NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
Computer Security Division Documents Guide Click Here to download the "Guide to NIST Information Security Documents."

Updated: August 2009
Posted: December 2009

*NOTE: Categories in the Families, Topic Clusters, and Legal Requirements listings are from the "Guide to NIST Information Security Documents."

NIST interagency reports (NIST IRs)

NIST Interagency or Internal Reports (NISTIRs) describe research of a technical nature of interest to a specialized audience. The series includes interim or final reports on work performed by NIST for outside sponsors (both government and nongovernment). NISTIRs may also report results of NIST projects of transitory or limited interest, including those that will be published subsequently in more comprehensive form.

[For newer publications, links to "dx.doi.org" will redirect to another NIST website.]

NIST IRs
NumberDateTitle
NIST IR 7904Dec. 21, 2012DRAFT Trusted Geolocation in the Cloud: Proof of Concept Implementation
draft_nistir_7904.pdf
NIST IR 7896Nov. 2012Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition
dx.doi.org/10.6028/NIST.IR.7896
NIST IR 7878Oct. 2012Combinatorial Coverage Measurement
dx.doi.org/10.6028/NIST.IR.7878
NIST IR 7877Sept. 2012BioCTS 2012: Advanced Conformance Test Architectures and Test Suites for Biometric Data Interchange Formats and Biometric Information Records
dx.doi.org/10.6028/NIST.IR.7877
NIST IR 7874Sept. 2012Guidelines for Access Control System Evaluation Metrics
dx.doi.org/10.6028/NIST.IR.7874
NIST IR 7870July 2012NIST Test Personal Identity Verification (PIV) Cards
dx.doi.org/10.6028/NIST.IR.7870
NIST IR 7864July 2012The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities
dx.doi.org/10.6028/NIST.IR.7864
NIST IR 7848May 7, 2012DRAFT Specification for the Asset Summary Reporting Format 1.0
draft_nistir_7848.pdf
NIST IR 7831Dec. 6, 2011DRAFT Common Remediation Enumeration (CRE) Version 1.0
Draft-NISTIR-7831.pdf
NIST IR 7823Jul 10, 2012DRAFT Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework
draft_nistir-7823.pdf
draft-nistir-7823_comment-form.docx
NIST IR 7817Nov. 2012A Credential Reliability and Revocation Model for Federated Identities
dx.doi.org/10.6028/NIST.IR.7817
NIST IR 7816Mar. 20122011 Computer Security Division Annual Report
nistir_7816.pdf
NIST IR 7815July 2011Access Control for SAR Systems
nistir-7815.pdf
NIST IR 7806Sept. 2011ANSI/NIST-ITL 1-2011 Requirements and Conformance Test Assertions
nistir-7806.pdf
NIST IR 7802Sept. 2011Trust Model for Security Automation Data (TMSAD) Version 1.0
NISTIR-7802.pdf
NIST IR 7800Jan. 20, 2012DRAFT Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains
Draft-NISTIR-7800.pdf
NIST IR 7799Jan. 6, 2012DRAFT Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications
Draft-NISTIR-7799.pdf
NIST IR 7791June 2011Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2007
nistir-7791.pdf
NIST IR 7788Aug. 2011Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs
NISTIR-7788.pdf
NIST IR 7773Nov. 2010An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events
NISTIR-7773.pdf
NIST IR 7771Feb. 2011Conformance Test Architecture for Biometric Data Interchange Formats - Version Beta 2.0
NISTIR-7771.pdf
NIST IR 7764Feb. 2011Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
nistir-7764.pdf
NIST IR 7756Jan. 6, 2012DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture
Draft-NISTIR-7756_second-public-draft.pdf
NIST IR 7751May 20112010 Computer Security Division Annual Report
nistir-7751_2010-csd-annual-report.pdf
NIST IR 7698Aug. 2011Common Platform Enumeration: Applicability Language Specification Version 2.3
NISTIR-7698-CPE-Language.pdf
NIST IR 7697Aug. 2011Common Platform Enumeration: Dictionary Specification Version 2.3
NISTIR-7697-CPE-Dictionary.pdf
NIST IR 7696Aug. 2011Common Platform Enumeration : Name Matching Specification Version 2.3
NISTIR-7696-CPE-Matching.pdf
