NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
Computer Security Division Documents Guide Click Here to download the "Guide to NIST Information Security Documents."

Updated: August 2009
Posted: December 2009

*NOTE: Categories in the Families, Topic Clusters, and Legal Requirements listings are from the "Guide to NIST Information Security Documents."

special Publications (sp) - (800 series)

Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

[For newer publications, links to "dx.doi.org" will redirect to another NIST website.]

Special Publications
NumberDateTitle
SP 800-164Oct. 31, 2012DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
sp800_164_draft.pdf
SP 800-155Dec. 8, 2011DRAFT BIOS Integrity Measurement Guidelines
draft-SP800-155_Dec2011.pdf
SP 800-153Feb. 2012Guidelines for Securing Wireless Local Area Networks (WLANs)
sp800-153.pdf
SP 800-152August 8, 2012DRAFT A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS)
draft-sp-800-152.pdf
SP 800-147 BJuly 30, 2012DRAFT BIOS Protection Guidelines for Servers
draft-sp800-147b_july2012.pdf
SP 800-147Apr. 2011Basic Input/Output System (BIOS) Protection Guidelines
NIST-SP800-147-April2011.pdf
SP 800-146May 2012Cloud Computing Synopsis and Recommendations
sp800-146.pdf
SP 800-145Sept. 2011The NIST Definition of Cloud Computing
SP800-145.pdf
SP 800-144Dec. 2011Guidelines on Security and Privacy in Public Cloud Computing
SP800-144.pdf
SP 800-142Oct. 2010Practical Combinatorial Testing
SP800-142-101006.pdf
SP 800-137Sept. 2011Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP800-137-Final.pdf
SP 800-135 Rev. 1Dec. 2011Recommendation for Existing Application-Specific Key Derivation Functions
sp800-135-rev1.pdf
SP 800-133Dec. 2012Recommendation for Cryptographic Key Generation
dx.doi.org/10.6028/NIST.SP.800-133
SP 800-132Dec. 2010Recommendation for Password-Based Key Derivation Part 1: Storage Applications
nist-sp800-132.pdf
SP 800-131 AJan. 2011Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
sp800-131A.pdf
SP 800-130Apr. 13, 2012DRAFT A Framework for Designing Cryptographic Key Management Systems
second-draft_sp-800-130_april-2012.pdf
SP 800-128Aug. 2011Guide for Security-Focused Configuration Management of Information Systems
sp800-128.pdf
SP 800-127Sept. 2010Guide to Securing WiMAX Wireless Communications
sp800-127.pdf
SP 800-126 Rev. 2Sept. 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP800-126r2.pdf
sp800-126r2-errata-20120409.pdf
SP 800-126 Rev. 1Feb. 2011The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP800-126r1.pdf
SP 800-126Nov. 2009The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0
sp800-126.pdf
SP 800-125Jan. 2011Guide to Security for Full Virtualization Technologies
SP800-125-final.pdf
SP 800-124 Rev 1Jul 10, 2012DRAFT Guidelines for Managing and Securing Mobile Devices in the Enterprise
draft_sp800-124-rev1.pdf
SP 800-124Oct 2008Guidelines on Cell Phone and PDA Security
SP800-124.pdf
SP 800-123Jul 2008Guide to General Server Security
SP800-123.pdf
SP 800-122Apr. 2010Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
sp800-122.pdf
SP 800-121 Rev. 1June 2012Guide to Bluetooth Security
sp800-121_rev1.pdf
SP 800-120Sept. 2009Recommendation for EAP Methods Used in Wireless Network Access Authentication
sp800-120.pdf
SP 800-119Dec. 2010Guidelines for the Secure Deployment of IPv6
sp800-119.pdf
SP 800-118Apr. 21, 2009DRAFT Guide to Enterprise Password Management
draft-sp800-118.pdf
SP 800-117 Rev. 1Jan. 6, 2012DRAFT Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Draft-SP800-117-r1.pdf
SP 800-117July 2010Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
sp800-117.pdf
SP 800-116Nov 2008A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP800-116.pdf
SP 800-115Sept 2008Technical Guide to Information Security Testing and Assessment
SP800-115.pdf
SP 800-114Nov 2007User's Guide to Securing External Devices for Telework and Remote Access
SP800-114.pdf
SP 800-113Jul 2008 Guide to SSL VPNs
SP800-113.pdf
SP 800-111Nov 2007Guide to Storage Encryption Technologies for End User Devices
SP800-111.pdf
