Introduction

For many years, the Computer Security Division has made great contributions to help secure our nation's information and information systems. Our work has paralleled the evolution of information technology (IT), initially focused principally on mainframe computers, to now encompass today's wide gamut of (IT) devices.

Currently, there are over 250 NIST information security documents. This number includes Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, Information Technology Laboratory (ITL) Bulletins, and NIST Interagency Reports (NISTIR). These documents are typically listed by publication type and number or by month and year in the case of the ITL Bulletins. This can make finding a document difficult if the number or date is not known.

In order to make NIST information security documents more accessible, especially to those just entering the security field or with limited needs for the documents, we are presenting this Guide. In addition to being listed by type and number, this will present the documents using three approaches to ease searching:

• by Topic Cluster
• by Family
• by Legal Requirement

Several people looking for documents regarding Federal employee identification badges might approach their search in drastically different ways. One person might look for the legal basis behind the badges, HSPD-12 (Homeland Security Presidential Directive 12). HSPD-12 is listed in the legal requirement list. Another might look for "PIV" (personal identification verification), and they could find it under the topic clusters. Another might look for "Identification and Authentication," and they would find it under the family list. Yet another person might look for "smart card" or "biometrics," both of which are under the topic clusters.

It needs to be understood, however, that documents are not generally mapped to every topic mentioned in the document. For instance, SP 800-66, An Introductory Resource Guide for implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule deals with topics such as contingency plans and incident response. However, SP 800-66 is not considered an essential document when looking for documents about contingency plans or incident response.

The Guide will be updated on a bi-annual basis to include new documents, topic clusters, and legal requirements, as well as to update any shifts in document mapping that is appropriate.

NIST INFORMATION SECURITY DOCUMENTS

The Federal Information Processing Standards (FIPS) Publication Series is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002.

The Special Publication 800-series reports on ITL's research, guidelines, and outreach efforts in information system security and its collaborative activities with industry, government, and academic organizations.

ITL Bulletins are published by the Information Technology Laboratory. Each bulletin presents an in-depth discussion of a single topic of significant interest to the information systems community. Bulletins are issued on an as-needed basis.

The NIST Interagency Report series may report results of projects of transitory or limited interest. They may also include interim or final reports on work performed by NIST for outside sponsors (both government and non-government).