Search | CSRC

Search | CSRC
You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
Official websites use .gov
.gov
website belongs to an official government
organization in the United States.
Secure .gov websites use HTTPS
lock
) or
means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.
Information Technology Laboratory
Computer Security Resource Center
Current Publications
NIST Series Pubs
Final Pubs
Drafts Open for Comment
Drafts
(all)
View By Series
FIPS
(standards)
SP 800
(guidance)
SP 1800
(practice guides)
SP
(all subseries)
IR
(interagency/internal reports)
CSWP
(cybersecurity white papers)
ITL Bulletins
Other Pubs
Project Descriptions
Journal Articles
Conference Papers
Books
Other
Final:
Current list of all published NIST cybersecurity documents.
Does not include "Withdrawn" documents. Includes FIPS, Special Publications, NISTIRs, ITL Bulletins, and NIST Cybersecurity White Papers.
Public Drafts:
Current list of all draft NIST cybersecurity documents--they are typically posted for public comment.
"Current" public drafts are the latest draft versions that have not yet been published as "Final."
FIPS:
Current Federal Information Processing Standard Publications (FIPS).
Includes current (Final and Draft) FIPS.
SP 800 Series:
Current NIST Special Publication (SP) 800 series publications, which focus on Computer/Information Security.
Includes current (Final and Draft) SP 800 pubs.
All SP Series:
Current NIST Special Publications (SP), including SP 800 (Computer/Information Security) and SP 1800
(Cybersecurity Practice Guides) pubs. Also includes SP 500 (Computer Systems Technology) pubs related to cybersecurity and privacy.
Includes current (Final and Draft) NIST Special Publications.
NISTIRs:
Current list of NIST Interagency or Internal Reports (NISTIR) related to cybersecurity and privacy.
Includes current (Final and Draft) NISTIRs.
ITL Bulletins:
Current list of NIST Information Technology Laboratory (ITL) Bulletins.
White Papers:
Consists of NIST Cybersecurity White Papers; NCCoE Project Descriptions, Building Blocks and Use Cases; and
other NIST-authored papers that are not part of a formal series.
Includes current (Final and Draft) papers.
Journal Articles:
NIST-authored articles published in external journals and in the NIST Journal of Research (JRES).
Conference Papers:
NIST-authored conference papers related to cybersecurity and privacy.
Books:
NIST-authored books, book sections, and encyclopedia entries related to cybersecurity and privacy.
Search Results
Showing
313
matching records.
Series
Number
Title
Publications
Status
Release Date
SP
1800-43
Genomic Data Threat Modeling
SP 1800-43 (Initial Public Draft)
Genomic Data Threat Modeling
8/05/2025
Status:
Draft
Draft
8/05/2025
SP
1800-42
Digital Identities – Mobile Driver’s License (mDL): Accelerating Development and Adoption of Digital Identity for Financial Institutions
SP 1800-42 (Initial Public Draft)
Digital Identities – Mobile Driver’s License (mDL): Accelerating Development and Adoption of Digital Identity for Financial Institutions
3/18/2026
Status:
Draft
Draft
3/18/2026
SP
1800-40
Automation of the NIST Cryptographic Module Validation Program
SP 1800-40 (Initial Public Draft)
Automation of the NIST Cryptographic Module Validation Program
4/15/2026
Status:
Draft
Draft
4/15/2026
SP
1800-40
Automation of the NIST Cryptographic Module Validation Program
SP 1800-40 (Initial Preliminary Draft)
Automation of the NIST Cryptographic Module Validation Program
6/07/2023
Status:
Draft
Draft
6/07/2023
SP
1800-39
Data Classification Practices
SP 1800-39 (Initial Public Draft)
Data Classification Practices
2/12/2026
Status:
Draft
Draft
2/12/2026
SP
1800-39
Implementing Data Classification Practices
SP 1800-39 (Initial Preliminary Draft)
Implementing Data Classification Practices
4/25/2023
Status:
Draft
Draft
4/25/2023
SP
1800-38
Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography
SP 1800-38 (Initial Preliminary Draft)
Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography
12/19/2023
Status:
Draft
Draft
12/19/2023
SP
1800-37
Addressing Visibility Challenges with TLS 1.3 within the Enterprise: High-Level Document
SP 1800-37 (Final)
Addressing Visibility Challenges with TLS 1.3 within the Enterprise: High-Level Document
9/17/2025
Status:
Final
Final
9/17/2025
SP
1800-36
Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security
SP 1800-36 (Final)
Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security
11/25/2025
Status:
Final
Final
11/25/2025
SP
1800-35
Implementing a Zero Trust Architecture: High-Level Document
SP 1800-35 (Final)
Implementing a Zero Trust Architecture: High-Level Document
6/10/2025
Status:
Final
Final
6/10/2025
SP
1800-34
Validating the Integrity of Computing Devices
SP 1800-34 (Final)
Validating the Integrity of Computing Devices
12/09/2022
Status:
Final
Final
12/09/2022
SP
1800-33
5G Cybersecurity
SP 1800-33 (Initial Public Draft)
5G Cybersecurity
3/18/2025
Status:
Draft
Draft
3/18/2025
SP
1800-33
5G Cybersecurity
SP 1800-33 (Initial Preliminary Draft)
5G Cybersecurity
4/25/2022
Status:
Draft
Draft
4/25/2022
SP
1800-32
Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity
SP 1800-32 (Final)
Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity
2/02/2022
Status:
Final
Final
2/02/2022
SP
1800-31
Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways
SP 1800-31 (Final)
Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways
4/06/2022
Status:
Final
Final
4/06/2022
SP
1800-30
Securing Telehealth Remote Patient Monitoring Ecosystem
SP 1800-30 (Final)
Securing Telehealth Remote Patient Monitoring Ecosystem
2/22/2022
Status:
Final
Final
2/22/2022
SP
1800-29
Data Confidentiality: Detect, Respond to, and Recover from Data Breaches
SP 1800-29 (Final)
Data Confidentiality: Detect, Respond to, and Recover from Data Breaches
2/23/2024
Status:
Final
Final
2/23/2024
SP
1800-28
Data Confidentiality: Identifying and Protecting Assets Against Data Breaches
SP 1800-28 (Final)
Data Confidentiality: Identifying and Protecting Assets Against Data Breaches
2/23/2024
Status:
Final
Final
2/23/2024
SP
1800-27
Securing Property Management Systems
SP 1800-27 (Final)
Securing Property Management Systems
3/30/2021
Status:
Final
Final
3/30/2021
SP
1800-26
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
SP 1800-26 (Final)
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
12/08/2020
Status:
Final
Final
12/08/2020
SP
1800-25
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
SP 1800-25 (Final)
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
12/08/2020
Status:
Final
Final
12/08/2020
SP
1800-24
Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector
SP 1800-24 (Final)
Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector
12/21/2020
Status:
Final
Final
12/21/2020
SP
1800-23
Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry
SP 1800-23 (Final)
Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry
5/20/2020
Status:
Final
Final
5/20/2020
SP
1800-22
Mobile Device Security: Bring Your Own Device (BYOD)
SP 1800-22 (Final)
Mobile Device Security: Bring Your Own Device (BYOD)
9/28/2023
Status:
Final
Final
9/28/2023
SP
1800-21
Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)
SP 1800-21 (Final)
Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)
9/15/2020
Status:
Final
Final
9/15/2020
SP
1800-19
Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments
SP 1800-19 (Final)
Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments
4/20/2022
Status:
Final
Final
4/20/2022
SP
1800-17
Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers
SP 1800-17 (Final)
Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers
7/30/2019
Status:
Final
Final
7/30/2019
SP
1800-16
Securing Web Transactions: TLS Server Certificate Management
SP 1800-16 (Final)
Securing Web Transactions: TLS Server Certificate Management
6/16/2020
Status:
Final
Final
6/16/2020
SP
1800-15
Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)
SP 1800-15 (Final)
Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)
5/26/2021
Status:
Final
Final
5/26/2021
SP
1800-14
Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation
