| NIST Standard |
Special Publication (SP) Title |
Brief Description |
| NIST 800-12, Revision 1 |
Handbook for Computer Security Managers |
This publication serves as a starting point for those new to information security as well as for those who are unfamiliar with NIST information security Special Publications (SPs) and guidelines. This Special Publication (SP) provides a high-level overview of information security principles by introducing related concepts and the security control families (as defined in the NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations) that organizations can leverage to effectively secure their systems and information. |
| NIST 800-13 |
Telecommunications Security Guidelines |
This Special Publication offers guidelines for securing telecommunications systems, including network security, encryption, and key management. |
| NIST 800-14 |
Generally Accepted Principles and Practices for Securing Information Technology Systems |
This Special Publication outlines fundamental security principles and practices for IT systems, such as access control, system and network security, and incident response (IR). |
| NIST 800-18, Revision 1 |
Guide for Developing Security Plans for Federal Information Systems |
This Special Publication provides a step-by-step approach to developing security plans, including risk assessments, security controls, and incident response (IR) procedures. |
| NIST 800-30, Revision 1 |
Guide for Conducting Risk Assessments |
This Special Publication provides a comprehensive framework for managing risk, including risk assessment, risk mitigation, and risk monitoring. |
| NIST 800-84 |
Contingency Planning Guide for Federal Information Systems |
This Special Publication offers guidance on developing contingency plans to address various disruptions, such as natural disasters, cyberattacks, and system failures. |
| NIST 800-37, Revision 2 |
Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Scurity and Privacy |
This Special Publication provides a systematic approach to managing risk across the entire lifecycle of an information system. |
| NIST 800-40, Revision 4 |
Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology |
This Special Publication provides detailed guidance on developing security plans, including specific security controls and procedures. |
| NIST 800-40, Revision 4 |
Guidelines on Firewalls and Firewall Policy |
This Special Publication offers guidance on firewall technologies, deployment strategies, hardening strategies, and policy development. |
| NIST 800-44, Version 2 |
Guidelines on Securing Public Web Servers |
This Special Publication provides recommendations for securing web servers, including configuration guidelines, vulnerability management, and incident response. |
| NIST 800-45, Version 2 |
Guidelines on Electronic Mail Security |
This Special Publication offers guidance on securing email systems, including encryption, authentication, and spam filtering. |
| NIST 800-47, Revision 1 |
Managing the Security of Information Exchanges |
This Special Publication provides guidance on securing interconnected systems, including network security, access controls, and data protection. |
| NIST 800-50, Revision 1 |
Building an Information Technology Security Awareness and Training Program |
This Special Publication provides guidance on developing and implementing security awareness and training programs. |
| NIST 800-53, Revision 5 |
Security and Privacy Controls for Federal Information Systems and Organizations |
This Special Publication provides a comprehensive set of security and privacy controls for federal systems and organizations. |
| NIST 800-54 |
Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation |
This Special Publication offers guidance on securing BGP (Border Gateway Protocol), a protocol used to exchange routing information between interconnected and autonomous networks. |
| NIST 800-55, Volume 1 |
Measurement Guide for Information Security: Volume 1 - Identifying and Selecting Measures |
This Special Publication provides guidance on measuring the effctiveness of security controls and processes. |
| NIST 800-57, Part 1, Revision 5 |
Recommendation for Key Management, Part 1: General |
This Special Publication provides guidance on key management practices, including key generation, distribution, and storage. |
| NIST 800-60, Revision 2 |
Guide for Mapping Types of Information and Systems to Security Categories |
This Special Publication provides guidance on classifying information and systems based on their sensitivity and criticality. |
| NIST 800-61, Revision 2 |
Computer Security Incident Handling Guide |
This Special Publication provides guidance on incident response, planning, and detection. |
| NIST 800-63, Revision 3 |
Electronic Authentication Guideline |
This Special Publication provides guidance on electronic authentication technologies and practices, including password management, biometrics, and smart cards with PIV (Personal Identity Verification). |