SP 800-108Oct. 2009Recommendation for Key Derivation Using Pseudorandom Functions
sp800-108.pdf
SP 800-107 Rev. 1Aug. 2012Recommendation for Applications Using Approved Hash Algorithms
sp800-107-rev1.pdf
SP 800-106Feb. 2009Randomized Hashing for Digital Signatures
NIST-SP-800-106.pdf
SP 800-104Jun 2007A Scheme for PIV Visual Card Topography
SP800-104-June29_2007-final.pdf
SP 800-103Oct 6, 2006DRAFT An Ontology of Identity Credentials, Part I: Background and Formulation
sp800-103-draft.pdf
SP 800-102Sept. 2009Recommendation for Digital Signature Timeliness
sp800-102.pdf
SP 800-101May 2007Guidelines on Cell Phone Forensics
SP800-101.pdf
SP 800-100Oct 2006Information Security Handbook: A Guide for Managers
SP800-100-Mar07-2007.pdf
SP 800-98Apr 2007Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP800-98_RFID-2007.pdf
SP 800-97Feb 2007Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
SP800-97.pdf
SP 800-96Sep 2006PIV Card to Reader Interoperability Guidelines
SP800-96-091106.pdf
SP 800-95Aug 2007Guide to Secure Web Services
SP800-95.pdf
SP 800-94 Rev. 1July 25, 2012DRAFT Guide to Intrusion Detection and Prevention Systems (IDPS)
draft_sp800-94-rev1.pdf
SP 800-94Feb 2007Guide to Intrusion Detection and Prevention Systems (IDPS)
SP800-94.pdf
SP 800-92Sep 2006Guide to Computer Security Log Management
SP800-92.pdf
SP 800-90 CSept. 5, 2012DRAFT Recommendation for Random Bit Generator (RBG) Constructions
draft-sp800-90c.pdf
SP 800-90 BSept. 5, 2012DRAFT Recommendation for the Entropy Sources Used for Random Bit Generation
draft-sp800-90b.pdf
questions-about_draft-sp800-90b.pdf
SP 800-90 AJan. 2012Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP800-90A.pdf
SP 800-89Nov 2006Recommendation for Obtaining Assurances for Digital Signature Applications
SP-800-89_November2006.pdf
SP 800-88 Rev. 1Sept. 6, 2012DRAFT Guidelines for Media Sanitization
sp800_88_r1_draft.pdf
SP 800-88Sep 2006Guidelines for Media Sanitization
NISTSP800-88_with-errata.pdf
SP 800-87 Rev 1Apr 2008Codes for Identification of Federal and Federally-Assisted Organizations
SP800-87_Rev1-April2008Final.pdf
SP 800-86Aug 2006Guide to Integrating Forensic Techniques into Incident Response
SP800-86.pdf
SP 800-85 B-1Sept. 11, 2009DRAFT PIV Data Model Conformance Test Guidelines
draft-sp800-85B-1.pdf
sp800-85B_Change_Summary.pdf
Comment-Template_sp800-85B-1.xls
SP 800-85 BJul 2006PIV Data Model Test Guidelines
SP800-85b-072406-final.pdf
SP 800-85 A-2July 2010PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 Compliance)
sp800-85A-2-final.pdf
SP 800-84Sep 2006Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP800-84.pdf
SP 800-83 Rev. 1July 25, 2012DRAFT Guide to Malware Incident Prevention and Handling for Desktops and Laptops
draft_sp800-83-rev1.pdf
SP 800-83Nov 2005Guide to Malware Incident Prevention and Handling
SP800-83.pdf
SP 800-82Jun. 2011Guide to Industrial Control Systems (ICS) Security
SP800-82-final.pdf
SP 800-81 Rev. 1Apr. 2010Secure Domain Name System (DNS) Deployment Guide
sp-800-81r1.pdf
SP 800-79 -1Jun 2008Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
SP800-79-1.pdf
SP 800-78 -3Dec. 2010Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)
sp800-78-3.pdf
SP 800-77Dec 2005Guide to IPsec VPNs
sp800-77.pdf
SP 800-76 -2Jul. 9, 2012DRAFT Biometric Data Specification for Personal Identity Verification
draft-sp-800-76-2_revised.pdf
comments-template-for_draft-sp800-76-2.docx
SP 800-76 -1Jan 2007Biometric Data Specification for Personal Identity Verification
SP800-76-1_012407.pdf
SP 800-73 -3Feb. 2010Interfaces for Personal Identity Verification (4 Parts)
Pt. 1- End Point PIV Card Application Namespace, Data Model & Representation
Pt. 2- PIV Card Application Card Command Interface
Pt. 3- PIV Client Application Programming Interface
Pt. 4- The PIV Transitional Interfaces & Data Model Specification
sp800-73-3_PART1_piv-card-applic-namespace-date-model-rep.pdf
sp800-73-3_PART2_piv-card-applic-card-common-interface.pdf
sp800-73-3_PART3_piv-client-applic-programming-interface.pdf
sp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdf
SP 800-72Nov 2004Guidelines on PDA Forensics