SP 1800-14 (Final)
Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation
6/28/2019
Status:
Final
Final
6/28/2019
SP
1800-13
Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders
SP 1800-13 (Final)
Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders
8/25/2021
Status:
Final
Final
8/25/2021
SP
1800-12
Derived Personal Identity Verification (PIV) Credentials
SP 1800-12 (Final)
Derived Personal Identity Verification (PIV) Credentials
8/27/2019
Status:
Final
Final
8/27/2019
SP
1800-11
Data Integrity: Recovering from Ransomware and Other Destructive Events
SP 1800-11 (Final)
Data Integrity: Recovering from Ransomware and Other Destructive Events
9/22/2020
Status:
Final
Final
9/22/2020
SP
1800-10
Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector
SP 1800-10 (Final)
Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector
3/16/2022
Status:
Final
Final
3/16/2022
SP
1800-8
Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
SP 1800-8 (Final)
Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
8/17/2018
Status:
Final
Final
8/17/2018
SP
1800-7
Situational Awareness for Electric Utilities
SP 1800-7 (Final)
Situational Awareness for Electric Utilities
8/07/2019
Status:
Final
Final
8/07/2019
SP
1800-6
Domain Name System-Based Electronic Mail Security
SP 1800-6 (Final)
Domain Name System-Based Electronic Mail Security
1/19/2018
Status:
Final
Final
1/19/2018
SP
1800-5
IT Asset Management
SP 1800-5 (Final)
IT Asset Management
9/07/2018
Status:
Final
Final
9/07/2018
SP
1800-4
Mobile Device Security: Cloud and Hybrid Builds
SP 1800-4 (Final)
Mobile Device Security: Cloud and Hybrid Builds
2/21/2019
Status:
Final
Final
2/21/2019
SP
1800-2
Identity and Access Management for Electric Utilities
SP 1800-2 (Final)
Identity and Access Management for Electric Utilities
7/13/2018
Status:
Final
Final
7/13/2018
SP
1800-1
Securing Electronic Health Records on Mobile Devices
SP 1800-1 (Final)
Securing Electronic Health Records on Mobile Devices
7/27/2018
Status:
Final
Final
7/27/2018
SP
1500-16
Improving Veteran Transitions to Civilian Cybersecurity Roles: Workshop Report
SP 1500-16 (Final)
Improving Veteran Transitions to Civilian Cybersecurity Roles: Workshop Report
8/20/2020
Status:
Final
Final
8/20/2020
SP
1500-4 Rev. 2
NIST Big Data Interoperability Framework: Volume 4, Security and Privacy Version 3
SP 1500-4 Rev. 2 (Final)
NIST Big Data Interoperability Framework: Volume 4, Security and Privacy Version 3
10/21/2019
Status:
Final
Final
10/21/2019
SP
1347
NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide
SP 1347 (Initial Public Draft)
NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide
3/23/2026
Status:
Draft
Draft
3/23/2026
SP
1334
Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments
SP 1334 (Final)
Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments
9/30/2025
Status:
Final
Final
9/30/2025
SP
1331
Quick-Start Guide for Using CSF 2.0 to Improve Management of Emerging Cybersecurity Risks
SP 1331 (Initial Public Draft)
Quick-Start Guide for Using CSF 2.0 to Improve Management of Emerging Cybersecurity Risks
8/21/2025
Status:
Draft
Draft
8/21/2025
SP
1326
NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick-Start Guide
SP 1326 (Initial Public Draft)
NIST Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick-Start Guide
10/30/2024
Status:
Draft
Draft
10/30/2024
SP
1318
Protecting Controlled Unclassified Information (CUI): NIST Special Publication 800-171, Revision 3. Small Business Primer
SP 1318 (Final)
Protecting Controlled Unclassified Information (CUI): NIST Special Publication 800-171, Revision 3. Small Business Primer
8/18/2025
Status:
Final
Final
8/18/2025
SP
1314
NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide: A Comprehensive, Flexible, Risk-Based Approach to Managing Information Security and Privacy Risk
SP 1314 (Final)
NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide: A Comprehensive, Flexible, Risk-Based Approach to Managing Information Security and Privacy Risk
7/23/2024
Status:
Final
Final
7/23/2024
SP
1308
NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide
SP 1308 (Final)
NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide
3/23/2026
Status:
Final
Final
3/23/2026
SP
1308
NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide
SP 1308 (2nd Public Draft)
NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide
11/24/2025
Status:
Draft
Draft
11/24/2025
SP
1305
NIST Cybersecurity Framework 2.0: Quick-Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM)
SP 1305 (Final)
NIST Cybersecurity Framework 2.0: Quick-Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM)
10/21/2024
Status:
Final
Final
10/21/2024
SP
1303
NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide
SP 1303 (Final)
NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide
10/21/2024
Status:
Final
Final
10/21/2024
SP
1302
NIST Cybersecurity Framework 2.0: Quick-Start Guide for Using the CSF Tiers
SP 1302 (Final)
NIST Cybersecurity Framework 2.0: Quick-Start Guide for Using the CSF Tiers
10/21/2024
Status:
Final
Final
10/21/2024
SP
1301
NIST Cybersecurity Framework 2.0: Quick-Start Guide for Creating and Using Organizational Profiles
SP 1301 (Final)
NIST Cybersecurity Framework 2.0: Quick-Start Guide for Creating and Using Organizational Profiles
2/26/2024
Status:
Final
Final
2/26/2024
SP
1300
NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide
SP 1300 (Final)
NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide
2/26/2024
Status:
Final
Final
2/26/2024
SP
1299
NIST Cybersecurity Framework 2.0: Resource and Overview Guide
SP 1299 (Final)
NIST Cybersecurity Framework 2.0: Resource and Overview Guide
2/26/2024
Status:
Final
Final
2/26/2024
SP
1288
Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges
SP 1288 (Final)
Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges
1/11/2023
Status:
Final
Final
1/11/2023
SP
1271
Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide
SP 1271 (Final)
Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide
8/06/2021
Status:
Final
Final
8/06/2021
SP
800-236
Fiscal Year 2024 Cybersecurity and Privacy Annual Report
SP 800-236 (Final)
Fiscal Year 2024 Cybersecurity and Privacy Annual Report
4/28/2025
Status:
Final
Final
4/28/2025
SP
800-234
High-Performance Computing (HPC) Security Overlay
SP 800-234 (Initial Public Draft)
High-Performance Computing (HPC) Security Overlay
5/01/2025
Status:
Draft
Draft
5/01/2025
SP
800-233
Service Mesh Proxy Models for Cloud-Native Applications
SP 800-233 (Final)
Service Mesh Proxy Models for Cloud-Native Applications
10/16/2024
Status:
Final
Final
10/16/2024
SP
800-232
Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions
SP 800-232 (Final)
Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions
8/13/2025
Status:
Final
Final
8/13/2025
SP
800-231
Bug Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities
SP 800-231 (Final)
Bug Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities
7/30/2024
Status:
Final
Final
7/30/2024
SP
800-230
Additional SLH-DSA Parameter Sets for Limited Signature Use Cases
SP 800-230 (Initial Public Draft)
Additional SLH-DSA Parameter Sets for Limited Signature Use Cases
4/13/2026
Status:
Draft
Draft
4/13/2026
SP
800-229
Fiscal Year 2023 Cybersecurity and Privacy Annual Report
SP 800-229 (Final)
Fiscal Year 2023 Cybersecurity and Privacy Annual Report
5/20/2024
Status:
Final
Final
5/20/2024
SP
800-228
Guidelines for API Protection for Cloud-Native Systems
SP 800-228 (Final)
Guidelines for API Protection for Cloud-Native Systems
3/13/2026
Status:
Final
Final
3/13/2026
SP
800-227
Recommendations for Key-Encapsulation Mechanisms
SP 800-227 (Final)
Recommendations for Key-Encapsulation Mechanisms
9/18/2025
Status:
Final
Final
9/18/2025
SP
800-226
Guidelines for Evaluating Differential Privacy Guarantees
SP 800-226 (Final)
Guidelines for Evaluating Differential Privacy Guarantees
3/06/2025
Status:
Final
Final
3/06/2025
SP
800-225
Fiscal Year 2022 Cybersecurity and Privacy Annual Report
SP 800-225 (Final)
Fiscal Year 2022 Cybersecurity and Privacy Annual Report
5/30/2023
Status:
Final
Final
5/30/2023
SP
800-224
