Guide to NIST Security Documents Families-Improved
Contents
- 1 Families
- 1.1 Access Control
- 1.2 Awareness And Training
- 1.3 Audit And Accountability
- 1.4 Certification, Accreditation And Security Assessments
- 1.5 Configuration Management
- 1.6 Contingency Planning
- 1.7 Identification And Authentication
- 1.8 Incident Response
- 1.9 Maintenance
- 1.10 Media Protection
- 1.11 Physical And Environmental Protection
- 1.12 Planning
- 1.13 Personnel Security
- 1.14 Risk Assessment
- 1.15 System And Services Acquisition
- 1.16 System And Communication Protection
- 1.17 System And Information Integrity
Families
The Family categories are identical to the control families found in FIPS 200, SP 800-53, and other related documents. These Family lists mirror the document crosswalk from SP 800-53, Revision 1.
Access Control
| NIST FIPS 201-1 | Personal Identity Verification for Federal Employees and Contractors |
|---|---|
| NIST FIPS 200 | Security Controls for Federal Information Systems |
| NIST FIPS 188 | Standard Security Labels for Information Transfer |
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-97 | Guide to IEEE 802.11i: Robust Security Networks |
| NIST SP 800-96 | PIV Card / Reader Interoperability Guidelines |
| NIST SP 800-87 | Codes for the Identification of Federal and Federally Assisted Organizations |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| NIST SP 800-78 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| NIST SP 800-77 | Guide to IPSec VPNs |
| NIST SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| NIST SP 800-73 Rev 1 | Integrated Circuit Card for Personal Identification Verification |
| NIST SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-58 | Security Considerations for Voice Over IP Systems |
| NIST SP 800-57 | Recommendation on Key Management |
| NIST SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| NIST SP 800-46 | Security for Telecommuting and Broadband Communications |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-43 | Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System |
| NIST SP 800-41 | Guidelines on Firewalls and Firewall Policy |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-28 | Guidelines on Active Content and Mobile Code |
| NIST SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| NIST SP 800-19 | Mobile Agent Security |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook Families |
Awareness And Training
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-50 | Building an Information Technology Security Awareness and Training Program |
| NIST SP 800-40 | Procedures for Handling Security Patches |
| NIST SP 800-31 | Intrusion Detection Systems (IDSs) |
| NIST SP 800-16 | Information Technology Security Training Requirements: A Role- and Performance-Based Model |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Audit And Accountability
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST FIPS 198 | The Keyed-Hash Message Authentication Code (HMAC) |
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-92 | Guide to Computer Security Log Management |
| NIST SP 800-89 | Recommendation for Obtaining Assurances for Digital Signature Applications |
| NIST SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-72 | Guidelines on PDA Forensics |
| NIST SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-57 | Recommendation on Key Management |
| NIST SP 800-52 | Guidelines on the Selection and Use of Transport Layer Security |
| NIST SP 800-49 | Federal S/MIME V3 Client Profile |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-42 | Guideline on Network Security Testing |
| NIST SP 800-19 | Mobile Agent Security |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Certification, Accreditation And Security Assessments
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-85 | PIV Middleware and PIV Card Application Conformance Test Guidelines |
| NIST SP 800-79 | Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations |
| NIST SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-65 | Integrating Security into the Capital Planning and Investment Control Process |
| NIST SP 800-55 | Security Metrics Guide for Information Technology Systems |
| NIST SP 800-53A | Guide for Assessing the Security Controls in Federal Information Systems |
| NIST SP 800-47 | Security Guide for Interconnecting Information Technology Systems |
| NIST SP 800-42 | Guideline on Network Security Testing |
| NIST SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-35 | Guide to Information Technology Security Services |
| NIST SP 800-30 | Risk Management Guide for Information Technology Systems |
| NIST SP 800-26 | Security Self-Assessment Guide for Information Technology Systems |
| NIST SP 800-23 | Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products |
| NIST SP 800-22 | A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications |
| NIST SP 800-20 | Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures |
| NIST SP 800-18 | Guide for Developing Security Plans for Information Technology Systems |
