NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
Computer Security Division Documents Guide Click Here to download the "Guide to NIST Information Security Documents."

Updated: August 2009
Posted: December 2009

*NOTE: Categories in the Families, Topic Clusters, and Legal Requirements listings are from the "Guide to NIST Information Security Documents."

Itl security bulletins

ITL Bulletins are published by NIST's Information Technology Laboratory, with most bulletins written by the Computer Security Division. These bulletins are published on the average of six times a year. Each bulletin presents an in-depth discussion of a single topic of significant interest to the information systems community. Not all of ITL Bulletins that are published relate to computer / network security. Only the computer security ITL Bulletins are found here.

ITL Security Bulletins
NumberDateTitle
ITL January 2013Jan. 2013Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy
itlbul2013_01.pdf
ITL December 2012Dec. 2012Generating Secure Cryptographic Keys: A Critical Component of Cryptographic Key Management and the Protection of Sensitive Information
itlbul2012_12.pdf
ITL November 2012Nov. 2012Practices for Managing Supply Chain Risks to Protect Federal Information Systems
itlbul2012_11.pdf
ITL October 2012Oct. 2012Conducting Information Security-Related Risk Assessments: Updated Guidelines For Comprehensive Risk Management Programs
itlbul2012_10.pdf
ITL September 2012Sept. 2012Revised Guide Helps Organizations Handle Security Related Incidents
itlbul2012_09.pdf
ITL August 2012Aug. 2012Security Of Bluetooth Systems And Devices: Updated Guide Issued By The National Institute Of Standards And Technology (NIST)
august-2012_itl-bulletin.pdf
ITL July 2012July 2012Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance
july-2012_itl-bulletin.pdf
ITL June 2012June 2012Cloud Computing: A Review Of Features, Benefits, And Risks, And Recommendations For Secure, Efficient Implementations
june-2012_itl-bulletin.pdf
ITL May 2012May 2012Secure Hash Standard: Updated Specifications Approved And Issued As Federal Information Processing Standard (FIPS) 180-4
may-2012_itl-bulletin.pdf
ITL March 2012Mar. 2012Guidelines For Improving Security And Privacy In Public Cloud Computing
march-2012_itl-bulletin.pdf
ITL February 2012Feb. 2012Guidelines For Securing Wireless Local Area Networks (WLANS)
february-2012_itl-bulletin.pdf
ITL January 2012Jan. 2012Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)
january-2012_itl-bulletin.pdf
ITL December 2011Dec. 2011Revised Guideline For Electronic Authentication Of Users Helps Organizations Protect The Security Of Their Information Systems
December-2011_ITL-Bulletin.pdf
ITL October 2011Oct. 2011Continuous Monitoring of Information Security: An Essential Component of Risk Management
October-2011_ITL-Bulletin.pdf
ITL September 2011Sept. 2011Managing The Configuration Of Information Systems With A Focus On Security
September-2011_ITL-Bulletin.pdf
ITL August 2011Aug. 2011Protecting Industrial Control Systems – Key Components Of Our Nation's Critical Infrastructures
August-200-ITL-Bulletin.pdf
ITL June 2011Jun. 2011Guidelines For Protecting Basic Input/Output System (Bios) Firmware
June-2011-ITL-Bulletin.pdf
ITL May 2011May 2011Using Security Configuration Checklists And The National Checklist Program
May2011-ITL-Bulletin.pdf
ITL April 2011Apr. 2011Full Virtualization Technologies: Guidelines For Secure Implementation And Management
April2011-ITL-Bulletin.pdf
ITL March 2011Mar. 2011Managing Information Security Risk: Organization, Mission And Information System View
March2011-ITL-Bulletin.pdf