| NIST 800-82, Revision 3 |
Guide to Operational Technology (OT) Security |
This Special Publication provides guidance on securing Industrial Control Systems (ICS), including SCADA systes and other critical infrastructure systems. |
| NIST 800-83, Revision 1 |
Guide to Malware: Incident Prevention and Handling for Desktops and Laptops |
This Special Publication provides guidance on recovering frommalware incidents, including malware removal, system resotration, and incident response procedures. for containment, eradication, and triaging. |
| NIST 800-84 |
Guide to Testing, Training, and Exercise Programs for IT Plans and Capabilities |
This Special Publication seeks to assist organizations in designing, developing, conducting, and evaluating Test, Training, and Exercise (TT&E) events in an effort to aid personnel in preparing for adverse situations involving Information Technology (IT). |
| NIST 800-86 |
Guide to Integrating Forensic Techniques into Incident Response |
This Special Publication provides guidance on integrating forensic techniques into incident response processes.. |
| NIST 800-88, Revision 1 |
Guidelines for Media Sanitization |
This Special Publication provides guidance on sanitizing storage media to remove sensitive information properly. |
| NIST 800-89 |
Recommendation for Obtaining Assurances for Digital Signature Applications |
This Special Publication specifies methods for obtaining the assurances necessary for valid digital signatures ofdomain parameter validity, assurance of public key validity, assurance that the key pair owner actually possesses the private key and assurance of the identity of the key pair owner. |
| NIST 800-92 |
Guide to Computer Security Log Management |
This Special Publication seeks to assist organizations in understanding the need for sound computer security log management. It provides practical, real-world guidance on developing, implementing, and maintaining effective log management practices throughout an enterprise. |
| NIST 800-94 |
Guidelines on Intursion Detection Systems |
This Special Publication provides guidance on deploying and managing intrusion detection systems. |
| NIST 800-95 |
Guide to Secure Web Services |
This Special Publication describes how to implement security control mechanisms in web services. It also discusses how to make web services and portal applications robust against the attacks to which they are subject. |
| NIST 800-97 |
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i |
This Special Publication describes secure methods used to authenticate users in a wireless environment, and presents several sample case studies of wireless deployments. It also includes guidane on best practices for establishing secure wireless networks using emerging WiFi technologies. |
| NIST 800-98 |
Guidelines for Securing Radio Frequency Identification (RFID) |
This Special Publication provides background information on RFID applications, standards, and system components to assist in the understanding of RFID security risks and controls. This document presents information that is independent of particular hardware platforms, operating systems, and applications. |
| NIST 800-100 |
Information Security Handbook: A Guide for Managers |
This Special Publication is an Information Security Handbook that provides a broad overview of information security program elements to assist maagers in understanding how to establish and describes how to establish an information security program. |
| NIST 800-101, Revision 1 |
Guidelines on Mobile Device Forensics |
This Special Publication provides an in-depth look into mobile devices and explains the technologies involved and their relationships to forensic procedures. |
| NIST 800-111 |
Guide to Storage Encryption Technologies for End User Devices |
This Special Publication explains the basics of storage encryption, which is the process of using encryption and authentication to restrict access to and use of stored information. |
| NIST 800-115 |
Technical Guide to Information Security Testing and Assessment |
This Special Publication provides guidance on conducting security testing and assessments, including penetration testing, vulnerability scanning, and risk assessments. |
| NIST 800-119 |
Guidelines for Securing the IPv6 Transition |
This Special Publication provides guidance on securing IPv6 networks and transitioning from IPv4 to IPv6. |
| NIST 800-122 |
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
This Special Publication provides guidance on protecting sensitive but unclassified information in nonfederal systems and organizations. |
| NIST 800-137 |
Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations |
This Special Publication provides guidance on continuous monitoring practices to identify and respond effectively to security threats. |
| NIST 800-145 |
The NIST Cloud Computing Framework |
This Special Publication provides a framework for asessing and mnaging risks associated with cloud computing. |
