Guide to NIST Security Documents Families
Contents
- 1 Families
- 1.1 ACCESS CONTROL
- 1.2 AWARENESS & TRAINING
- 1.3 AUDIT & ACCOUNTABILITY
- 1.4 CERTIFICATION, ACCREDITATION & SECURITY ASSESSMENTS
- 1.5 CONFIGURATION MANAGEMENT
- 1.6 CONTINGENCY PLANNING
- 1.7 IDENTIFICATION AND AUTHENTICATION
- 1.8 INCIDENT RESPONSE
- 1.9 MAINTENANCE
- 1.10 MEDIA PROTECTION
- 1.11 PHYSICAL & ENVIRONMENTAL PROTECTION
- 1.12 PLANNING
- 1.13 PERSONNEL SECURITY
- 1.14 RISK ASSESSMENT
- 1.15 SYSTEM & SERVICES ACQUISITION
- 1.16 SYSTEM & COMMUNICATION PROTECTION
- 1.17 SYSTEM & INFORMATION INTEGRITY
Families
The Family categories are identical to the control families found in FIPS 200, SP 800-53, and other related documents. These Family lists mirror the document crosswalk from SP 800-53, Revision 1.
ACCESS CONTROL
| FIPS 201-1 | Personal Identity Verification for Federal Employees and Contractors |
|---|---|
| FIPS 200 | Security Controls for Federal Information Systems |
| FIPS 188 | Standard Security Labels for Information Transfer |
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-97 | Guide to IEEE 802.11i: Robust Security Networks |
| SP 800-96 | PIV Card / Reader Interoperability Guidelines |
| SP 800-87 | Codes for the Identification of Federal and Federally Assisted Organizations |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| SP 800-78 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| SP 800-77 | Guide to IPSec VPNs |
| SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| SP 800-73 Rev 1 | Integrated Circuit Card for Personal Identification Verification |
| SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-58 | Security Considerations for Voice Over IP Systems |
| SP 800-57 | Recommendation on Key Management |
| SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| SP 800-46 | Security for Telecommuting and Broadband Communications |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-43 | Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System |
| SP 800-41 | Guidelines on Firewalls and Firewall Policy |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-28 | Guidelines on Active Content and Mobile Code |
| SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| SP 800-19 | Mobile Agent Security |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook Families |
AWARENESS & TRAINING
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-50 | Building an Information Technology Security Awareness and Training Program |
| SP 800-40 | Procedures for Handling Security Patches |
| SP 800-31 | Intrusion Detection Systems (IDSs) |
| SP 800-16 | Information Technology Security Training Requirements: A Role- and Performance-Based Model |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
AUDIT & ACCOUNTABILITY
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| FIPS 198 | The Keyed-Hash Message Authentication Code (HMAC) |
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-92 | Guide to Computer Security Log Management |
| SP 800-89 | Recommendation for Obtaining Assurances for Digital Signature Applications |
| SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-72 | Guidelines on PDA Forensics |
| SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-57 | Recommendation on Key Management |
| SP 800-52 | Guidelines on the Selection and Use of Transport Layer Security |
| SP 800-49 | Federal S/MIME V3 Client Profile |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-42 | Guideline on Network Security Testing |
| SP 800-19 | Mobile Agent Security |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
CERTIFICATION, ACCREDITATION & SECURITY ASSESSMENTS
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-85 | PIV Middleware and PIV Card Application Conformance Test Guidelines |
| SP 800-79 | Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations |
| SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-65 | Integrating Security into the Capital Planning and Investment Control Process |
| SP 800-55 | Security Metrics Guide for Information Technology Systems |
| SP 800-53A | Guide for Assessing the Security Controls in Federal Information Systems |
| SP 800-47 | Security Guide for Interconnecting Information Technology Systems |
| SP 800-42 | Guideline on Network Security Testing |
| SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-35 | Guide to Information Technology Security Services |
| SP 800-30 | Risk Management Guide for Information Technology Systems |
| SP 800-26 | Security Self-Assessment Guide for Information Technology Systems |
| SP 800-23 | Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products |
| SP 800-22 | A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications |
| SP 800-20 | Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures |
| SP 800-18 | Guide for Developing Security Plans for Information Technology Systems |
| SP 800-17 | Modes of Operation Validation System (MOVS): Requirements and Procedures |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
CONFIGURATION MANAGEMENT
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| SP 800-70 | Security Configuration Checklists Program for IT Products |
| SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| SP 800-46 | Security for Telecommuting and Broadband Communications |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-43 | Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System |
| SP 800-40 | Procedures for Handling Security Patches |
| SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| SP 800-35 | Guide to Information Technology Security Services |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
CONTINGENCY PLANNING
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-57 | Recommendation on Key Management |
| SP 800-56A | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography |
| SP 800-50 | Building an Information Technology Security Awareness and Training Program |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-43 | Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System |
| SP 800-41 | Guidelines on Firewalls and Firewall Policy |
| SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-13 | Telecommunications Security Guidelines for Telecommunications Management Network |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
IDENTIFICATION AND AUTHENTICATION
| FIPS 201-1 | Personal Identity Verification for Federal Employees and Contractors |
|---|---|
| FIPS 200 | Security Controls for Federal Information Systems |
| FIPS 190 | Guideline for the Use of Advanced Authentication Technology Alternatives |
| FIPS 140-2 | Security Requirements for Cryptographic Modules |
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-97 | Guide to IEEE 802.11i: Robust Security Networks |
| SP 800-96 | PIV Card / Reader Interoperability Guidelines |
| SP 800-87 | Codes for the Identification of Federal and Federally Assisted Organizations |
| SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| SP 800-78 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| SP 800-77 | Guide to IPSec VPNs |
| SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| SP 800-73 Rev 1 | Integrated Circuit Card for Personal Identification Verification |
| SP 800-72 | Guidelines on PDA Forensics |
| SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-63 | Recommendation for Electronic Authentication |
| SP 800-52 | Guidelines on the Selection and Use of Transport Layer Security |
| SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| SP 800-46 | Security for Telecommuting and Broadband Communications |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-32 | Introduction to Public Key Technology and the Federal PKI Infrastructure |
| SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
INCIDENT RESPONSE
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-92 | Guide to Computer Security Log Management |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-61 | Computer Security Incident Handling Guide |
| SP 800-50 | Building an Information Technology Security Awareness and Training Program |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-31 | Intrusion Detection Systems (IDSs) |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
MAINTENANCE
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-88 | Media Sanitization Guide |
| SP 800-77 | Guide to IPSec VPNs |
| SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
MEDIA PROTECTION
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-92 | Guide to Computer Security Log Management |
| SP 800-88 | Media Sanitization Guide |
| SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| SP 800-72 | Guidelines on PDA Forensics |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-57 | Recommendation on Key Management |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
PHYSICAL & ENVIRONMENTAL PROTECTION
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-96 | PIV Card / Reader Interoperability Guidelines |
| SP 800-92 | Guide to Computer Security Log Management |
| SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| SP 800-78 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| SP 800-73 Rev 1 | Integrated Circuit Card for Personal Identification Verification |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-58 | Security Considerations for Voice Over IP Systems |
| SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
PLANNING
| FIPS 201-1 | Personal Identity Verification for Federal Employees and Contractors |
|---|---|
| FIPS 200 | Security Controls for Federal Information Systems |
| FIPS 199 | Standards for Security Categorization of Federal Information and Information Systems |
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-89 | Recommendation for Obtaining Assurances for Digital Signature Applications |
| SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-65 | Integrating Security into the Capital Planning and Investment Control Process |
| SP 800-64 | Security Considerations in the Information System Development Life Cycle |
| SP 800-58 | Security Considerations for Voice Over IP Systems |
| SP 800-57 | Recommendation on Key Management |
| SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| SP 800-46 | Security for Telecommuting and Broadband Communications |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-42 | Guideline on Network Security Testing |
| SP 800-41 | Guidelines on Firewalls and Firewall Policy |
| SP 800-40, Ver 2 | Creating a Patch and Vulnerability Management Program |
| SP 800-40 | Procedures for Handling Security Patches |
| SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| SP 800-33 | Underlying Technical Models for Information Technology Security |
| SP 800-32 | Introduction to Public Key Technology and the Federal PKI Infrastructure |
| SP 800-31 | Intrusion Detection Systems (IDSs) |
| SP 800-30 | Risk Management Guide for Information Technology Systems |
| SP 800-27 | Engineering Principles for Information Technology Security (A Baseline for Achieving Security) |
| SP 800-26 | Security Self-Assessment Guide for Information Technology Systems |
| SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| SP 800-19 | Mobile Agent Security |
| SP 800-18 | Guide for Developing Security Plans for Information Technology Systems |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
PERSONNEL SECURITY
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
RISK ASSESSMENT
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| FIPS 199 | Standards for Security Categorization of Federal Information and Information Systems |
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-65 | Integrating Security into the Capital Planning and Investment Control Process |
| SP 800-63 | Recommendation for Electronic Authentication |
| SP 800-60 | Guide for Mapping Types of Information and Information Systems to Security Categories |
| SP 800-59 | Guideline for Identifying an Information System as a National Security System |
| SP 800-53A | Guide for Assessing the Security Controls in Federal Information Systems |
| SP 800-51 | Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme |
| SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| SP 800-46 | Security for Telecommuting and Broadband Communications |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-42 | Guideline on Network Security Testing |