Keyed-Hash Message Authentication Code (HMAC): Specification of HMAC and Recommendations for Message Authentication
SP 800-224 (Initial Public Draft)
Keyed-Hash Message Authentication Code (HMAC): Specification of HMAC and Recommendations for Message Authentication
6/28/2024
Status:
Draft
Draft
6/28/2024
SP
800-223
High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture
SP 800-223 (Final)
High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture
2/09/2024
Status:
Final
Final
2/09/2024
SP
800-221A
Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio
SP 800-221A (Final)
Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio
11/17/2023
Status:
Final
Final
11/17/2023
SP
800-221
Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio
SP 800-221 (Final)
Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio
11/17/2023
Status:
Final
Final
11/17/2023
SP
800-220
Fiscal Year 2021 Cybersecurity and Privacy Annual Report
SP 800-220 (Final)
Fiscal Year 2021 Cybersecurity and Privacy Annual Report
9/26/2022
Status:
Final
Final
9/26/2022
SP
800-219 Rev. 1
Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)
SP 800-219 Rev. 1 (Final)
Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)
7/21/2023
Status:
Final
Final
7/21/2023
SP
800-218 Rev. 1
Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities
SP 800-218 Rev. 1 (Initial Public Draft)
Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities
12/17/2025
Status:
Draft
Draft
12/17/2025
SP
800-218A
Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile
SP 800-218A (Final)
Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile
7/26/2024
Status:
Final
Final
7/26/2024
SP
800-218
Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities
SP 800-218 (Final)
Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities
2/03/2022
Status:
Final
Final
2/03/2022
SP
800-217
Guidelines for Personal Identity Verification (PIV) Federation
SP 800-217 (Final Public Draft)
Guidelines for Personal Identity Verification (PIV) Federation
11/14/2024
Status:
Draft
Draft
11/14/2024
SP
800-216
Recommendations for Federal Vulnerability Disclosure Guidelines
SP 800-216 (Final)
Recommendations for Federal Vulnerability Disclosure Guidelines
5/24/2023
Status:
Final
Final
5/24/2023
SP
800-215
Guide to a Secure Enterprise Network Landscape
SP 800-215 (Final)
Guide to a Secure Enterprise Network Landscape
11/17/2022
Status:
Final
Final
11/17/2022
SP
800-214
2020 Cybersecurity and Privacy Annual Report
SP 800-214 (Final)
2020 Cybersecurity and Privacy Annual Report
9/28/2021
Status:
Final
Final
9/28/2021
SP
800-213A
IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog
SP 800-213A (Final)
IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog
11/29/2021
Status:
Final
Final
11/29/2021
SP
800-213
IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements
SP 800-213 (Final)
IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements
11/29/2021
Status:
Final
Final
11/29/2021
SP
800-211
2019 NIST/ITL Cybersecurity Program Annual Report
SP 800-211 (Final)
2019 NIST/ITL Cybersecurity Program Annual Report
8/24/2020
Status:
Final
Final
8/24/2020
SP
800-210
General Access Control Guidance for Cloud Systems
SP 800-210 (Final)
General Access Control Guidance for Cloud Systems
7/31/2020
Status:
Final
Final
7/31/2020
SP
800-209
Security Guidelines for Storage Infrastructure
SP 800-209 (Final)
Security Guidelines for Storage Infrastructure
10/26/2020
Status:
Final
Final
10/26/2020
SP
800-208
Recommendation for Stateful Hash-Based Signature Schemes
SP 800-208 (Final)
Recommendation for Stateful Hash-Based Signature Schemes
10/29/2020
Status:
Final
Final
10/29/2020
SP
800-207A
A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments
SP 800-207A (Final)
A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments
9/13/2023
Status:
Final
Final
9/13/2023
SP
800-207
Zero Trust Architecture
SP 800-207 (Final)
Zero Trust Architecture
8/11/2020
Status:
Final
Final
8/11/2020
SP
800-206
Annual Report 2018: NIST/ITL Cybersecurity Program
SP 800-206 (Final)
Annual Report 2018: NIST/ITL Cybersecurity Program
3/13/2020
Status:
Final
Final
3/13/2020
SP
800-205
Attribute Considerations for Access Control Systems
SP 800-205 (Final)
Attribute Considerations for Access Control Systems
6/18/2019
Status:
Final
Final
6/18/2019
SP
800-204D
Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines
SP 800-204D (Final)
Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines
2/12/2024
Status:
Final
Final
2/12/2024
SP
800-204C
Implementation of DevSecOps for a Microservices-based Application with Service Mesh
SP 800-204C (Final)
Implementation of DevSecOps for a Microservices-based Application with Service Mesh
3/08/2022
Status:
Final
Final
3/08/2022
SP
800-204B
Attribute-based Access Control for Microservices-based Applications using a Service Mesh
SP 800-204B (Final)
Attribute-based Access Control for Microservices-based Applications using a Service Mesh
8/06/2021
Status:
Final
Final
8/06/2021
SP
800-204A
Building Secure Microservices-based Applications Using Service-Mesh Architecture
SP 800-204A (Final)
Building Secure Microservices-based Applications Using Service-Mesh Architecture
5/27/2020
Status:
Final
Final
5/27/2020
SP
800-204
Security Strategies for Microservices-based Application Systems
SP 800-204 (Final)
Security Strategies for Microservices-based Application Systems
8/07/2019
Status:
Final
Final
8/07/2019
SP
800-203
2017 NIST/ITL Cybersecurity Program Annual Report
SP 800-203 (Final)
2017 NIST/ITL Cybersecurity Program Annual Report
7/02/2018
Status:
Final
Final
7/02/2018
SP
800-202
Quick Start Guide for Populating Mobile Test Devices
SP 800-202 (Final)
Quick Start Guide for Populating Mobile Test Devices
5/10/2018
Status:
Final
Final
5/10/2018
SP
800-201
NIST Cloud Computing Forensic Reference Architecture
SP 800-201 (Final)
NIST Cloud Computing Forensic Reference Architecture
7/30/2024
Status:
Final
Final
7/30/2024
SP
800-197A
PRE-DRAFT Call for Comments: NIST Launches Development of Cryptographic Accordions
SP 800-197A (Initial Preliminary Draft)
PRE-DRAFT Call for Comments: NIST Launches Development of Cryptographic Accordions
6/06/2025
Status:
Draft
Draft
6/06/2025
SP
800-197
PRE-DRAFT Call for Comments: NIST Proposes to Standardize a Wider Variant of AES
SP 800-197 (Initial Preliminary Draft)
PRE-DRAFT Call for Comments: NIST Proposes to Standardize a Wider Variant of AES
12/23/2024
Status:
Draft
Draft
12/23/2024
SP
800-195
2016 NIST/ITL Cybersecurity Program Annual Report
SP 800-195 (Final)
2016 NIST/ITL Cybersecurity Program Annual Report
9/28/2017
Status:
Final
Final
9/28/2017
SP
800-193
Platform Firmware Resiliency Guidelines
SP 800-193 (Final)
Platform Firmware Resiliency Guidelines
5/04/2018
Status:
Final
Final
5/04/2018
SP
800-192
Verification and Test Methods for Access Control Policies/Models
SP 800-192 (Final)
Verification and Test Methods for Access Control Policies/Models
6/27/2017
Status:
Final
Final
6/27/2017
SP
800-190
Application Container Security Guide
SP 800-190 (Final)
Application Container Security Guide
9/25/2017
Status:
Final
Final
9/25/2017
SP
800-189 Rev. 1
Border Gateway Protocol Security and Resilience
SP 800-189 Rev. 1 (Initial Public Draft)
Border Gateway Protocol Security and Resilience
1/03/2025
Status:
Draft
Draft
1/03/2025
SP
800-189
Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation
SP 800-189 (Final)
Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation
12/17/2019
Status:
Final
Final
12/17/2019
SP
800-188
De-Identifying Government Datasets: Techniques and Governance
SP 800-188 (Final)
De-Identifying Government Datasets: Techniques and Governance
9/14/2023
Status:
Final
Final
9/14/2023
SP
800-187
Guide to LTE Security
SP 800-187 (Final)
Guide to LTE Security
12/21/2017
Status:
Final
Final
12/21/2017
SP
800-186
Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters
SP 800-186 (Final)
Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters
2/03/2023
Status:
Final
Final
2/03/2023
SP
800-185
SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
SP 800-185 (Final)
SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
12/22/2016
Status:
Final
Final
12/22/2016
SP