ITL January 2011Jan. 2011Internet Protocol Version 6 (Ipv6): Nist Guidelines Help Organizations Manage The Secure Deployment Of The New Network Protocol
January2011-ITLBulletin.pdf
ITL December 2010Dec. 2010Securing WiMAX Wireless Communications
december2010-bulletin.pdf
ITL November 2010Nov. 2010The Exchange Of Health Information: Designing A Security Architecture To Provide Information Security And Privacy
november2010-bulletin.pdf
ITL October 2010Oct. 2010Cyber Security Strategies For The Smart Grid: Protecting The Advanced Digital Infrastructure For Electric Power
october2010-bulletin.pdf
ITL September 2010Sept. 2010Security Content Automation Protocol (Scap): Helping Organizations Maintain And Verify The Security Of Their Information Systems
september2010-bulletin.pdf
ITL August 2010Aug. 2010Assessing The Effectiveness Of Security Controls In Federal Information Systems
august2010-bulletin.pdf
ITL July 2010Jul. 2010Contingency Planning For Information Systems: Updated Guide For Federal Organizations
july-2010-bulletin.pdf
ITL June 2010Jun. 2010How To Identify Personnel With Significant Responsibilities For Information Security
June-2010.pdf
ITL April 2010Apr. 2010Guide To Protecting Personally Identifiable Information
april-2010_guide-protecting-pii.pdf
ITL March 2010Mar. 2010Revised Guide Helps Federal Organizations Improve Their Risk Management Practices And Information System Security
march2010_sp800-37rev1.pdf
ITL February 2010Feb. 2010Secure Management Of Keys In Cryptographic Applications: Guidance For Organizations
february2010_key-management-part3.pdf
ITL January 2010Jan. 2010Security Metrics: Measurements To Support The Continued Development Of Information Security Technology
Jan2010_securitymetrics.pdf
ITL November 2009Nov. 2009Cybersecurity Fundamentals For Small Business Owners
Nov2009_smallbusiness.pdf
ITL October 2009Oct. 2009Protecting Information Systems With Firewalls: Revised Guidelines On Firewall Technologies And Policies
Oct2009_firewall-bulletin.pdf
ITL September 2009Sept. 2009Updated Digital Signature Standard Approved As Federal Information Processing Standard (Fips) 186-3
Sept2009-fips186-3.pdf
ITL August 2009Aug. 2009Revised Catalog Of Security Controls For Federal Information Systems And Organizations: For Use In Both National Security And Nonnational Security Systems
Aug2009_sp800-53-rev3_bulletin.pdf
ITL July 2009July 2009Risk Management Framework: Helping Organizations Implement Effective Information Security Programs
july2009_risk-management-framework.pdf
ITL June 2009Jun. 2009Security For Enterprise Telework And Remote Access Solutions
June2009-Telework.pdf
ITL April 2009Apr. 2009The System Development Life Cycle (SDLC)
april2009_system-development-life-cycle.pdf
ITL March 2009Mar 2009The Cryptographic Hash Algorithm Family: Revision Of The Secure Hash Standard And Ongoing Competition For New Hash Algorithms
March2009_cryptographic-hash-algorithm-family.pdf
ITL February 2009Feb 2009Using Personal Identity Verification (Piv) Credentials In Physical Access Control Systems (Pacs)
Feb2009_PIV-in-PACS.pdf
ITL January 2009Jan 2009Security Of Cell Phones And Pdas
Jan2009_Cell-Phones-and-PDAs.pdf
ITL December 2008Dec 2008Guide To Information Security Testing And Assessment
Dec2008_Testing-Assessment-SP800-115.pdf
ITL November 2008Nov 2008Bluetooth Security: Protecting Wireless Networks And Devices
Nov2008_Bluetooth-Security.pdf
ITL October 2008Oct 2008Keeping Information Technology (It) System Servers Secure: A General Guide To Good Practices
October2008-bulletin_800-123.pdf
ITL September 2008Sept 2008Using Performance Measurements To Evaluate And Strengthen Information System Security
Sept-2008-bulletin.pdf