| NIST SP 800-17 | Modes of Operation Validation System (MOVS): Requirements and Procedures |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Configuration Management
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| NIST SP 800-70 | Security Configuration Checklists Program for IT Products |
| NIST SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| NIST SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| NIST SP 800-46 | Security for Telecommuting and Broadband Communications |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-43 | Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System |
| NIST SP 800-40 | Procedures for Handling Security Patches |
| NIST SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| NIST SP 800-35 | Guide to Information Technology Security Services |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Contingency Planning
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-57 | Recommendation on Key Management |
| NIST SP 800-56A | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography |
| NIST SP 800-50 | Building an Information Technology Security Awareness and Training Program |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-43 | Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System |
| NIST SP 800-41 | Guidelines on Firewalls and Firewall Policy |
| NIST SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| NIST SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| NIST SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| NIST SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-13 | Telecommunications Security Guidelines for Telecommunications Management Network |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Identification And Authentication
| NIST FIPS 201-1 | Personal Identity Verification for Federal Employees and Contractors |
|---|---|
| NIST FIPS 200 | Security Controls for Federal Information Systems |
| NIST FIPS 190 | Guideline for the Use of Advanced Authentication Technology Alternatives |
| NIST FIPS 140-2 | Security Requirements for Cryptographic Modules |
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-97 | Guide to IEEE 802.11i: Robust Security Networks |
| NIST SP 800-96 | PIV Card / Reader Interoperability Guidelines |
| NIST SP 800-87 | Codes for the Identification of Federal and Federally Assisted Organizations |
| NIST SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| NIST SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| NIST SP 800-78 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| NIST SP 800-77 | Guide to IPSec VPNs |
| NIST SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| NIST SP 800-73 Rev 1 | Integrated Circuit Card for Personal Identification Verification |
| NIST SP 800-72 | Guidelines on PDA Forensics |
| NIST SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-63 | Recommendation for Electronic Authentication |
| NIST SP 800-52 | Guidelines on the Selection and Use of Transport Layer Security |
| NIST SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| NIST SP 800-46 | Security for Telecommuting and Broadband Communications |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-32 | Introduction to Public Key Technology and the Federal PKI Infrastructure |
| NIST SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| NIST SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Incident Response
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-92 | Guide to Computer Security Log Management |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-61 | Computer Security Incident Handling Guide |
| NIST SP 800-50 | Building an Information Technology Security Awareness and Training Program |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-31 | Intrusion Detection Systems (IDSs) |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Maintenance
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-88 | Media Sanitization Guide |
| NIST SP 800-77 | Guide to IPSec VPNs |
| NIST SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| NIST SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Media Protection
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-92 | Guide to Computer Security Log Management |
| NIST SP 800-88 | Media Sanitization Guide |
| NIST SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| NIST SP 800-72 | Guidelines on PDA Forensics |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-57 | Recommendation on Key Management |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Physical And Environmental Protection
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-96 | PIV Card / Reader Interoperability Guidelines |
| NIST SP 800-92 | Guide to Computer Security Log Management |
| NIST SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| NIST SP 800-78 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| NIST SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| NIST SP 800-73 Rev 1 | Integrated Circuit Card for Personal Identification Verification |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-58 | Security Considerations for Voice Over IP Systems |