800-184
Guide for Cybersecurity Event Recovery
SP 800-184 (Final)
Guide for Cybersecurity Event Recovery
12/22/2016
Status:
Final
Final
12/22/2016
SP
800-183
Networks of 'Things'
SP 800-183 (Final)
Networks of 'Things'
7/28/2016
Status:
Final
Final
7/28/2016
SP
800-182
Computer Security Division 2015 Annual Report
SP 800-182 (Final)
Computer Security Division 2015 Annual Report
8/10/2016
Status:
Final
Final
8/10/2016
SP
800-181 Rev. 1
Workforce Framework for Cybersecurity (NICE Framework)
SP 800-181 Rev. 1 (Final)
Workforce Framework for Cybersecurity (NICE Framework)
11/16/2020
Status:
Final
Final
11/16/2020
SP
800-178
A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
SP 800-178 (Final)
A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)
10/03/2016
Status:
Final
Final
10/03/2016
SP
800-177 Rev. 1
Trustworthy Email
SP 800-177 Rev. 1 (Final)
Trustworthy Email
2/26/2019
Status:
Final
Final
2/26/2019
SP
800-176
Computer Security Division 2014 Annual Report
SP 800-176 (Final)
Computer Security Division 2014 Annual Report
8/20/2015
Status:
Final
Final
8/20/2015
SP
800-175B Rev. 1
Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
SP 800-175B Rev. 1 (Final)
Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
3/31/2020
Status:
Final
Final
3/31/2020
SP
800-175A
Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
SP 800-175A (Final)
Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies
8/22/2016
Status:
Final
Final
8/22/2016
SP
800-172 Rev. 3
Enhanced Security Requirements for Protecting Controlled Unclassified Information
SP 800-172 Rev. 3 (Final Public Draft)
Enhanced Security Requirements for Protecting Controlled Unclassified Information
9/29/2025
Status:
Draft
Draft
9/29/2025
SP
800-172A Rev. 3
Assessing Enhanced Security Requirements for Controlled Unclassified Information
SP 800-172A Rev. 3 (Initial Public Draft)
Assessing Enhanced Security Requirements for Controlled Unclassified Information
9/29/2025
Status:
Draft
Draft
9/29/2025
SP
800-172A
Assessing Enhanced Security Requirements for Controlled Unclassified Information
SP 800-172A (Final)
Assessing Enhanced Security Requirements for Controlled Unclassified Information
3/15/2022
Status:
Final
Final
3/15/2022
SP
800-172
Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171
SP 800-172 (Final)
Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171
2/02/2021
Status:
Final
Final
2/02/2021
SP
800-171 Rev. 3
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
SP 800-171 Rev. 3 (Final)
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
5/14/2024
Status:
Final
Final
5/14/2024
SP
800-171A Rev. 3
Assessing Security Requirements for Controlled Unclassified Information
SP 800-171A Rev. 3 (Final)
Assessing Security Requirements for Controlled Unclassified Information
5/14/2024
Status:
Final
Final
5/14/2024
SP
800-170
Computer Security Division 2013 Annual Report
SP 800-170 (Final)
Computer Security Division 2013 Annual Report
9/04/2014
Status:
Final
Final
9/04/2014
SP
800-168
Approximate Matching: Definition and Terminology
SP 800-168 (Final)
Approximate Matching: Definition and Terminology
7/02/2014
Status:
Final
Final
7/02/2014
SP
800-167
Guide to Application Whitelisting
SP 800-167 (Final)
Guide to Application Whitelisting
10/28/2015
Status:
Final
Final
10/28/2015
SP
800-166
Derived PIV Application and Data Model Test Guidelines
SP 800-166 (Final)
Derived PIV Application and Data Model Test Guidelines
6/06/2016
Status:
Final
Final
6/06/2016
SP
800-165
Computer Security Division 2012 Annual Report
SP 800-165 (Final)
Computer Security Division 2012 Annual Report
7/22/2013
Status:
Final
Final
7/22/2013
SP
800-163 Rev. 1
Vetting the Security of Mobile Applications
SP 800-163 Rev. 1 (Final)
Vetting the Security of Mobile Applications
4/19/2019
Status:
Final
Final
4/19/2019
SP
800-162
Guide to Attribute Based Access Control (ABAC) Definition and Considerations
SP 800-162 (Final)
Guide to Attribute Based Access Control (ABAC) Definition and Considerations
8/02/2019
Status:
Final
Final
8/02/2019
SP
800-161 Rev. 1
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
SP 800-161 Rev. 1 (Final)
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
11/01/2024
Status:
Final
Final
11/01/2024
SP
800-160 Vol. 2 Rev. 1
Developing Cyber-Resilient Systems: A Systems Security Engineering Approach
SP 800-160 Vol. 2 Rev. 1 (Final)
Developing Cyber-Resilient Systems: A Systems Security Engineering Approach
12/09/2021
Status:
Final
Final
12/09/2021
SP
800-160 Vol. 1 Rev. 1
Engineering Trustworthy Secure Systems
SP 800-160 Vol. 1 Rev. 1 (Final)
Engineering Trustworthy Secure Systems
11/16/2022
Status:
Final
Final
11/16/2022
SP
800-157 Rev. 1
Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 Rev. 1 (Final Public Draft)
Guidelines for Derived Personal Identity Verification (PIV) Credentials
11/14/2024
Status:
Draft
Draft
11/14/2024
SP
800-157
Guidelines for Derived Personal Identity Verification (PIV) Credentials
SP 800-157 (Final)
Guidelines for Derived Personal Identity Verification (PIV) Credentials
12/19/2014
Status:
Final
Final
12/19/2014
SP
800-156
Representation of PIV Chain-of-Trust for Import and Export
SP 800-156 (Final)
Representation of PIV Chain-of-Trust for Import and Export
5/20/2016
Status:
Final
Final
5/20/2016
SP
800-154
Guide to Data-Centric System Threat Modeling
SP 800-154 (Initial Public Draft)
Guide to Data-Centric System Threat Modeling
3/14/2016
Status:
Draft
Draft
3/14/2016
SP
800-153
Guidelines for Securing Wireless Local Area Networks (WLANs)
SP 800-153 (Final)
Guidelines for Securing Wireless Local Area Networks (WLANs)
2/21/2012
Status:
Final
Final
2/21/2012
SP
800-152
A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)
SP 800-152 (Final)
A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)
10/28/2015
Status:
Final
Final
10/28/2015
SP
800-150
Guide to Cyber Threat Information Sharing
SP 800-150 (Final)
Guide to Cyber Threat Information Sharing
10/04/2016
Status:
Final
Final
10/04/2016
SP
800-147B
BIOS Protection Guidelines for Servers
SP 800-147B (Final)
BIOS Protection Guidelines for Servers
8/28/2014
Status:
Final
Final
8/28/2014
SP
800-147
BIOS Protection Guidelines
SP 800-147 (Final)
BIOS Protection Guidelines
4/29/2011
Status:
Final
Final
4/29/2011
SP
800-146
Cloud Computing Synopsis and Recommendations
SP 800-146 (Final)
Cloud Computing Synopsis and Recommendations
5/29/2012
Status:
Final
Final
5/29/2012
SP
800-145
The NIST Definition of Cloud Computing
SP 800-145 (Final)
The NIST Definition of Cloud Computing
9/28/2011
Status:
Final
Final
9/28/2011
SP
800-144
Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144 (Final)
Guidelines on Security and Privacy in Public Cloud Computing
12/09/2011
Status:
Final
Final
12/09/2011
SP
800-142
Practical Combinatorial Testing
SP 800-142 (Final)
Practical Combinatorial Testing
10/07/2010
Status:
Final
Final
10/07/2010
SP
800-140F Rev. 1
CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759
SP 800-140F Rev. 1 (Initial Public Draft)
CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759
8/20/2021
Status:
Draft
Draft
8/20/2021
SP
800-140F
CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759
SP 800-140F (Final)
CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759
3/20/2020
Status:
Final
Final
3/20/2020
SP
800-140E
CMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17
SP 800-140E (Final)
CMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17
3/20/2020
Status:
Final
Final
3/20/2020
SP
800-140D Rev. 2
Cryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759
SP 800-140D Rev. 2 (Final)
Cryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759
7/25/2023
Status:
Final
Final
7/25/2023
SP
800-140C Rev. 2
Cryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
SP 800-140C Rev. 2 (Final)
Cryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759
7/25/2023
Status:
Final
Final
7/25/2023
SP
800-140B Rev. 1
Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B
SP 800-140B Rev. 1 (Final)
Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B
11/17/2023
Status:
Final
Final
11/17/2023
SP
800-140A
CMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759