ITL August 2008Aug. 2008Security Assessments: Tools For Measuring The Effectiveness Of Security Controls
Aug2008_SP800-53a.pdf
ITL July 2008Jul 2008Guidelines On Implementing A Secure Sockets Layer (SSL) Virtual Private Network (VPN)
July2008_SSL-VPN_Bulletin.pdf
ITL May 2008May 2008New Cryptographic Hash Algorithm Family: Nist Holds A Public Competition To Find New Algorithms
b-May-2008.pdf
ITL April 2008Apr 2008Using Active Content And Mobile Code And Safeguarding The Security Of Information Technology Systems
b-April-2008.pdf
ITL March 2008Mar 2008Handling Computer Security Incidents: NIST Issues Updated Guidelines
b-March-2008.pdf
ITL February 2008Feb 2008Federal Desktop Core Configuration (FDCC): Improving Security For Windows Desktop Operating Systems
b-February-2008.pdf
ITL January 2008Jan 2008Secure Web Servers Protecting Web Sites That Are Accessed By The Public
b-January-2008.pdf
ITL December 2007Dec 2007Securing External Computers And Other Devices Used by Teleworkers - ITL Security Bulletin
b-December-2007.pdf
ITL November 2007Nov 2007Using Storage Encryption Technologies to Protect End User Devices - ITL Security Bulletin
November-2007.pdf
ITL October 2007Oct 2007The Common Vulnerability Scoring System (CVSS) - ITL Security Bulletin
Oct-2007.pdf
ITL August 2007Aug 2007Secure Web Services - ITL Security Bulletin
Aug2007.pdf
ITL July 2007Jul 2007Border Gateway Protocol Security - ITL Security Bulletin
b-July-2007.pdf
ITL June 2007Jun 2007Forensic Techniques for Cell Phones - ITL Security Bulletin
b-June-2007.pdf
ITL May 2007May 2007Securing Radio Frequency Identification (RFID) Systems - ITL Security Bulletin
b-May-2007.pdf
ITL April 2007Apr 2007Securing Wireless Networks - ITL Security Bulletin
b-April-07.pdf
ITL March 2007Mar 2007Improving The Security Of Electronic Mail: Updated Guidelines Issued By NIST - ITL Security Bulletin
b-03-07.pdf
ITL February 2007Feb 2007Intrusion Detection And Prevention Systems - ITL Security Bulletin
b-02-07.pdf
ITL January 2007Jan 2007Security Controls For Information Systems: Revised Guidelines Issued By NIST - ITL Security Bulletin
b-01-07.pdf
ITL December 2006Dec 2006Maintaining Effective Information Technology (IT) Security Through Test, Training, And Exercise Programs - ITL Security Bulletin
b-12-06.pdf
ITL November 2006Nov 2006Guide To Securing Computers Using Windows XP Home Edition - ITL Security Bulletin
b-11-06.pdf
ITL October 2006Oct 2006Log Management: Using Computer And Network Records To Improve Information Security - ITL Security Bulletin
b-10-06.pdf
ITL September 2006Sep 2006Forensic Techniques: Helping Organizations Improve Their Responses To Information Security Incidents - ITL Security Bulletin
b-09-06.pdf
ITL August 2006Aug 2006Protecting Sensitive Information Processed And Stored In Information Technology (IT) Systems - ITL Security Bulletin
Aug-06.pdf
ITL June 2006Jun 2006Domain Name System (DNS) Services: NIST Recommendations For Secure Deployment - ITL Security Bulletin
b-06-06.pdf
ITL May 2006May 2006An Update On Cryptographic Standards, Guidelines, And Testing Requirements - ITL Security Bulletin
b-05-06.pdf
ITL April 2006Apr 2006Protecting Sensitive Information Transmitted in Public Networks - ITL Security Bulletin
b-04-06.pdf
ITL March 2006Mar 2006Minimum Security Requirements For Federal Information And Information Systems: Federal Information Processing Standard (FIPS) 200 Approved By The Secretary Of Commerce - ITL Security Bulletin
b-March-06.pdf
ITL February 2006Feb 2006Creating A Program To Manage Security Patches And Vulnerabilities: NIST Recommendations For Improving System Security - ITL Security Bulletin
b-02-06.pdf
