Guide to NIST Information Security Documents
- start here - groups documents by topics and families
NIST > CSRC HOME > Publications
National Vulnerability Database nvd.nist.gov
National Checklist Program web.nvd.nist.gov
Special Publication (SP) 800-63-2, Electronic Authentication Guideline nvlpubs.nist.gov
Federal Information Processing Standard (FIPS) Publication 180-4, Secure Hash Standard (SHS) csrc.nist.gov
This publication specifies three block cipher modes of operation—or, simply, modes—for format-preserving encryption (FPE).
Previously approved encryption modes transform bit strings—sequences of 0s and 1s—into other bit strings, but these modes are not directly applicable to decimal strings, like Social Security numbers (SSNs) or credit card numbers(CCNs), or to other data formats.
Given any finite set of symbols, like the decimal numerals, FPE transforms data that is formatted as a sequence of the symbols in such a way that the encrypted form of the data has the same format and length as the original data. Thus, an FPE-encrypted SSN also appears to be an SSN.
Attribute Based Access Control | ABAC
- describes evolution from ACLs to RBAC to ABAC
- XACML is consistent with ABAC
Special Publication (SP) 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs)
Computer Security Incident Handling Guide SP 800-61 Rev. 2. csrc.nist.gov
Computer Security Incident Handling Guide
Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories csrc.nist.gov
NIST Information Security Glossary of Key Information Security Terms NIST Interagency Report (IR) 7298 Revision 1, csrc.nist.gov/publications
NIST Special Publication 800-53 csrc.nist.gov/publications
Electronic Authentication Guideline Special Publication 800-63-1, csrc.nist.gov/publications
Guide to Industrial Control System (ICS) Security NIST Special Publication (SP) 800-82, csrc.nist.gov/publications
Draft Special Publication 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) csrc.nist.gov/publications
Draft Special Publication 800-121 Revision 1, Guide to Bluetooth Security csrc.nist.gov/publications
Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories csrc.nist.gov/publications
- contains a useful table of security objectives (confidentiality, integrity, availability) and potential impacts (low, moderate, high)
Protecting Industrial Control Systems – Key Components Of Our Nation's Critical Infrastructures ITL Security Bulletin, csrc.nist.gov/publications
- includes links to related NIST publications
Guide for Conducting Risk Assessments Initial Public Draft (IPD) of Special Publication 800-30, Revision 1, csrc.nist.gov/publications
Guide for Conducting Risk Assessments Initial Public Draft (IPD) of Special Publication 800-30, Revision 1, csrc.nist.gov/publications
Guide to Industrial Control System (ICS) Security NIST Special Publication (SP) 800-82, csrc.nist.gov/publications
Guide for Security-Focused Configuration Management of Information Systems NIST Special Publication 800-128, csrc.nist.gov/publications
DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP 800-67 Rev. 1 NIST, csrc.nist.gov/publications
The Data Encryption Standard (DES) has now been withdrawn
NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Kerberos Version 4 End of Life Announcement
NIST Computer Security Division is proud to announce the release of the following Special Publication (SP):
SP 800-57 Part 1, Recommendation for Key Management: Part 1: General (Revision 3) csrc.nist.gov/publications
Special Publication 800-57 (Part 2 and Part 3) csrc.nist.gov/publications
(Part 3 is located below Part 2)
This publication contains basic key management guidance, including the security services that may be provided and the key types that may be employed in using cryptographic mechanisms, the functions involved in key management, and the protections and handling required for cryptographic keys.
NISTIR 7823, Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework csrc.nist.gov/publications
Draft
March 2012 ITL Security Bulletin "Guidelines for Improving Security and Privacy in Public Cloud Computing" crsc.nist.gov
Guidelines on Security and Privacy in Public Cloud Computing, SP 800-144 December 2011, crsc.nist.gov