SP 800-140A (Final)
CMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759
3/20/2020
Status:
Final
Final
3/20/2020
SP
800-140
FIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759
SP 800-140 (Final)
FIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759
3/20/2020
Status:
Final
Final
3/20/2020
SP
800-137A
Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment
SP 800-137A (Final)
Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment
5/21/2020
Status:
Final
Final
5/21/2020
SP
800-137
Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
SP 800-137 (Final)
Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
9/30/2011
Status:
Final
Final
9/30/2011
SP
800-135 Rev. 1
Recommendation for Existing Application-Specific Key Derivation Functions
SP 800-135 Rev. 1 (Final)
Recommendation for Existing Application-Specific Key Derivation Functions
12/23/2011
Status:
Final
Final
12/23/2011
SP
800-133 Rev. 3
Recommendation for Cryptographic Key Generation
SP 800-133 Rev. 3 (Initial Public Draft)
Recommendation for Cryptographic Key Generation
4/17/2026
Status:
Draft
Draft
4/17/2026
SP
800-133 Rev. 2
Recommendation for Cryptographic Key Generation
SP 800-133 Rev. 2 (Final)
Recommendation for Cryptographic Key Generation
6/04/2020
Status:
Final
Final
6/04/2020
SP
800-132
Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132 (Final)
Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
12/22/2010
Status:
Final
Final
12/22/2010
SP
800-131A Rev. 3
Transitioning the Use of Cryptographic Algorithms and Key Lengths
SP 800-131A Rev. 3 (Initial Public Draft)
Transitioning the Use of Cryptographic Algorithms and Key Lengths
10/21/2024
Status:
Draft
Draft
10/21/2024
SP
800-131A Rev. 2
Transitioning the Use of Cryptographic Algorithms and Key Lengths
SP 800-131A Rev. 2 (Final)
Transitioning the Use of Cryptographic Algorithms and Key Lengths
3/21/2019
Status:
Final
Final
3/21/2019
SP
800-130
A Framework for Designing Cryptographic Key Management Systems
SP 800-130 (Final)
A Framework for Designing Cryptographic Key Management Systems
8/15/2013
Status:
Final
Final
8/15/2013
SP
800-128
Guide for Security-Focused Configuration Management of Information Systems
SP 800-128 (Final)
Guide for Security-Focused Configuration Management of Information Systems
10/10/2019
Status:
Final
Final
10/10/2019
SP
800-126 Rev. 4
Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.4
SP 800-126 Rev. 4 (Initial Public Draft)
Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.4
12/11/2025
Status:
Draft
Draft
12/11/2025
SP
800-126 Rev. 3
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
SP 800-126 Rev. 3 (Final)
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
2/14/2018
Status:
Final
Final
2/14/2018
SP
800-126 Rev. 2
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
SP 800-126 Rev. 2 (Final)
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
3/19/2012
Status:
Final
Final
3/19/2012
SP
800-126A Rev. 4
SCAP 1.4 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 4
SP 800-126A Rev. 4 (Initial Public Draft)
SCAP 1.4 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 4
12/11/2025
Status:
Draft
Draft
12/11/2025
SP
800-126A
SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
SP 800-126A (Final)
SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
2/14/2018
Status:
Final
Final
2/14/2018
SP
800-126 Rev. 1
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
SP 800-126 Rev. 1 (Final)
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1
2/25/2011
Status:
Final
Final
2/25/2011
SP
800-125B
Secure Virtual Network Configuration for Virtual Machine (VM) Protection
SP 800-125B (Final)
Secure Virtual Network Configuration for Virtual Machine (VM) Protection
3/07/2016
Status:
Final
Final
3/07/2016
SP
800-125A Rev. 1
Security Recommendations for Server-based Hypervisor Platforms
SP 800-125A Rev. 1 (Final)
Security Recommendations for Server-based Hypervisor Platforms
6/07/2018
Status:
Final
Final
6/07/2018
SP
800-125
Guide to Security for Full Virtualization Technologies
SP 800-125 (Final)
Guide to Security for Full Virtualization Technologies
1/28/2011
Status:
Final
Final
1/28/2011
SP
800-124 Rev. 2
Guidelines for Managing the Security of Mobile Devices in the Enterprise
SP 800-124 Rev. 2 (Final)
Guidelines for Managing the Security of Mobile Devices in the Enterprise
5/17/2023
Status:
Final
Final
5/17/2023
SP
800-123
Guide to General Server Security
SP 800-123 (Final)
Guide to General Server Security
7/25/2008
Status:
Final
Final
7/25/2008
SP
800-122
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122 (Final)
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
4/06/2010
Status:
Final
Final
4/06/2010
SP
800-121 Rev. 2
Guide to Bluetooth Security
SP 800-121 Rev. 2 (Final)
Guide to Bluetooth Security
1/19/2022
Status:
Final
Final
1/19/2022
SP
800-119
Guidelines for the Secure Deployment of IPv6
SP 800-119 (Final)
Guidelines for the Secure Deployment of IPv6
12/29/2010
Status:
Final
Final
12/29/2010
SP
800-116 Rev. 1
Guidelines for the Use of PIV Credentials in Facility Access
SP 800-116 Rev. 1 (Final)
Guidelines for the Use of PIV Credentials in Facility Access
6/29/2018
Status:
Final
Final
6/29/2018
SP
800-115
Technical Guide to Information Security Testing and Assessment
SP 800-115 (Final)
Technical Guide to Information Security Testing and Assessment
9/30/2008
Status:
Final
Final
9/30/2008
SP
800-114 Rev. 1
User's Guide to Telework and Bring Your Own Device (BYOD) Security
SP 800-114 Rev. 1 (Final)
User's Guide to Telework and Bring Your Own Device (BYOD) Security
7/29/2016
Status:
Final
Final
7/29/2016
SP
800-113
Guide to SSL VPNs
SP 800-113 (Final)
Guide to SSL VPNs
7/01/2008
Status:
Final
Final
7/01/2008
SP
800-111
Guide to Storage Encryption Technologies for End User Devices
SP 800-111 (Final)
Guide to Storage Encryption Technologies for End User Devices
11/15/2007
Status:
Final
Final
11/15/2007
SP
800-108 Rev. 1
Recommendation for Key Derivation Using Pseudorandom Functions
SP 800-108 Rev. 1 (Final)
Recommendation for Key Derivation Using Pseudorandom Functions
2/02/2024
Status:
Final
Final
2/02/2024
SP
800-107 Rev. 1
Recommendation for Applications Using Approved Hash Algorithms
SP 800-107 Rev. 1 (Final)
Recommendation for Applications Using Approved Hash Algorithms
8/24/2012
Status:
Final
Final
8/24/2012
SP
800-101 Rev. 1
Guidelines on Mobile Device Forensics
SP 800-101 Rev. 1 (Final)
Guidelines on Mobile Device Forensics
5/15/2014
Status:
Final
Final
5/15/2014
SP
800-100 Rev. 1
PRE-DRAFT Call for Comments | Information Security Handbook: A Guide for Managers
SP 800-100 Rev. 1 (Initial Preliminary Draft)
PRE-DRAFT Call for Comments | Information Security Handbook: A Guide for Managers
1/09/2024
Status:
Draft
Draft
1/09/2024
SP
800-100
Information Security Handbook: A Guide for Managers
SP 800-100 (Final)
Information Security Handbook: A Guide for Managers
3/07/2007
Status:
Final
Final
3/07/2007
SP
800-98
Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98 (Final)
Guidelines for Securing Radio Frequency Identification (RFID) Systems
4/06/2007
Status:
Final
Final
4/06/2007
SP
800-96
PIV Card to Reader Interoperability Guidelines
SP 800-96 (Final)
PIV Card to Reader Interoperability Guidelines
12/29/2006
Status:
Final
Final
12/29/2006
SP
800-95
Guide to Secure Web Services
SP 800-95 (Final)
Guide to Secure Web Services
8/29/2007
Status:
Final
Final
8/29/2007
SP
800-94
Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94 (Final)
Guide to Intrusion Detection and Prevention Systems (IDPS)
2/20/2007
Status:
Final
Final
2/20/2007
SP
800-92 Rev. 1
Cybersecurity Log Management Planning Guide
SP 800-92 Rev. 1 (Initial Public Draft)
Cybersecurity Log Management Planning Guide
10/11/2023
Status:
Draft
Draft
10/11/2023
SP
800-92
Guide to Computer Security Log Management
SP 800-92 (Final)
Guide to Computer Security Log Management
9/13/2006
Status:
Final
Final
9/13/2006
SP
800-90C
Recommendation for Random Bit Generator (RBG) Constructions
SP 800-90C (Final)
Recommendation for Random Bit Generator (RBG) Constructions
9/25/2025
Status:
Final
Final
9/25/2025
SP
800-90B
Recommendation for the Entropy Sources Used for Random Bit Generation