ITL January 2006Jan 2006Testing And Validation Of Personal Identity Verification (PIV) Components And Subsystems For Conformance To Federal Information Processing Standard 201 - ITL Security Bulletin
b-01-06.pdf
ITL December 2005Dec 2005Preventing And Handling Malware Incidents: How To Protect Information Technology Systems From Malicious Code And Software - ITL Security Bulletin
b-12-05.pdf
ITL November 2005Nov 2005Securing Microsoft Windows XP Systems: NIST Recommendations For Using A Security Configuration Checklist - ITL Security Bulletin
b-11-05.pdf
ITL October 2005Oct 2005National Vulnerability Database: Helping Information Technology System Users And Developers Find Current Information About Cyber Security Vulnerabilities - ITL Security Bulletin
b-Oct-05.pdf
ITL September 2005Sep 2005Biometric Technologies: Helping To Protect Information And Automated Transactions In Information Technology Systems - ITL Security Bulletin
bulletin-Sept-05.pdf
ITL August 2005Aug 2005Implementation Of FIPS 201, Personal Identity Verification (PIV) Of Federal Employees And Contractors - ITL Security Bulletin
b-08-05.pdf
ITL July 2005Jul 2005Protecting Sensitive Information That Is Transmitted Across Networks: NIST Guidance For Selecting And Using Transport Layer Security Implementations - ITL Security Bulletin
July-2005.pdf
ITL June 2005Jun 2005NIST’s Security Configuration Checklists Program For IT Products - ITL Security Bulletin
June-2005.pdf
ITL May 2005May 2005Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process - ITL Security Bulletin
b-May-05.pdf
ITL April 2005Apr 2005Implementing The Health Insurance Portability And Accountability Act (HIPAA) Security Rule - ITL Security Bulletin
April-05.pdf
ITL March 2005Mar 2005Personal Identity Verification (PIV) Of Federal Employees And Contractors: Federal Information Processing Standard (FIPS) 201 Approved By The Secretary Of Commerce - ITL Security Bulletin
March-2005.pdf
ITL January 2005Jan 2005Integrating IT Security Into The Capital Planning And Investment Control Process - ITL Security Bulletin
Jan-05.pdf
ITL November 2004Nov 2004Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government - ITL Security Bulletin
Nov-2004.pdf
ITL October 2004Oct 2004Securing Voice Over Internet Protocol (IP) Networks - ITL Security Bulletin
Oct-2004.pdf
ITL September 2004Sep 2004Information Security Within the System Development Life Cycle - ITL Security Bulletin
Sept-04.pdf
ITL August 2004Aug 2004Electronic Authentication: Guidance For Selecting Secure Techniques - ITL Security Bulletin
August-2004.pdf
ITL July 2004Jul 2004Guide For Mapping Types Of Information And Information Systems To Security Categories - ITL Security Bulletin
July-2004.pdf
ITL June 2004Jun 2004Information Technology Security Services: How To Select, Implement, And Manage - ITL Security Bulletin
b-06-04.pdf
ITL May 2004May 2004Guide For The Security Certification And Accreditation Of Federal Information Systems - ITL Security Bulletin
b-05-2004.pdf
ITL April 2004Apr 2004Selecting Information Technology Security Products - ITL Security Bulletin
04-2004.pdf
ITL March 2004Mar 2004Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information And Information Systems - ITL Security Bulletin
03-2004.pdf
ITL January 2004Jan 2004Computer Security Incidents: Assessing, Managing, And Controlling The Risks - ITL Security Bulletin
b-01-04.pdf
ITL November 2003Nov 2003Network Security Testing - ITL Security Bulletin
b-11-03.pdf
ITL October 2003Oct 2003Information Technology Security Awareness, Training, Education, and Certification - ITL Security Bulletin
b-10-03.pdf
ITL August 2003Aug 2003IT Security Metrics - ITL Security Bulletin
bulletin08-03.pdf