| NIST SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Planning
| NIST FIPS 201-1 | Personal Identity Verification for Federal Employees and Contractors |
|---|---|
| NIST FIPS 200 | Security Controls for Federal Information Systems |
| NIST FIPS 199 | Standards for Security Categorization of Federal Information and Information Systems |
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-89 | Recommendation for Obtaining Assurances for Digital Signature Applications |
| NIST SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-65 | Integrating Security into the Capital Planning and Investment Control Process |
| NIST SP 800-64 | Security Considerations in the Information System Development Life Cycle |
| NIST SP 800-58 | Security Considerations for Voice Over IP Systems |
| NIST SP 800-57 | Recommendation on Key Management |
| NIST SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| NIST SP 800-46 | Security for Telecommuting and Broadband Communications |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-42 | Guideline on Network Security Testing |
| NIST SP 800-41 | Guidelines on Firewalls and Firewall Policy |
| SP 800-40, Ver 2 | Creating a Patch and Vulnerability Management Program |
| NIST SP 800-40 | Procedures for Handling Security Patches |
| NIST SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| NIST SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| NIST SP 800-33 | Underlying Technical Models for Information Technology Security |
| NIST SP 800-32 | Introduction to Public Key Technology and the Federal PKI Infrastructure |
| NIST SP 800-31 | Intrusion Detection Systems (IDSs) |
| NIST SP 800-30 | Risk Management Guide for Information Technology Systems |
| NIST SP 800-27 | Engineering Principles for Information Technology Security (A Baseline for Achieving Security) |
| NIST SP 800-26 | Security Self-Assessment Guide for Information Technology Systems |
| NIST SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| NIST SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| NIST SP 800-19 | Mobile Agent Security |
| NIST SP 800-18 | Guide for Developing Security Plans for Information Technology Systems |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Personnel Security
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
Risk Assessment
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST FIPS 199 | Standards for Security Categorization of Federal Information and Information Systems |
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-65 | Integrating Security into the Capital Planning and Investment Control Process |
| NIST SP 800-63 | Recommendation for Electronic Authentication |
| NIST SP 800-60 | Guide for Mapping Types of Information and Information Systems to Security Categories |
| NIST SP 800-59 | Guideline for Identifying an Information System as a National Security System |
| NIST SP 800-53A | Guide for Assessing the Security Controls in Federal Information Systems |
| NIST SP 800-51 | Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme |
| NIST SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| NIST SP 800-46 | Security for Telecommuting and Broadband Communications |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-42 | Guideline on Network Security Testing |
| SP 800-40, Ver 2 | Creating a Patch and Vulnerability Management Program |
| NIST SP 800-40 | Procedures for Handling Security Patches |
| NIST SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| NIST SP 800-32 | Introduction to Public Key Technology and the Federal PKI Infrastructure |
| NIST SP 800-31 | Intrusion Detection Systems (IDSs) |
| NIST SP 800-30 | Risk Management Guide for Information Technology Systems |
| NIST SP 800-28 | Guidelines on Active Content and Mobile Code |
| NIST SP 800-26 | Security Self-Assessment Guide for Information Technology Systems |
| NIST SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| NIST SP 800-24 | PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does |
| NIST SP 800-23 | Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products |
| NIST SP 800-19 | Mobile Agent Security |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-13 | Telecommunications Security Guidelines for Telecommunications Management Network |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
System And Services Acquisition
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-97 | Guide to IEEE 802.11i: Robust Security Networks |
| NIST SP 800-85 | PIV Middleware and PIV Card Application Conformance Test Guidelines |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-76 | Biometric Data Specification for Personal Identity Verification |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-65 | Integrating Security into the Capital Planning and Investment Control Process |
| NIST SP 800-64 | Security Considerations in the Information System Development Life Cycle |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-35 | Guide to Information Technology Security Services |
| NIST SP 800-34 | Contingency Planning Guide for Information Technology Systems |