SP 800-90B (Final)
Recommendation for the Entropy Sources Used for Random Bit Generation
1/10/2018
Status:
Final
Final
1/10/2018
SP
800-90A Rev. 2
PRE-DRAFT Call for Comments: Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP 800-90A Rev. 2 (Initial Preliminary Draft)
PRE-DRAFT Call for Comments: Recommendation for Random Number Generation Using Deterministic Random Bit Generators
9/04/2025
Status:
Draft
Draft
9/04/2025
SP
800-90A Rev. 1
Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP 800-90A Rev. 1 (Final)
Recommendation for Random Number Generation Using Deterministic Random Bit Generators
6/24/2015
Status:
Final
Final
6/24/2015
SP
800-89
Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-89 (Final)
Recommendation for Obtaining Assurances for Digital Signature Applications
11/30/2006
Status:
Final
Final
11/30/2006
SP
800-88 Rev. 2
Guidelines for Media Sanitization
SP 800-88 Rev. 2 (Final)
Guidelines for Media Sanitization
9/26/2025
Status:
Final
Final
9/26/2025
SP
800-87 Rev. 2
Codes for Identification of Federal and Federally-Assisted Organizations
SP 800-87 Rev. 2 (Final)
Codes for Identification of Federal and Federally-Assisted Organizations
4/19/2018
Status:
Final
Final
4/19/2018
SP
800-86
Guide to Integrating Forensic Techniques into Incident Response
SP 800-86 (Final)
Guide to Integrating Forensic Techniques into Incident Response
9/01/2006
Status:
Final
Final
9/01/2006
SP
800-85B
PIV Data Model Test Guidelines
SP 800-85B (Final)
PIV Data Model Test Guidelines
7/31/2006
Status:
Final
Final
7/31/2006
SP
800-85A-4
PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
SP 800-85A-4 (Final)
PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
4/13/2016
Status:
Final
Final
4/13/2016
SP
800-84
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
SP 800-84 (Final)
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
9/21/2006
Status:
Final
Final
9/21/2006
SP
800-83 Rev. 1
Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800-83 Rev. 1 (Final)
Guide to Malware Incident Prevention and Handling for Desktops and Laptops
7/22/2013
Status:
Final
Final
7/22/2013
SP
800-82 Rev. 4
Pre-Draft Call for Comments: Guide to Operational Technology (OT) Security
SP 800-82 Rev. 4 (Initial Preliminary Draft)
Pre-Draft Call for Comments: Guide to Operational Technology (OT) Security
1/22/2026
Status:
Draft
Draft
1/22/2026
SP
800-82 Rev. 3
Guide to Operational Technology (OT) Security
SP 800-82 Rev. 3 (Final)
Guide to Operational Technology (OT) Security
9/28/2023
Status:
Final
Final
9/28/2023
SP
800-81 Rev. 3
Secure Domain Name System (DNS) Deployment Guide
SP 800-81 Rev. 3 (Final)
Secure Domain Name System (DNS) Deployment Guide
3/19/2026
Status:
Final
Final
3/19/2026
SP
800-79 Rev. 3
Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers
SP 800-79 Rev. 3 (Initial Public Draft)
Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers
12/13/2023
Status:
Draft
Draft
12/13/2023
SP
800-79-2
Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
SP 800-79-2 (Final)
Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)
7/30/2015
Status:
Final
Final
7/30/2015
SP
800-78-5
Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-78-5 (Final)
Cryptographic Algorithms and Key Sizes for Personal Identity Verification
7/15/2024
Status:
Final
Final
7/15/2024
SP
800-77 Rev. 1
Guide to IPsec VPNs
SP 800-77 Rev. 1 (Final)
Guide to IPsec VPNs
6/30/2020
Status:
Final
Final
6/30/2020
SP
800-76-2
Biometric Specifications for Personal Identity Verification
SP 800-76-2 (Final)
Biometric Specifications for Personal Identity Verification
7/11/2013
Status:
Final
Final
7/11/2013
SP
800-73-5
Interfaces for Personal Identity Verification: Part 1 – PIV Card Application Namespace, Data Model and Representation
SP 800-73-5 (Final)
Interfaces for Personal Identity Verification: Part 1 – PIV Card Application Namespace, Data Model and Representation
7/15/2024
Status:
Final
Final
7/15/2024
SP
800-73-5
Interfaces for Personal Identity Verification: Part 2 – PIV Card Application Card Command Interface
SP 800-73-5 (Final)
Interfaces for Personal Identity Verification: Part 2 – PIV Card Application Card Command Interface
7/15/2024
Status:
Final
Final
7/15/2024
SP
800-73-5
Interfaces for Personal Identity Verification: Part 3 – PIV Client Application Programming Interface
SP 800-73-5 (Final)
Interfaces for Personal Identity Verification: Part 3 – PIV Client Application Programming Interface
7/15/2024
Status:
Final
Final
7/15/2024
SP
800-72
Guidelines on PDA Forensics
SP 800-72 (Final)
Guidelines on PDA Forensics
11/01/2004
Status:
Final
Final
11/01/2004
SP
800-70 Rev. 5
National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 5 (Initial Public Draft)
National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
12/09/2025
Status:
Draft
Draft
12/09/2025
SP
800-70 Rev. 4
National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-70 Rev. 4 (Final)
National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
2/15/2018
Status:
Final
Final
2/15/2018
SP
800-66 Rev. 2
Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide
SP 800-66 Rev. 2 (Final)
Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide
2/14/2024
Status:
Final
Final
2/14/2024
SP
800-63-4
Digital Identity Guidelines
SP 800-63-4 (Final)
Digital Identity Guidelines
7/31/2025
Status:
Final
Final
7/31/2025
SP
800-63C-4
Digital Identity Guidelines: Federation and Assertions
SP 800-63C-4 (Final)
Digital Identity Guidelines: Federation and Assertions
7/31/2025
Status:
Final
Final
7/31/2025
SP
800-63B-4
Digital Identity Guidelines: Authentication and Authenticator Management
SP 800-63B-4 (Final)
Digital Identity Guidelines: Authentication and Authenticator Management
7/31/2025
Status:
Final
Final
7/31/2025
SP
800-63A-4
Digital Identity Guidelines: Identity Proofing and Enrollment
SP 800-63A-4 (Final)
Digital Identity Guidelines: Identity Proofing and Enrollment
7/31/2025
Status:
Final
Final
7/31/2025
SP
800-61 Rev. 3
Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile
SP 800-61 Rev. 3 (Final)
Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile
4/03/2025
Status:
Final
Final
4/03/2025
SP
800-60 Vol. 2 Rev. 1
Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
SP 800-60 Vol. 2 Rev. 1 (Final)
Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices
8/01/2008
Status:
Final
Final
8/01/2008
SP
800-60 Rev. 2
Guide for Mapping Types of Information and Systems to Security Categories
SP 800-60 Rev. 2 (Initial Working Draft)
Guide for Mapping Types of Information and Systems to Security Categories
1/31/2024
Status:
Draft
Draft
1/31/2024
SP
800-60 Vol. 1 Rev. 1
Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-60 Vol. 1 Rev. 1 (Final)
Guide for Mapping Types of Information and Information Systems to Security Categories
8/01/2008
Status:
Final
Final
8/01/2008
SP
800-59
Guideline for Identifying an Information System as a National Security System
SP 800-59 (Final)
Guideline for Identifying an Information System as a National Security System
8/20/2003
Status:
Final
Final
8/20/2003
SP
800-58
Security Considerations for Voice Over IP Systems
SP 800-58 (Final)
Security Considerations for Voice Over IP Systems
1/01/2005
Status:
Final
Final
1/01/2005
SP
800-57 Rev. 6
Recommendation for Key Management: Part 1 – General
SP 800-57 Rev. 6 (Initial Public Draft)
Recommendation for Key Management: Part 1 – General
12/05/2025
Status:
Draft
Draft
12/05/2025
SP
800-57 Part 3 Rev. 1
Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-57 Part 3 Rev. 1 (Final)
Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
1/22/2015
Status:
Final
Final
1/22/2015
SP
800-57 Part 2 Rev. 1
Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations
SP 800-57 Part 2 Rev. 1 (Final)
Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations
5/23/2019
Status:
Final
Final
5/23/2019
SP
800-57 Part 1 Rev. 5
Recommendation for Key Management: Part 1 – General
SP 800-57 Part 1 Rev. 5 (Final)
Recommendation for Key Management: Part 1 – General
5/04/2020
Status:
Final
Final
5/04/2020
SP
800-56C Rev. 2
Recommendation for Key-Derivation Methods in Key-Establishment Schemes
SP 800-56C Rev. 2 (Final)