ITL July 2003Jul 2003Testing Intrusion Detection Systems - ITL Security Bulletin
bulletin07-03.pdf
ITL June 2003Jun 2003ASSET: Security Assessment Tool For Federal Agencies - ITL Security Bulletin
itl-06-2003.pdf
ITL March 2003Mar 2003Security For Wireless Networks And Devices - ITL Security Bulletin
march-03.pdf
ITL February 2003Feb 2003Secure Interconnections for Information Technology Systems - ITL Security Bulletin
feb-03.pdf
ITL January 2003Jan 2003Security Of Electronic Mail - ITL Security Bulletin
01-03.pdf
ITL December 2002Dec 2002Security of Public Web Servers - ITL Security Bulletin
b-12-02.pdf
ITL November 2002Nov 2002Security For Telecommuting And Broadband Communication - ITL Security Bulletin
itl11-02.pdf
ITL October 2002Oct 2002Security Patches And The CVE Vulnerability Naming Scheme: Tools To Address Computer System Vulnerabilities - ITL Security Bulletin
bulletin10-02.pdf
ITL September 2002Sep 2002Cryptographic Standards and Guidelines: A Status Report - ITL Security Bulletin
09-02itl.pdf
ITL July 2002Jul 2002Overview: The Government Smart Card Interoperability Specification - ITL Security Bulletin
07-02.pdf
ITL June 2002Jun 2002Contingency Planning Guide For Information Technology Systems - ITL Security Bulletin
bulletin06-02.pdf
ITL April 2002Apr 2002Techniques for System and Data Recovery - ITL Security Bulletin
04-02.pdf
ITL February 2002Feb 2002Risk Management Guidance For Information Technology Systems - ITL Security Bulletin
02-02.pdf
ITL January 2002Jan 2002Guidelines on Firewalls and Firewall Policy - ITL Security Bulletin
01-02.pdf
ITL November 2001Nov 2001Computer Forensics Guidance - ITL Security Bulletin
11-01.pdf
ITL September 2001Sep 2001Security Self-Assessment Guide for Information Technology Systems - ITL Security Bulletin
09-01.pdf
ITL July 2001Jul 2001A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 - ITL Security Bulletin
07-01.pdf
ITL June 2001Jun 2001Engineering Principles For Information Technology Security - ITL Security Bulletin
06-01.pdf
ITL May 2001May 2001Biometrics - Technologies for Highly Secure Personal Authentication - ITL Security Bulletin
05-01.pdf
ITL March 2001Mar 2001An Introduction to IPsec (Internet Protocol Security) - ITL Security Bulletin
03-01.pdf
ITL December 2000Dec 2000A Statistical Test Suite For Random And Pseudorandom Number Generators For Cryptographic Applications - ITL Security Bulletin
12-00.pdf
ITL October 2000Oct 2000An Overview Of The Common Criteria Evaluation And Validation Scheme - ITL Security Bulletin
10-00.pdf
ITL August 2000Aug 2000Security for Private Branch Exchange Systems - ITL Security Bulletin
08-00.pdf
ITL June 2000Jun 2000Mitigating Emerging Hacker Threats - ITL Security Bulletin
06-00.pdf
ITL March 2000Mar 2000Security Implications of Active Content - ITL Security Bulletin
03-00.pdf
ITL February 2000Feb 2000Guideline for Implementing Cryptography in the Federal Government - ITL Security Bulletin
02-00.pdf
ITL December 1999Dec 1999Operating System Security: Adding to the Arsenal of Security Techniques - ITL Security Bulletin
12-99.pdf
ITL November 1999Nov 1999Acquiring and Deploying Intrusion Detection Systems - ITL Security Bulletin
11-99.pdf
ITL September 1999Sep 1999Securing Web Servers - ITL Security Bulletin
09-99.pdf
ITL August 1999Aug 1999The Advanced Encryption Standard: A Status Report - ITL Security Bulletin
08-99.pdf
ITL May 1999May 1999Computer Attacks: What They Are and How to Defend Against Them - ITL Security Bulletin
05-99.pdf
ITL April 1999Apr 1999Guide for Developing Security Plans for Information Technology Systems - ITL Security Bulletin
04-99.pdf
ITL February 1999Feb 1999Enhancements to Data Encryption and Digital Signature Federal Standards - ITL Security Bulletin