| NIST SP 800-33 | Underlying Technical Models for Information Technology Security |
| NIST SP 800-31 | Intrusion Detection Systems (IDSs) |
| NIST SP 800-30 | Risk Management Guide for Information Technology Systems |
| NIST SP 800-27 | Engineering Principles for Information Technology Security (A Baseline for Achieving Security) |
| NIST SP 800-23 | Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products |
| NIST SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
System And Communication Protection
| NIST FIPS 201-1 | Personal Identity Verification for Federal Employees and Contractors |
|---|---|
| NIST FIPS 200 | Security Controls for Federal Information Systems |
| NIST FIPS 198 | The Keyed-Hash Message Authentication Code (HMAC) |
| NIST FIPS 197 | Advanced Encryption Standard |
| NIST FIPS 190 | Guideline for the Use of Advanced Authentication Technology Alternatives |
| NIST FIPS 186-3 | Digital Signature Standard (DSS) |
| NIST FIPS 180-2 | Secure Hash Standard (SHS) |
| NIST FIPS 140-2 | Security Requirements for Cryptographic Modules |
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-97 | Guide to IEEE 802.11i: Robust Security Networks |
| NIST SP 800-90 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators |
| NIST SP 800-89 | Recommendation for Obtaining Assurances for Digital Signature Applications |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-81 | Secure Domain Name System (DNS) Deployment Guide |
| NIST SP 800-78 | Cryptographic Algorithms and Key Sizes for Personal Identity Verification |
| NIST SP 800-77 | Guide to IPSec VPNs |
| NIST SP 800-73 Rev 1 | Integrated Circuit Card for Personal Identification Verification |
| NIST SP 800-70 | Security Configuration Checklists Program for IT Products |
| NIST SP 800-68 | Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist |
| NIST SP 800-67 | Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-58 | Security Considerations for Voice Over IP Systems |
| NIST SP 800-57 | Recommendation on Key Management |
| NIST SP 800-56A | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography |
| NIST SP 800-52 | Guidelines on the Selection and Use of Transport Layer Security |
| NIST SP 800-49 | Federal S/MIME V3 Client Profile |
| NIST SP 800-46 | Security for Telecommuting and Broadband Communications |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-41 | Guidelines on Firewalls and Firewall Policy |
| NIST SP 800-38D | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication |
| NIST SP 800-38C | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality |
| NIST SP 800-38B | Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode |
| NIST SP 800-38A | Recommendation for Block Cipher Modes of Operation - Methods and Techniques |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-32 | Introduction to Public Key Technology and the Federal PKI Infrastructure |
| NIST SP 800-29 | A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 |
| NIST SP 800-28 | Guidelines on Active Content and Mobile Code |
| NIST SP 800-25 | Federal Agency Use of Public Key Technology for Digital Signatures and Authentication |
| NIST SP 800-22 | A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications |
| NIST SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| NIST SP 800-20 | Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures |
| NIST SP 800-19 | Mobile Agent Security |
| NIST SP 800-17 | Modes of Operation Validation System (MOVS): Requirements and Procedures |
| NIST SP 800-15 | Minimum Interoperability Specification for PKI Components (MISPC), Version 1 |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
System And Information Integrity
| NIST FIPS 200 | Security Controls for Federal Information Systems |
|---|---|
| NIST SP 800-100 | Information Security Handbook for Managers |
| NIST SP 800-92 | Guide to Computer Security Log Management |
| NIST SP 800-86 | Guide to Integrating Forensic Techniques into Incident Response |
| NIST SP 800-85 | PIV Middleware and PIV Card Application Conformance Test Guidelines |
| NIST SP 800-83 | Guide to Malware Incident Prevention and Handling |
| NIST SP 800-66 | An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST SP 800-61 | Computer Security Incident Handling Guide |
| NIST SP 800-57 | Recommendation on Key Management |
| NIST SP 800-51 | Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme |
| NIST SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| NIST SP 800-45 | Guidelines on Electronic Mail Security |
| NIST SP 800-44 | Guidelines on Securing Public Web Servers |
| NIST SP 800-43 | Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System |
| NIST SP 800-42 | Guideline on Network Security Testing |
| NIST SP 800-36 | Guide to Selecting Information Technology Security Products |
| NIST SP 800-31 | Intrusion Detection Systems (IDSs) |
| NIST SP 800-28 | Guidelines on Active Content and Mobile Code |
| NIST SP 800-19 | Mobile Agent Security |
| NIST SP 800-14 | Generally Accepted Principles and Practices for Securing Information Technology Systems |
| NIST SP 800-12 | An Introduction to Computer Security: The NIST Handbook |