Recommendation for Key-Derivation Methods in Key-Establishment Schemes
8/18/2020
Status:
Final
Final
8/18/2020
SP
800-56B Rev. 2
Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography
SP 800-56B Rev. 2 (Final)
Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography
3/21/2019
Status:
Final
Final
3/21/2019
SP
800-56A Rev. 3
Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
SP 800-56A Rev. 3 (Final)
Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
4/16/2018
Status:
Final
Final
4/16/2018
SP
800-55 Vol. 2
Measurement Guide for Information Security: Volume 2 — Developing an Information Security Measurement Program
SP 800-55 Vol. 2 (Final)
Measurement Guide for Information Security: Volume 2 — Developing an Information Security Measurement Program
12/04/2024
Status:
Final
Final
12/04/2024
SP
800-55 Vol. 1
Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures
SP 800-55 Vol. 1 (Final)
Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures
12/04/2024
Status:
Final
Final
12/04/2024
SP
800-53 Rev. 5
Security and Privacy Controls for Information Systems and Organizations
SP 800-53 Rev. 5 (Final)
Security and Privacy Controls for Information Systems and Organizations
12/10/2020
Status:
Final
Final
12/10/2020
SP
800-53B
Control Baselines for Information Systems and Organizations
SP 800-53B (Final)
Control Baselines for Information Systems and Organizations
12/10/2020
Status:
Final
Final
12/10/2020
SP
800-53A Rev. 5
Assessing Security and Privacy Controls in Information Systems and Organizations
SP 800-53A Rev. 5 (Final)
Assessing Security and Privacy Controls in Information Systems and Organizations
1/25/2022
Status:
Final
Final
1/25/2022
SP
800-52 Rev. 2
Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-52 Rev. 2 (Final)
Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
8/29/2019
Status:
Final
Final
8/29/2019
SP
800-51 Rev. 1
Guide to Using Vulnerability Naming Schemes
SP 800-51 Rev. 1 (Final)
Guide to Using Vulnerability Naming Schemes
2/25/2011
Status:
Final
Final
2/25/2011
SP
800-50 Rev. 1
Building a Cybersecurity and Privacy Learning Program
SP 800-50 Rev. 1 (Final)
Building a Cybersecurity and Privacy Learning Program
9/12/2024
Status:
Final
Final
9/12/2024
SP
800-49
Federal S/MIME V3 Client Profile
SP 800-49 (Final)
Federal S/MIME V3 Client Profile
11/05/2002
Status:
Final
Final
11/05/2002
SP
800-47 Rev. 1
Managing the Security of Information Exchanges
SP 800-47 Rev. 1 (Final)
Managing the Security of Information Exchanges
7/20/2021
Status:
Final
Final
7/20/2021
SP
800-46 Rev. 3
PRE-DRAFT Call for Comments: Guide to Enterprise Telework Security
SP 800-46 Rev. 3 (Initial Preliminary Draft)
PRE-DRAFT Call for Comments: Guide to Enterprise Telework Security
9/10/2020
Status:
Draft
Draft
9/10/2020
SP
800-46 Rev. 2
Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
SP 800-46 Rev. 2 (Final)
Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
7/29/2016
Status:
Final
Final
7/29/2016
SP
800-45 Version 2
Guidelines on Electronic Mail Security
SP 800-45 Version 2 (Final)
Guidelines on Electronic Mail Security
2/20/2007
Status:
Final
Final
2/20/2007
SP
800-44 Version 2
Guidelines on Securing Public Web Servers
SP 800-44 Version 2 (Final)
Guidelines on Securing Public Web Servers
10/09/2007
Status:
Final
Final
10/09/2007
SP
800-41 Rev. 1
Guidelines on Firewalls and Firewall Policy
SP 800-41 Rev. 1 (Final)
Guidelines on Firewalls and Firewall Policy
9/28/2009
Status:
Final
Final
9/28/2009
SP
800-40 Rev. 4
Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology
SP 800-40 Rev. 4 (Final)
Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology
4/06/2022
Status:
Final
Final
4/06/2022
SP
800-39
Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39 (Final)
Managing Information Security Risk: Organization, Mission, and Information System View
3/01/2011
Status:
Final
Final
3/01/2011
SP
800-38G Rev. 1
Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-38G Rev. 1 (2nd Public Draft)
Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
2/03/2025
Status:
Draft
Draft
2/03/2025
SP
800-38G
Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-38G (Final)
Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
8/04/2016
Status:
Final
Final
8/04/2016
SP
800-38F
Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38F (Final)
Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
12/13/2012
Status:
Final
Final
12/13/2012
SP
800-38E
Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38E (Final)
Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
1/18/2010
Status:
Final
Final
1/18/2010
SP
800-38D Rev. 1
Pre-Draft Call for Comments: GCM and GMAC Block Cipher Modes of Operation
SP 800-38D Rev. 1 (Initial Preliminary Draft)
Pre-Draft Call for Comments: GCM and GMAC Block Cipher Modes of Operation
1/06/2025
Status:
Draft
Draft
1/06/2025
SP
800-38D
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38D (Final)
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
11/28/2007
Status:
Final
Final
11/28/2007
SP
800-38C
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38C (Final)
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
7/20/2007
Status:
Final
Final
7/20/2007
SP
800-38B
Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
SP 800-38B (Final)
Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
10/06/2016
Status:
Final
Final
10/06/2016
SP
800-38A
Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38A (Final)
Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
10/21/2010
Status:
Final
Final
10/21/2010
SP
800-38A
Recommendation for Block Cipher Modes of Operation: Methods and Techniques
SP 800-38A (Final)
Recommendation for Block Cipher Modes of Operation: Methods and Techniques
12/01/2001
Status:
Final
Final
12/01/2001
SP
800-37 Rev. 2
Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
SP 800-37 Rev. 2 (Final)
Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
12/20/2018
Status:
Final
Final
12/20/2018
SP
800-35
Guide to Information Technology Security Services
SP 800-35 (Final)
Guide to Information Technology Security Services
10/09/2003
Status:
Final
Final
10/09/2003
SP
800-34 Rev. 1
Contingency Planning Guide for Federal Information Systems
SP 800-34 Rev. 1 (Final)
Contingency Planning Guide for Federal Information Systems
11/11/2010
Status:
Final
Final
11/11/2010
SP
800-30 Rev. 1
Guide for Conducting Risk Assessments
SP 800-30 Rev. 1 (Final)
Guide for Conducting Risk Assessments
9/17/2012
Status:
Final
Final
9/17/2012
SP
800-28 Version 2
Guidelines on Active Content and Mobile Code
SP 800-28 Version 2 (Final)
Guidelines on Active Content and Mobile Code
3/07/2008
Status:
Final
Final
3/07/2008
SP
800-22 Rev. 1
A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
SP 800-22 Rev. 1 (Final)
A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
4/30/2010
Status:
Final
Final
4/30/2010
SP
800-18 Rev. 2
Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems
SP 800-18 Rev. 2 (Initial Public Draft)
Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems
6/04/2025
Status:
Draft
Draft
6/04/2025
SP
800-18 Rev. 1
Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1 (Final)
Guide for Developing Security Plans for Federal Information Systems
2/24/2006
Status:
Final
Final
2/24/2006
SP
800-12 Rev. 1
An Introduction to Information Security
SP 800-12 Rev. 1 (Final)
An Introduction to Information Security
6/22/2017
Status:
Final
Final
6/22/2017
SP
500-325
Fog Computing Conceptual Model
SP 500-325 (Final)
Fog Computing Conceptual Model
3/14/2018
Status:
Final
Final
3/14/2018
SP
500-320
Report of the Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)
SP 500-320 (Final)
Report of the Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)
11/10/2016
Status:
Final
Final
11/10/2016
SP
500-304
Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information
SP 500-304 (Final)
Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information
6/24/2015
Status:
Final
Final
6/24/2015
SP
500-189
Security in ISDN
SP 500-189 (Final)
Security in ISDN
9/01/1991
Status:
Final
Final
9/01/1991
SP
500-174
Guide for Selecting Automated Risk Analysis Tools
SP 500-174 (Final)