02-99.pdf
ITL January 1999Jan 1999Secure Web-Based Access to High Performance Computing Resources - ITL Security Bulletin
jan-99.html
ITL November 1998Nov 1998Common Criteria: Launching the International Standard - ITL Security Bulletin
11-98.pdf
ITL September 1998Sep 1998Cryptography Standards and Infrastructures for the Twenty-First Century - ITL Security Bulletin
09-98.pdf
ITL June 1998Jun 1998Training for Information Technology Security: Evaluating the Effectiveness of Results-Based Learning - ITL Security Bulletin
06-98.pdf
ITL April 1998Apr 1998Training Requirements for Information Technology Security: An Introduction to Results-Based Learning - ITL Security Bulletin
04-98.pdf
ITL March 1998Mar 1998Management of Risks in Information Systems: Practices of Successful Organizations - ITL Security Bulletin
03-98.pdf
ITL February 1998Feb 1998Information Security and the World Wide Web (WWW) - ITL Security Bulletin
02-98.pdf
ITL November 1997Nov 1997Internet Electronic Mail - ITL Security Bulletin
11-97.pdf
ITL July 1997Jul 1997Public Key Infrastructure Technology - ITL Security Bulletin
07-97.pdf
ITL April 1997Apr 1997Security Considerations In Computer Support And Operations - ITL Security Bulletin
itl97-04.txt
ITL March 1997Mar 1997Audit Trails - ITL Security Bulletin
itl97-03.txt
ITL February 1997Feb 1997Advanced Encryption Standard - ITL Security Bulletin
itl97-02.txt
ITL January 1997Jan 1997Security Issues for Telecommuting - ITL Security Bulletin
itl97-01.txt
ITL October 1996Oct 1996Generally Accepted System Security Principles (GSSPs): Guidance On Securing Information Technology (IT) Systems - ITL Security Bulletin
csl96-10.txt
ITL August 1996Aug 1996Implementation Issues for Cryptography - ITL Security Bulletin
csl96-08.txt
ITL June 1996Jun 1996Information Security Policies For Changing Information Technology Environments - ITL Security Bulletin
csl96-06.txt
ITL May 1996May 1996The World Wide Web: Managing Security Risks - ITL Security Bulletin
csl96-05.txt
ITL February 1996Feb 1996Human/Computer Interface Security Issues - ITL Security Bulletin
csl96-02.txt
ITL December 1995Dec 1995An Introduction to Role-Based Access Control - ITL Security Bulletin
csl95-12.txt
ITL August 1995Aug 1995FIPS 140-1: A Framework for Cryptographic Standards - ITL Security Bulletin
csl95-08.txt
ITL February 1995Feb 1995The Data Encryption Standard: An Update - ITL Security Bulletin
csl95-02.txt
ITL November 1994Nov 1994Digital Signature Standard - ITL Security Bulletin
csl94-11.txt
ITL May 1994May 1994Reducing the Risks of Internet Connection and Use - ITL Security Bulletin
csl94-05.txt
ITL March 1994Mar 1994Threats to Computer Systems: An Overview - ITL Security Bulletin
csl94-03.txt
ITL August 1993Aug 1993Security Program Management - ITL Security Bulletin
csl93-08.txt
ITL July 1993Jul 1993Connecting to the Internet: Security Considerations - ITL Security Bulletin
csl93-07.txt
ITL March 1993Mar 1993Guidance on the Legality of Keystroke Monitoring - ITL Security Bulletin
csl93-03.txt
ITL November 1992Nov 1992Sensitivity of Information - ITL Security Bulletin
csl92-11.txt
ITL March 1992Mar 1992An Introduction to Secure Telephone Terminals - ITL Security Bulletin
csl92-03.txt
ITL February 1992Feb 1992Establishing a Computer Security Incident Handling Capability - ITL Security Bulletin
csl92-02.txt
ITL November 1991Nov 1991Advanced Authentication Technology - ITL Security Bulletin
csl91-11.txt
ITL February 1991Feb 1991Computer Security Roles of NIST and NSA - ITL Security Bulletin
csl91-02.txt
ITL August 1990Aug 1990Computer Virus Attacks - ITL Security Bulletin
csl90-08.txt
Back to Top