sp800-72.pdf
SP 800-70 Rev. 2Feb. 2011National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP800-70-rev2.pdf
SP 800-69Sep 2006Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
guidance_WinXP_Home.html
SP 800-68 Rev. 1Oct. 2008Guide to Securing Microsoft Windows XP Systems for IT Professionals
download_WinXP.html
SP 800-67 Rev. 1Jan. 2012Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
SP-800-67-Rev1.pdf
SP 800-66 Rev 1Oct 2008An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP-800-66-Revision1.pdf
SP 800-65 Rev. 1July 14, 2009DRAFT Recommendations for Integrating Information Security into the Capital Planning and Investment Control Process (CPIC)
draft-sp800-65rev1.pdf
SP 800-65Jan 2005Integrating IT Security into the Capital Planning and Investment Control Process
SP-800-65-Final.pdf
SP 800-64 Rev. 2Oct 2008Security Considerations in the System Development Life Cycle
SP800-64-Revision2.pdf
SP 800-63 -2Feb. 1, 2013DRAFT Electronic Authentication Guideline
sp800_63_2_draft.pdf
sp800_63_2_draft_comment_form.doc
SP 800-63 -1Dec. 2011Electronic Authentication Guideline
SP-800-63-1.pdf
SP 800-61 Rev. 2August 2012Computer Security Incident Handling Guide
SP800-61rev2.pdf
SP 800-60 Rev. 1Aug 2008Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes) - Volume 1: Guide Volume 2: Appendices
SP800-60_Vol1-Rev1.pdf
SP800-60_Vol2-Rev1.pdf
SP 800-59Aug 2003Guideline for Identifying an Information System as a National Security System
SP800-59.pdf
SP 800-58Jan 2005Security Considerations for Voice Over IP Systems
SP800-58-final.pdf
SP 800-57 Part 1Jul 2012Recommendation for Key Management: Part 1: General (Revision 3)
sp800-57_part1_rev3_general.pdf
SP 800-57 Part 2Aug 2005Recommendation for Key Management: Part 2: Best Practices for Key Management Organization
SP800-57-Part2.pdf
SP 800-57 Part 3Dec 2009Recommendation for Key Management, Part 3 Application-Specific Key Management Guidance
sp800-57_PART3_key-management_Dec2009.pdf
SP 800-56 CNov. 2011Recommendation for Key Derivation through Extraction-then-Expansion
SP-800-56C.pdf
SP 800-56 BAug. 2009Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography
sp800-56B.pdf
SP 800-56 AMar 2007Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
SP800-56A_Revision1_Mar08-2007.pdf
SP 800-56 A RevAug 20, 2012DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography (Draft Revision)
draft-sp-800-56a.pdf
SP 800-55 Rev. 1Jul 2008Performance Measurement Guide for Information Security
SP800-55-rev1.pdf
SP 800-54Jul 2007Border Gateway Protocol Security
SP800-54.pdf
SP 800-53 Rev. 4Feb. 5, 2013DRAFT Security and Privacy Controls for Federal Information Systems and Organizations (Final Public Draft)
sp800_53_r4_draft_fpd.pdf
sp800_53_r4_appendix_d_markup_draft2.pdf
sp800_53_r4_appendix_f_markup_draft2.pdf
sp800_53_r4_appendix_g_markup_draft2.pdf
SP 800-53 Rev. 3Aug 2009Recommended Security Controls for Federal Information Systems and Organizations
(*Includes Updates as of May 1, 2010*)
sp800-53-rev3-final_updated-errata_05-01-2010.pdf
sp-800-53-rev3_database-beta.html
800-53-rev3_markup-final-public-draft-to-final-updated_may-01-2010.pdf
800-53-rev3_markup-rev2-to-rev3_updated-may-01-2010.pdf
800-53-rev3-Annex1_updated_may-01-2010.pdf
800-53-rev3-Annex2_updated_may-01-2010.pdf
800-53-rev3-Annex3_updated_may-01-2010.pdf
SP_800-53_Rev-3_database-R1.4.1-BETA.zip
SP 800-53 A Rev. 1Jun. 2010Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans
sp800-53A-rev1-final.pdf
assessment.html
SP 800-52Jun 2005Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
SP800-52.pdf
SP 800-51 Rev. 1Feb. 2011Guide to Using Vulnerability Naming Schemes
SP800-51rev1.pdf
SP 800-50Oct 2003Building an Information Technology Security Awareness and Training Program
NIST-SP800-50.pdf
SP 800-49Nov 2002Federal S/MIME V3 Client Profile
sp800-49.pdf
SP 800-48 Rev. 1Jul 2008Guide to Securing Legacy IEEE 802.11 Wireless Networks
SP800-48r1.pdf
SP 800-47Aug 2002Security Guide for Interconnecting Information Technology Systems
sp800-47.pdf
SP 800-46 Rev. 1Jun. 2009Guide to Enterprise Telework and Remote Access Security