Guide for Selecting Automated Risk Analysis Tools
10/01/1989
Status:
Final
Final
10/01/1989
SP
500-171
Computer Users' Guide to the Protection of Information Resources
SP 500-171 (Final)
Computer Users' Guide to the Protection of Information Resources
10/01/1989
Status:
Final
Final
10/01/1989
SP
500-170
Management Guide to the Protection of Information Resources
SP 500-170 (Final)
Management Guide to the Protection of Information Resources
10/01/1989
Status:
Final
Final
10/01/1989
SP
500-169
Executive Guide to the Protection of Information Resources
SP 500-169 (Final)
Executive Guide to the Protection of Information Resources
10/01/1989
Status:
Final
Final
10/01/1989
SP
500-166
Computer Viruses and Related Threats: a Management Guide
SP 500-166 (Final)
Computer Viruses and Related Threats: a Management Guide
8/01/1989
Status:
Final
Final
8/01/1989
SP
500-160
Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS)
SP 500-160 (Final)
Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS)
1/01/1989
Status:
Final
Final
1/01/1989
SP
500-158
Accuracy, Integrity, and Security in Computerized Vote-Tallying
SP 500-158 (Final)
Accuracy, Integrity, and Security in Computerized Vote-Tallying
8/01/1988
Status:
Final
Final
8/01/1988
SP
500-157
Smart Card Technology: New Methods for Computer Access Control
SP 500-157 (Final)
Smart Card Technology: New Methods for Computer Access Control
9/01/1988
Status:
Final
Final
9/01/1988
SP
500-156
Message Authentication Code (MAC) Validation System: Requirements and Procedures
SP 500-156 (Final)
Message Authentication Code (MAC) Validation System: Requirements and Procedures
5/01/1988
Status:
Final
Final
5/01/1988
SP
500-153
Guide to Auditing for Controls and Security: A System Development Life Cycle Approach
SP 500-153 (Final)
Guide to Auditing for Controls and Security: A System Development Life Cycle Approach
4/01/1988
Status:
Final
Final
4/01/1988
SP
500-137
Security for Dial-Up Lines
SP 500-137 (Final)
Security for Dial-Up Lines
5/01/1986
Status:
Final
Final
5/01/1986
SP
500-134
Guide on Selecting ADP Backup Process Alternatives
SP 500-134 (Final)
Guide on Selecting ADP Backup Process Alternatives
11/01/1985
Status:
Final
Final
11/01/1985
SP
500-133
Technology Assessment: Methods for Measuring the Level of Computer Security
SP 500-133 (Final)
Technology Assessment: Methods for Measuring the Level of Computer Security
10/01/1985
Status:
Final
Final
10/01/1985
SP
500-120
Security of Personal Computer Systems: A Management Guide
SP 500-120 (Final)
Security of Personal Computer Systems: A Management Guide
1/01/1985
Status:
Final
Final
1/01/1985
SP
500-109
Overview of Computer Security Certification and Accreditation
SP 500-109 (Final)
Overview of Computer Security Certification and Accreditation
4/01/1984
Status:
Final
Final
4/01/1984
SP
500-85
Executive Guide to ADP Contingency Planning
SP 500-85 (Final)
Executive Guide to ADP Contingency Planning
1/01/1982
Status:
Final
Final
1/01/1982
SP
500-61
Maintenance Testing for the Data Encryption Standard
SP 500-61 (Final)
Maintenance Testing for the Data Encryption Standard
8/01/1980
Status:
Final
Final
8/01/1980
SP
500-57
Audit and Evaluation of Computer Security II: System Vulnerabilities and Controls
SP 500-57 (Final)
Audit and Evaluation of Computer Security II: System Vulnerabilities and Controls
4/01/1980
Status:
Final
Final
4/01/1980
SP
500-54
A Key Notarization System for Computer Networks
SP 500-54 (Final)
A Key Notarization System for Computer Networks
10/01/1979
Status:
Final
Final
10/01/1979
SP
500-42
A Survey of Remote Monitoring
SP 500-42 (Final)
A Survey of Remote Monitoring
1/01/1979
Status:
Final
Final
1/01/1979
SP
500-30
Effective Use of Computing Technology in Vote-Tallying
SP 500-30 (Final)
Effective Use of Computing Technology in Vote-Tallying
4/01/1978
Status:
Final
Final
4/01/1978
SP
500-27
Computer Security and the Data Encryption Standard: Proceedings of the Conference on Computer Security and the Data Encryption Standard
SP 500-27 (Final)
Computer Security and the Data Encryption Standard: Proceedings of the Conference on Computer Security and the Data Encryption Standard
2/01/1978
Status:
Final
Final
2/01/1978
SP
500-25
An Analysis of Computer Security Safeguards for Detecting and Preventing Intentional Computer Misuse
SP 500-25 (Final)
An Analysis of Computer Security Safeguards for Detecting and Preventing Intentional Computer Misuse
1/01/1978
Status:
Final
Final
1/01/1978
SP
500-24
Performance Assurance and Data Integrity Practices
SP 500-24 (Final)
Performance Assurance and Data Integrity Practices
1/01/1978
Status:
Final
Final
1/01/1978
SP
500-21 Vol. 2
The Network Security Center: a System Level Approach to Computer Network Security
SP 500-21 Vol. 2 (Final)
The Network Security Center: a System Level Approach to Computer Network Security
1/01/1978
Status:
Final
Final
1/01/1978
SP
500-21 Vol. 1
Design Alternatives for Computer Network Security
SP 500-21 Vol. 1 (Final)
Design Alternatives for Computer Network Security
1/01/1978
Status:
Final
Final
1/01/1978
SP
500-20
Validating the Correctness of Hardware Implementations of the NBS Data Encryption Standard
SP 500-20 (Final)
Validating the Correctness of Hardware Implementations of the NBS Data Encryption Standard
9/01/1980
Status:
Final
Final
9/01/1980
SP
500-19
Audit and Evaluation of Computer Security
SP 500-19 (Final)
Audit and Evaluation of Computer Security
10/01/1977
Status:
Final
Final
10/01/1977
SP
500-9
The Use of Passwords for Controlled Access to Computer Resources
SP 500-9 (Final)
The Use of Passwords for Controlled Access to Computer Resources
5/01/1977
Status:
Final
Final
5/01/1977
SP
404
Approaches to Privacy and Security in Computer Systems: Proceedings of a Conference Held at the National Bureau of Standards March 4-5, 1974
SP 404 (Final)
Approaches to Privacy and Security in Computer Systems: Proceedings of a Conference Held at the National Bureau of Standards March 4-5, 1974
9/01/1974
Status:
Final
Final
9/01/1974
View All Publications
Current Publications
NIST Series Pubs
Final Pubs
Drafts Open for Comment
Drafts
(all)
View By Series
FIPS
(standards)
SP 800
(guidance)
SP 1800
(practice guides)
SP
(all subseries)
IR
(interagency/internal reports)
CSWP
(cybersecurity white papers)
ITL Bulletins
Other Pubs
Project Descriptions
Journal Articles
Conference Papers
Books
Other
Final:
Current list of all published NIST cybersecurity documents.
Does not include "Withdrawn" documents. Includes FIPS, Special Publications, NISTIRs, ITL Bulletins, and NIST Cybersecurity White Papers.
Public Drafts:
Current list of all draft NIST cybersecurity documents--they are typically posted for public comment.
"Current" public drafts are the latest draft versions that have not yet been published as "Final."
FIPS:
Current Federal Information Processing Standard Publications (FIPS).
Includes current (Final and Draft) FIPS.
SP 800 Series:
Current NIST Special Publication (SP) 800 series publications, which focus on Computer/Information Security.
Includes current (Final and Draft) SP 800 pubs.
All SP Series:
Current NIST Special Publications (SP), including SP 800 (Computer/Information Security) and SP 1800
(Cybersecurity Practice Guides) pubs. Also includes SP 500 (Computer Systems Technology) pubs related to cybersecurity and privacy.
Includes current (Final and Draft) NIST Special Publications.
NISTIRs:
Current list of NIST Interagency or Internal Reports (NISTIR) related to cybersecurity and privacy.
Includes current (Final and Draft) NISTIRs.
ITL Bulletins:
Current list of NIST Information Technology Laboratory (ITL) Bulletins.
White Papers:
Consists of NIST Cybersecurity White Papers; NCCoE Project Descriptions, Building Blocks and Use Cases; and
other NIST-authored papers that are not part of a formal series.
Includes current (Final and Draft) papers.
Journal Articles:
NIST-authored articles published in external journals and in the NIST Journal of Research (JRES).
Conference Papers:
NIST-authored conference papers related to cybersecurity and privacy.
Books:
NIST-authored books, book sections, and encyclopedia entries related to cybersecurity and privacy.