NIST IR 7695Aug. 2011Common Platform Enumeration: Naming Specification Version 2.3
NISTIR-7695-CPE-Naming.pdf
NIST IR 7694June 2011Specification for the Asset Reporting Format 1.1
NISTIR-7694.pdf
NIST IR 7693June 2011Specification for Asset Identification 1.1
NISTIR-7693.pdf
NIST IR 7692April 2011Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
nistir-7692.pdf
NIST IR 7676June 2010Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
nistir-7676.pdf
NIST IR 7670Feb. 10, 2011DRAFT Proposed Open Specifications for an Enterprise Remediation Automation Framework
Draft-NISTIR-7670_Feb2011.pdf
NIST IR 7669Mar. 10, 2010DRAFT Open Vulnerability Assessment Language (OVAL) Validation Program Derived Test Requirements
draft-nistir-7669.pdf
NIST IR 7665Mar. 2010Proceedings of the Privilege Management Workshop, September 1-3, 2009
nistir-7665.pdf
NIST IR 7658Feb. 2010Guide to SIMfill Use and Development
nistir-7658_SIMfill-users-guide.pdf
NIST IR 7657Mar. 2010A Report on the Privilege (Access) Management Workshop
nistir-7657.pdf
NIST IR 7653Mar. 20102009 Computer Security Division Annual Report
nistir-7653_2009-CSD-annual-report.pdf
NIST IR 7628Aug. 2010Guidelines for Smart Grid Cyber Security
introduction-to-nistir-7628.pdf
nistir-7628_vol1.pdf
nistir-7628_vol2.pdf
nistir-7628_vol3.pdf
NIST IR 7622Oct. 2012Notional Supply Chain Risk Management Practices for Federal Information Systems
dx.doi.org/10.6028/NIST.IR.7622
NIST IR 7621Oct. 2009Small Business Information Security: The Fundamentals
nistir-7621.pdf
NIST IR 7620Sept. 2009Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition
nistir_7620.pdf
NIST IR 7617Oct. 2009Mobile Forensic Reference Materials: A Methodology and Reification
nistir-7617.pdf
NIST IR 7611Aug. 2009Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): Support for Development and use of Interoperable Identity Credentials
nistir7611_use-of-isoiec24727.pdf
NIST IR 7609Jan. 2010Cryptographic Key Management Workshop Summary
nistir-7609.pdf
NIST IR 7601Aug. 2010Framework for Emergency Response Officials (ERO)
nistir-7601_framework-ERO.pdf
NIST IR 7581Sept. 2009System and Network Security Acronyms and Abbreviations
nistir-7581.pdf
NIST IR 7564Apr. 2009Directions in Security Metrics Research
nistir-7564_metrics-research.pdf
NIST IR 7559Jun. 2010Forensics Web Services (FWS)
nistir-7559_forensics-web-services.pdf
NIST IR 7539Dec. 2008Symmetric Key Injection onto Smart Cards
nistir-7539-Symmetric_key_injection_final.pdf
NIST IR 7536Mar. 20092008 Computer Security Division Annual Report
NISTIR-7536_2008-CSD-Annual-Report.pdf
NIST IR 7516Aug 2008Forensic Filtering of Cell Phone Protocols
nistir-7516_forensic-filter.pdf
NIST IR 7511 Rev. 3Jan. 2013Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements
dx.doi.org/10.6028/NIST.IR.7511
NIST IR 7502Dec. 2010The Common Configuration Scoring System (CCSS): Metrics for Software Security Configuration Vulnerabilities
nistir-7502_CCSS.pdf
NIST IR 7497Sept. 2010Security Architecture Design Process for Health Information Exchanges (HIEs)
nistir-7497.pdf
NIST IR 7452Nov 2007Secure Biometric Match-on-Card Feasibility Report
NISTIR-7452.pdf
NIST IR 7442Apr 20082007 Computer Security Division Annual Report
NIST-IR-7442_2007CSDAnnualReport.pdf
NIST IR 7435Aug 2007The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems
NISTIR-7435.pdf
NIST IR 7427Sep 20076th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings
NISTIR7427_PKI_2007.pdf
NIST IR 7399Mar 20072006 Computer Security Division Annual Report
NISTIR7399_CSDAnnualReport2006.pdf
NIST IR 7387Mar 2007Cell Phone Forensic Tools: An Overview and Analysis Update,
nistir-7387.pdf
NIST IR 7359Jan 2007Information Security Guide For Government Executives
NISTIR-7359.pdf
CSD_ExecGuide-booklet.pdf
NIST IR 7358Jan 2007Program Review for Information Security Management Assistance (PRISMA)
NISTIR-7358.pdf
NIST IR 7337Aug 2006Personal Identity Verification Demonstration Summary
NISTIR-7337_CRADA_082006.pdf