sp800-46r1.pdf
SP 800-45 Version 2Feb 2007Guidelines on Electronic Mail Security
SP800-45v2.pdf
SP 800-44 Version 2Sep 2007Guidelines on Securing Public Web Servers
SP800-44v2.pdf
SP 800-43Nov 2002Systems Administration Guidance for Windows 2000 Professional System
guidance_W2Kpro.html
SP 800-41 Rev. 1Sept. 2009Guidelines on Firewalls and Firewall Policy
sp800-41-rev1.pdf
SP 800-40 Version 2.0Nov 2005Creating a Patch and Vulnerability Management Program
SP800-40v2.pdf
SP 800-40 Rev. 3Sept. 5, 2012DRAFT Guide to Enterprise Patch Management Technologies
draft-sp800-40rev3.pdf
SP 800-39Mar. 2011Managing Information Security Risk: Organization, Mission, and Information System View
SP800-39-final.pdf
SP 800-38 FDec. 2012Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
dx.doi.org/10.6028/NIST.SP.800-38F
SP 800-38 ADec 2001Recommendation for Block Cipher Modes of Operation - Methods and Techniques
sp800-38a.pdf
SP 800-38 A - AddendumOct. 2010Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
addendum-to-nist_sp800-38A.pdf
SP 800-38 BMay 2005Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
SP_800-38B.pdf
Updated_CMAC_Examples.pdf
SP 800-38 CMay 2004Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP800-38C_updated-July20_2007.pdf
SP 800-38 DNov 2007Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP-800-38D.pdf
SP 800-38 EJan. 2010Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices
nist-sp-800-38E.pdf
SP 800-37 Rev. 1Feb. 2010Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
sp800-37-rev1-final.pdf
sp800-37-rev1_markup-copy_final.pdf
SP 800-36Oct 2003Guide to Selecting Information Technology Security Products
NIST-SP800-36.pdf
SP 800-35Oct 2003Guide to Information Technology Security Services
NIST-SP800-35.pdf
SP 800-34 Rev. 1May 2010Contingency Planning Guide for Federal Information Systems (Errata Page - Nov. 11, 2010)
sp800-34-rev1_errata-Nov11-2010.pdf
SP 800-33Dec 2001Underlying Technical Models for Information Technology Security
sp800-33.pdf
SP 800-32Feb 2001Introduction to Public Key Technology and the Federal PKI Infrastructure
sp800-32.pdf
SP 800-30 Rev. 1Sept. 2012Guide for Conducting Risk Assessments
sp800_30_r1.pdf
SP 800-29Jun 2001A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
sp800-29.pdf
SP 800-28 Version 2Mar 2008Guidelines on Active Content and Mobile Code
SP800-28v2.pdf
SP 800-27 Rev. AJun 2004Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
SP800-27-RevA.pdf
SP 800-25Oct 2000Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
sp800-25.pdf
SP 800-24Apr 2001PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does
sp800-24pbx.pdf
SP 800-23Aug 2000Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products
sp800-23.pdf
SP 800-22 Rev. 1aApr. 2010A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
SP800-22rev1a.pdf
SP 800-21 2nd editionDec 2005Guideline for Implementing Cryptography in the Federal Government
sp800-21-1_Dec2005.pdf
SP 800-20Oct 1999Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures
(*Includes updates as of March 2012*)
800-20.pdf
SP 800-19Oct 1999Mobile Agent Security
sp800-19.pdf
SP 800-18 Rev.1Feb 2006Guide for Developing Security Plans for Federal Information Systems
sp800-18-Rev1-final.pdf
SP 800-17Feb 1998Modes of Operation Validation System (MOVS): Requirements and Procedures
800-17.pdf
SP 800-16 Rev. 1Mar. 20, 2009DRAFT Information Security Training Requirements: A Role- and Performance-Based Model
Draft-SP800-16-Rev1.pdf
SP 800-16Apr 1998Information Technology Security Training Requirements: A Role- and Performance-Based Model
800-16.pdf
AppendixA-D.pdf
Appendix_E.pdf
SP 800-15 Version 1Jan 1998MISPC Minimum Interoperability Specification for PKI Components
SP800-15.PDF
SP 800-14Sep 1996Generally Accepted Principles and Practices for Securing Information Technology Systems
800-14.pdf
SP 800-13Oct 1995Telecommunications Security Guidelines for Telecommunications Management Network
sp800-13.pdf
SP 800-12Oct 1995An Introduction to Computer Security: The NIST Handbook
handbook.pdf
index.html
Back to Top