NIST

Guide to NIST Information Security Documents

- start here - groups documents by topics and families 

NIST > CSRC HOME > Publications

National Vulnerability Database nvd.nist.gov

National Checklist Program web.nvd.nist.gov

Special Publication (SP) 800-63-2, Electronic Authentication Guideline nvlpubs.nist.gov

Federal Information Processing Standard (FIPS) Publication 180-4, Secure Hash Standard (SHS)  csrc.nist.gov

Draft NIST Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption   csrc.nist.gov

This publication specifies three block cipher modes of operation—or, simply, modes—for format-preserving encryption (FPE).

Previously approved encryption modes transform bit strings—sequences of 0s and 1s—into other bit strings, but these modes are not directly applicable to decimal strings, like Social Security numbers (SSNs) or credit card numbers(CCNs), or to other data formats.

Given any finite set of symbols, like the decimal numerals, FPE transforms data that is formatted as a sequence of the symbols in such a way that the encrypted form of the data has the same format and length as the original data. Thus, an FPE-encrypted SSN also appears to be an SSN.

Attribute Based Access Control | ABAC 

NIST Special Publication (SP) 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations nist.gov

- describes evolution from ACLs to RBAC to ABAC

- XACML is consistent with ABAC 

Special Publication (SP) 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs)

Computer Security Incident Handling Guide SP 800-61 Rev. 2. csrc.nist.gov

Computer Security Incident Handling Guide 

Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories csrc.nist.gov

NIST Information Security Glossary of Key Information Security Terms NIST Interagency Report (IR) 7298 Revision 1, csrc.nist.gov/publications

Security and Privacy Controls for Federal Information Systems and Organizations - APPENDIX J: PRIVACY CONTROL CATALOG 

NIST Special Publication 800-53 csrc.nist.gov/publications

Electronic Authentication Guideline  Special Publication 800-63-1, csrc.nist.gov/publications

Guide to Industrial Control System (ICS) Security   NIST Special Publication (SP) 800-82, csrc.nist.gov/publications

Draft Special Publication 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs)  csrc.nist.gov/publications

Draft Special Publication 800-121 Revision 1, Guide to Bluetooth Security  csrc.nist.gov/publications

Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories  csrc.nist.gov/publications

- contains a useful table of security objectives (confidentiality, integrity, availability) and potential impacts (low, moderate, high)  

Protecting Industrial Control Systems – Key Components Of Our Nation's Critical Infrastructures ITL Security Bulletin, csrc.nist.gov/publications

 - includes links to related NIST publications 

Guide for Conducting Risk Assessments  Initial Public Draft (IPD) of Special Publication 800-30, Revision 1, csrc.nist.gov/publications

Guide for Conducting Risk Assessments  Initial Public Draft (IPD) of Special Publication 800-30, Revision 1, csrc.nist.gov/publications

Guide to Industrial Control System (ICS) Security NIST Special Publication (SP) 800-82, csrc.nist.gov/publications

Guide for Security-Focused Configuration Management of Information Systems NIST Special Publication 800-128, csrc.nist.gov/publications

DRAFT Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP 800-67 Rev. 1 NIST, csrc.nist.gov/publications 

The Data Encryption Standard (DES) has now been withdrawn

NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Kerberos Version 4 End of Life Announcement

NIST Computer Security Division is proud to announce the release of the following Special Publication (SP):

SP 800-57 Part 1, Recommendation for Key Management: Part 1: General (Revision 3)   csrc.nist.gov/publications 

Special Publication 800-57 (Part 2 and Part 3)  csrc.nist.gov/publications

 (Part 3 is located below Part 2)

This publication contains basic key management guidance, including the security services that may be provided and the key types that may be employed in using cryptographic mechanisms, the functions involved in key management, and the protections and handling required for cryptographic keys. 

NISTIR 7823, Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework csrc.nist.gov/publications

Draft 

March 2012 ITL Security Bulletin "Guidelines for Improving Security and Privacy in Public Cloud Computing" crsc.nist.gov

Guidelines on Security and Privacy in Public Cloud Computing, SP 800-144  December 2011, crsc.nist.gov