NIST IR 7328Sep 29, 2007DRAFT Security Assessment Provider Requirements and Customer Responsibilities: Building a Security Assessment Credentialing Program for Federal Information Systems
NISTIR_7328-ipdraft.pdf
NIST IR 7316Sep 2006Assessment of Access Control Systems
NISTIR-7316.pdf
NIST IR 7313Jul 20065th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings
NIST-IR-7313_Final.pdf
NIST IR 7298 Rev. 2Dec. 6, 2012DRAFT Glossary of Key Information Security Terms
nistir7298_r2_draft.pdf
NIST IR 7298 Rev. 1Feb. 2011Glossary of Key Information Security Terms
nistir-7298-revision1.pdf
NIST IR 7290Mar 2006Fingerprint Identification and Mobile Handheld Devices: Overview and Implementation
NIST-IR-7290-pp-mobileFprint-final.pdf
NIST IR 7285Feb 20062005 Computer Security Division Annual Report
nistir-7285-CSD-2005-Annual-Report.pdf
NIST IR 7284Jan 2006Personal Identity Verification Card Management Report
nistir-7284.pdf
NIST IR 7275 Rev. 4Sept. 2011Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2
NISTIR-7275r4.pdf
nistir-7275r4_updated-march-2012_markup.pdf
nistir-7275r4_updated-march-2012_clean.pdf
NIST IR 7275 Rev. 3Jan 2008Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4
NISTIR-7275r3.pdf
NIST IR 7250Oct 2005Cell Phone Forensic Tools: An Overview and Analysis
nistir-7250.pdf
NIST IR 7224Aug 20054th Annual PKI R&D Workshop: Multiple Paths to Trust Proceedings
NISTIR-7224.pdf
NIST IR 7219Apr 20052004 Computer Security Division Annual Report
NISTIR7219-CSD-2004-Annual-Report.pdf
NIST IR 7206Jul 2005Smart Cards and Mobile Device Authentication: An Overview and Implementation
nist-IR-7206.pdf
NIST IR 7200Jun 2005Proximity Beacons and Mobile Handheld Devices: Overview and Implementation
NIST-IR-7200.pdf
NIST IR 7111Apr 20042003 Computer Security Division Annual Report
IR7111-CSDAnnualReport.pdf
NIST IR 7100Aug 2004PDA Forensic Tools: An Overview and Analysis
nistir-7100-PDAForensics.pdf
NIST IR 7056Mar 2004Card Technology Development and Gap Analysis Interagency Report
nistir-7056.pdf
NIST IR 7046Aug 2003A Framework for Multi-Mode Authentication: Overview and Implementation Guide
nistir-7046.pdf
NIST IR 7030Jul 2003Picture Password: A Visual Login Technique for Mobile Devices
nistir-7030.pdf
NIST IR 7007Jun 2003An Overview of Issues in Testing Intrusion Detection Systems
nistir-7007.pdf
NIST IR 6985Apr 2003COTS Security Protection Profile - Operating Systems (CSPP-OS) (Worked Example Applying Guidance of NISTIR-6462, CSPP)
nistir-6985.pdf
NIST IR 6981Apr 2003Policy Expression and Enforcement for Handheld Devices
nistir-6981.pdf
NIST IR 6887Jul 2003Government Smart Card Interoperability Specification
nistir-6887.pdf
NIST IR 6529 AApr 2004Common Biometric Exchange Formats Framework (CBEFF)
NISTIR6529A.pdf
NIST IR 6483Mar 2000Randomness Testing of the Advanced Encryption Standard Finalist Candidates
ir6483.pdf
NIST IR 6462Dec 1999CSPP - Guidance for COTS Security Protection Profiles
ir6462.pdf
NIST IR 6416Oct 1999Applying Mobile Agents to Intrusion Detection and Response
ir6416.pdf
NIST IR 6390Sep 1999Randomness Testing of the Advanced Encryption Standard Candidate Algorithms
ir6390.pdf
NIST IR 54951994Computer Security Training & Awareness Course Compendium
ir5495.txt
NIST IR 5472Mar 1994A Head Start on Assurance Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness
ir5472.txt
NIST IR 5308Dec 1993General Procedures for Registering Computer Security Objects
ir5308.txt
NIST IR 5153Mar 1993Minimum Security Requirements for Multi-User Operating Systems
ir5153.txt
NIST IR 4976Nov 1992Assessing Federal and Commercial Information Security Needs
ir4976.txt
NIST IR 4939Oct 1992Threat Assessment of Malicious Code and External Attacks
index.html
ir4939.txt
NIST IR 4749Jun 1992Sample Statements of Work for Federal Computer Security Services: For use In-House or Contracting Out
ir4749.txt
NIST IR 4734Feb 1992Foundations of a Security Policy for use of the National Research and Educational Network
NISTIR-4734.pdf
Back to Top