| SP 800-40, Ver 2 | Creating a Patch and Vulnerability Management Program |
| SP 800-40 | Procedures for Handling Security Patches |
| SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| SP 800-32 | Introduction to Public Key Technology and the Federal PKI Infrastructure |
| SP 800-31 | Intrusion Detection Systems (IDSs) |
| SP 800-30 | Risk Management Guide for Information Technology Systems |
| SP 800-28 | Guidelines on Active Content and Mobile Code |
| SP 800-26 | Security Self-Assessment Guide for Information Technology Systems |
| SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| SP 800-23 | Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products |
| SP 800-19 | Mobile Agent Security |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-13 | Telecommunications Security Guidelines for Telecommunications Management Network |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
SYSTEM & SERVICES ACQUISITION
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-97 | Guide to IEEE 802.11i: Robust Security Networks |
| SP 800-85 | PIV Middleware and PIV Card Application Conformance Test Guidelines |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-65 | Integrating Security into the Capital Planning and Investment Control Process |
| SP 800-64 | Security Considerations in the Information System Development Life Cycle |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-35 | Guide to Information Technology Security Services |
| SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| SP 800-33 | Underlying Technical Models for Information Technology Security |
| SP 800-31 | Intrusion Detection Systems (IDSs) |
| SP 800-30 | Risk Management Guide for Information Technology Systems |
| SP 800-27 | Engineering Principles for Information Technology Security (A Baseline for Achieving Security) |
| SP 800-23 | Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products |
| SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
SYSTEM & COMMUNICATION PROTECTION
| FIPS 201-1 | Personal Identity Verification for Federal Employees and Contractors |
|---|---|
| FIPS 200 | Security Controls for Federal Information Systems |
| FIPS 198 | The Keyed-Hash Message Authentication Code (HMAC) |
| FIPS 197 | Advanced Encryption Standard |
| FIPS 190 | Guideline for the Use of Advanced Authentication Technology Alternatives |
| FIPS 186-3 | Digital Signature Standard (DSS) |
| FIPS 180-2 | Secure Hash Standard (SHS) |
| FIPS 140-2 | Security Requirements for Cryptographic Modules |
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-97 | Guide to IEEE 802.11i: Robust Security Networks |
| SP 800-90 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators |
| SP 800-89 | Recommendation for Obtaining Assurances for Digital Signature Applications |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| SP 800-78 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| SP 800-77 | Guide to IPSec VPNs |
| SP 800-73 Rev 1 | Integrated Circuit Card for Personal Identification Verification |
| SP 800-70 | Security Configuration Checklists Program for IT Products |
| SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| SP 800-67 | Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-58 | Security Considerations for Voice Over IP Systems |
| SP 800-57 | Recommendation on Key Management |
| SP 800-56A | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography |
| SP 800-52 | Guidelines on the Selection and Use of Transport Layer Security |
| SP 800-49 | Federal S/MIME V3 Client Profile |
| SP 800-46 | Security for Telecommuting and Broadband Communications |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-41 | Guidelines on Firewalls and Firewall Policy |
| SP 800-38D | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication |
| SP 800-38C | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality |
| SP 800-38B | Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode |
| SP 800-38A | Recommendation for Block Cipher Modes of Operation - Methods and Techniques |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-32 | Introduction to Public Key Technology and the Federal PKI Infrastructure |
| SP 800-29 | A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 |
| SP 800-28 | Guidelines on Active Content and Mobile Code |
| SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| SP 800-22 | A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications |
| SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| SP 800-20 | Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures |
| SP 800-19 | Mobile Agent Security |
| SP 800-17 | Modes of Operation Validation System (MOVS): Requirements and Procedures |
| SP 800-15 | Minimum Interoperability Specification for PKI Components (MISPC), Version 1 |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
SYSTEM & INFORMATION INTEGRITY
| FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| SP 800-100 | Information Security Handbook for Managers |
| SP 800-92 | Guide to Computer Security Log Management |
| SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| SP 800-85 | PIV Middleware and PIV Card Application Conformance Test Guidelines |
| SP 800-83 | Guide to Malware Incident Prevention and Handling |
| SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| SP 800-61 | Computer Security Incident Handling Guide |
| SP 800-57 | Recommendation on Key Management |
| SP 800-51 | Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme |
| SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| SP 800-45 | Guidelines on Electronic Mail Security |
| SP 800-44 | Guidelines on Securing Public Web Servers |
| SP 800-43 | Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System |
| SP 800-42 | Guideline on Network Security Testing |
| SP 800-36 | Guide to Selecting Information Technology Security Products |
| SP 800-31 | Intrusion Detection Systems (IDSs) |
| SP 800-28 | Guidelines on Active Content and Mobile Code |
| SP 800-19 | Mobile Agent Security |
| SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
