment and Identity Proofing |
12/1/2017 |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
176 |
800-61 Rev. 2 |
Computer
Security Incident Handling Guide |
8/6/2012 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
1 |
177 |
800-60 Vol. 2 Rev. 1 |
Guide
for Mapping Types of Information and Information Systems to Security
Categories: Appendices |
8/1/2008 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
178 |
800-60 Vol. 1 Rev. 1 |
Guide
for Mapping Types of Information and Information Systems to Security
Categories |
8/1/2008 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
179 |
800-59 |
Guideline
for Identifying an Information System as a National Security System |
8/20/2003 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
180 |
800-58 |
Security
Considerations for Voice Over IP Systems |
1/1/2005 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
181 |
800-57 Part 3 Rev. 1 |
Recommendation
for Key Management, Part 3: Application-Specific Key Management Guidance |
1/22/2015 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
182 |
800-57 Part 2 |
Recommendation
for Key Management, Part 2: Best Practices for Key Management Organization |
8/25/2005 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
183 |
800-57 Part 1 Rev. 4 |
Recommendation
for Key Management, Part 1: General |
1/28/2016 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
184 |
800-56C Rev. 1 |
Recommendation
for Key Derivation through Extraction-then-Expansion |
8/7/2017 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
185 |
800-56C |
Recommendation
for Key Derivation through Extraction-then-Expansion |
11/28/2011 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
186 |
800-56B Rev. 1 |
Recommendation
for Pair-Wise Key-Establishment Schemes Using Integer Factorization
Cryptography |
10/1/2014 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
187 |
800-56A Rev. 3 |
Recommendation
for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography |
8/7/2017 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
188 |
800-56A Rev. 2 |
Recommendation
for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography |
6/5/2013 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
189 |
800-55 Rev. 1 |
Performance
Measurement Guide for Information Security |
7/16/2008 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
190 |
800-54 |
Border
Gateway Protocol Security |
7/17/2007 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
191 |
800-53 Rev. 5 |
Security
and Privacy Controls for Information Systems and Organizations |
8/15/2017 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
192 |
800-53 Rev. 4 |
Security
and Privacy Controls for Federal Information Systems and Organizations |
1/22/2015 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
193 |
800-53A Rev. 4 |
Assessing
Security and Privacy Controls in Federal Information Systems and
Organizations: Building Effective Assessment Plans |
12/18/2014 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
194 |
800-52 Rev. 2 |
Guidelines
for the Selection, Configuration, and Use of Transport Layer Security (TLS)
Implementations |
11/15/2017 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
195 |
800-52 Rev. 1 |
Guidelines
for the Selection, Configuration, and Use of Transport Layer Security (TLS)
Implementations |
4/28/2014 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
196 |
800-51 Rev. 1 |
Guide to
Using Vulnerability Naming Schemes |
2/25/2011 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
1 |
197 |
800-50 |
Building
an Information Technology Security Awareness and Training Program |
10/1/2003 |
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
198 |
800-49 |
Federal
S/MIME V3 Client Profile |
11/5/2002 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
199 |
800-48 Rev. 1 |
Guide to
Securing Legacy IEEE 802.11 Wireless Networks |
7/25/2008 |
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
200 |
800-47 |
Security
Guide for Interconnecting Information Technology Systems |
9/1/2002 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
201 |
800-46 Rev. 2 |
Guide to
Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security |
7/29/2016 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
202 |
800-45 Version 2 |
Guidelines
on Electronic Mail Security |
2/20/2007 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
203 |
800-44 Version 2 |
Guidelines
on Securing Public Web Servers |
10/9/2007 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
1 |
204 |
800-43 |
Systems
Administration Guidance for Securing Windows 2000 Professional System |
11/1/2002 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
205 |
800-41 Rev. 1 |
Guidelines
on Firewalls and Firewall Policy |
9/28/2009 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
206 |
800-40 Rev. 3 |
Guide to
Enterprise Patch Management Technologies |
7/22/2013 |
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
207 |
800-39 |
Managing
Information Security Risk: Organization, Mission, and Information System View |
3/1/2011 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
208 |
800-38G |
Recommendation
for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption |
3/29/2016 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
209 |
800-38F |
Recommendation
for Block Cipher Modes of Operation: Methods for Key Wrapping |
12/13/2012 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
210 |
800-38E |
Recommendation
for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on
Storage Devices |
1/18/2010 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
211 |
800-38D |
Recommendation
for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC |
11/28/2007 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
212 |
800-38C |
Recommendation
for Block Cipher Modes of Operation: the CCM Mode for Authentication and
Confidentiality |
7/20/2007 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
213 |
800-38B |
Recommendation
for Block Cipher Modes of Operation: the CMAC Mode for Authentication |
10/6/2016 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
214 |
800-38A Addendum |
Recommendation
for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing
for CBC Mode |
10/21/2010 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
215 |
800-38A |
Recommendation
for Block Cipher Modes of Operation: Methods and Techniques |
12/1/2001 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
216 |
800-37 Rev. 2 |
Risk
Management Framework for Information Systems and Organizations: A System Life
Cycle Approach for Security and Privacy (Discussion Draft) |
9/28/2017 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
217 |
800-37 Rev. 1 |
Guide
for Applying the Risk Management Framework to Federal Information Systems: a
Security Life Cycle Approach |
6/10/2014 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
218 |
800-36 |
Guide to
Selecting Information Technology Security Products |
10/9/2003 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
219 |
800-35 |
Guide to
Information Technology Security Services |
10/9/2003 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
220 |
800-34 Rev. 1 |
Contingency
Planning Guide for Federal Information Systems |
11/11/2010 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
1 |
221 |
800-33 |
Underlying
Technical Models for Information Technology Security |
12/1/2001 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
222 |
800-32 |
Introduction
to Public Key Technology and the Federal PKI Infrastructure |
2/26/2001 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
223 |
800-30 Rev. 1 |
Guide
for Conducting Risk Assessments |
9/17/2012 |
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
224 |
800-29 |
A
Comparison of the Security Requirements for Cryptographic Modules in FIPS
140-1 and FIPS 140-2 |
6/1/2001 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
225 |
800-28 Version 2 |
Guidelines
on Active Content and Mobile Code |
3/7/2008 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
226 |
800-25 |
Federal
Agency Use of Public Key Technology for Digital Signatures and Authentication |
10/1/2000 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
227 |
800-24 |
PBX
Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
4/1/2001 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
228 |
800-23 |
Guidelines
to Federal Organizations on Security Assurance and Acquisition/Use of
Tested/Evaluated Products |
8/1/2000 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
229 |
800-22 Rev. 1a |
A
Statistical Test Suite for Random and Pseudorandom Number Generators for
Cryptographic Applications |
9/16/2010 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
230 |
800-20 |
Modes of
Operation Validation System for the Triple Data Encryption Algorithm (TMOVS):
Requirements and Procedures |
3/1/2012 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
231 |
800-19 |
Mobile
Agent Security |
10/1/1999 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
232 |
800-18 Rev. 1 |
Guide
for Developing Security Plans for Federal Information Systems |
2/24/2006 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
233 |
800-17 |
Modes of
Operation Validation System (MOVS): Requirements and Procedures |
2/1/1998 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
234 |
800-16 Rev. 1 |
A
Role-Based Model for Federal Information Technology/Cybersecurity Training |
3/14/2014 |
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
235 |
800-15 |
MISPC
Minimum Interoperability Specification for PKI Components, Version 1 |
1/1/1998 |
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
236 |
800-13 |
Telecommunications
Security Guidelines for Telecommunications Management Network |
10/2/1995 |
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
1 |
237 |
800-12 Rev. 1 |
An
Introduction to Information Security |
6/22/2017 |
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
238 |
800-1 |
Bibliography
of Selected Computer Security Publications, January 1980 - October 1989 |
12/1/1990 |
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
|
1 |
239 |
500-325 |
Fog
Computing Conceptual Model |
3/14/2018 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
1 |
240 |
500-320 |
Report
of the Workshop on Software Measures and Metrics to Reduce Security
Vulnerabilities (SwMM-RSV) |
11/10/2016 |
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
1 |
241 |
500-299 |
NIST
Cloud Computing Security Reference Architecture |
5/5/2013 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
1 |
|
|
2 |
41 |
19 |
7 |
23 |
5 |
21 |
3 |
13 |
27 |
10 |
10 |
17 |
3 |
5 |
5 |
6 |
2 |
6 |
1 |
|
8 |
235 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|