CSRC   nistlogo
Home Library Services Events Advisories Contact Site Map  

advanced search
NISSC Conference
ITL Security Bulletins
Virus Info
Research and Testing
Training & Education

Project Sites
Common Criteria
Security Practices

Security Advisories
Links & Organizations

NIST Computer Security Special Publications

Key to types of file extensions:
.pdf - opened by using Adobe Acrobat Reader
.doc - Microsoft Word
.ps - Postscript, viewed by Ghostscript or any other script viewing software
.wpd - Wordperfect
.htm / .html - Web pages, use web browser such as Netscape or Microsoft Explorer
.gz or .zip - zipped file (compressed), use WinZip for example to unzip file
.txt - text file, can use Notepad, Wordpad, Microsoft Word or any other text reader software

800 Series

NOTE: See key at top of page to find out what type of software application to use to open certain file extensions.

SP 800-21 Guideline for Implementing Cryptography in the Federal Government,
November 1999
800-21.pdf (625,914 bytes)
SP 800-20 Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures,
Revised April 2000
800-20.pdf (1,026,682 bytes)
SP 800-19 Mobile Agent Security
October 1999
sp800-19.pdf (137,617 bytes)
SP 800-18 Guide for Developing Security Plans for Information Technology Systems,
December 1998
2 different file formats:
Planguide.doc (552,448 bytes)
Planguide.PDF (314,006 bytes)
Letter from CIO Council Security Committee
CIOmemo.PDF (31,112 bytes)
SP 800-17 Modes of Operation Validation System (MOVS): Requirements and Procedures,
February 1998
800-17.pdf (414,698 bytes)
SP 800-16 Information Technology Security Training Requirements: A Role- and Performance-Based Model (supersedes NIST Spec. Pub. 500-172),
April 1998
broken down into 3 parts:
Part 1 - document: 800-16.pdf (911,907 bytes)
Part 2 - Appendix A-D: AppendixA-D.pdf (127,322 bytes)
Part 3 - Appendix E: Appendix_E.pdf (386,746 bytes)
SP 800-15 Minimum Interoperability Specification for PKI Components (MISPC), Version 1,
January 1998
3 different file formats:
SP800-15.PDF (283,970 bytes)
Note: The Word & Postcript file is going to take you to another page where the file can be viewed.
SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems,
September 1996
3 different file formats:
800-14.ps (491086 bytes)
800-14.wpd (185677 bytes)
800-14.pdf (192326 bytes)
SP 800-13 Telecommunications Security Guidelines for Telecommunications Management Network,
October 1995
800-13.wpd (221968 bytes)
SP 800-12 An Introduction to Computer Security: The NIST Handbook,
October 1995
800-12/HTML pages - goes to first page of document
SP 800-11 The Impact of the FCC's Open Network Architecture on NS/EP Telecommunications Security,
February 1995
2 different file formats:
SP 800-11 html files
SP 800-11.pdf
SP 800-10 Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls,
December 1994
4 different file formats:
800-10/ HTML
800-10.pdf (1,109,869 bytes)
800-10.ps (1,829,642 bytes)
800-10.ps.gz (599,048 bytes)
SP 800-9 Good Security Practices for Electronic Commerce, Including Electronic Data Interchange,
December 1993
All 800-9 files are in Adobe Reader format:
complete document - all 58 pages: 800-9.pdf (7,398,843 bytes)
complete document zipped up - all 58 pages: 800-9.zip (7,325,297 bytes)
document broken down into 4 smaller files:
cover page to page 15: part1.pdf (2,596,477 bytes)
page 16 to page 30: part2.pdf (1,720,015 bytes)
page 31 to page 44: part3.pdf (1,581,418 bytes)
page 45 to page 58: part4.pdf (1,492,389 bytes)
SP 800-8 Security Issues in the Database Language SQL,
August 1993
2 different file formats:
800-8.ps (309,497 bytes)
800-8.txt (102,444 bytes)
SP 800-7 Security in Open Systems,
July 1994
800-7/ HTML
800-7.ps (1,447,678 bytes)
SP 800-6 Automated Tools for Testing Computer System Vulnerability,
December 1992
3 different file formats:
800-6.ps (309,577 bytes)
800-6.txt (67,755 bytes)
800-6ps.zip (93,302 bytes)
SP 800-5 A Guide to the Selection of Anti-Virus Tools and Techniques,
December 1992
5 different file formats:
select/ HTML
select.ps (311,533 bytes)
800-5.ps (403,464 bytes)
800-5.txt (82,314 bytes)
800-5ps.zip (117,761 bytes)
SP 800-4 Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiatiors, Contracting Officers, and Computer Security Officials,
March 1992
800-4.zip (71,086 bytes)
800-4, Executive Summary
sp800-4.txt (213,344 bytes)
SP 800-3 Establishing a Computer Security Incident Response Capability (CSIRC),
November 1991
2 different file formats:
800-3.ps (292,992 bytes)
800-3.pdf (135,084 bytes)
SP 800-2 Public-Key Cryptography,
April 1991
800-2.txt (346,035 bytes)
500 Series

NOTE: See key at top of page to find out what type of software application to use to open certain file extensions.

SP 500-189 Security in ISDN,
September 1991
isdnvp.zip zipped Ventura Publisher (416,171 bytes)
Abstract isdnabs.ps (23,875 bytes)
Cover Page isdncov.ps (48,054 bytes)
Ch. 1, Introduction isdn1.ps (297,761 bytes)
Ch. 2, Security Architecture(s) for Open Systems isdn2.ps (469,003 bytes)
Ch. 3, Discussion of ISDN and Security isdn3.ps (1,138,069 bytes)
Ch. 4, Security Services isdn4.ps (253,188 bytes)
Ch. 5, ISDN Security Protocols and Applications isdn5.ps (986,848 bytes)
Ch. 6, Placement of ISDN Security Services isdn6.ps (123,951 bytes)
Ch. 7, Standards Needed for ISDN Security isdn7.ps (98,778 bytes)
Appendix A, References isdna.ps (74,012 bytes)
Appendix B, Abbreviations and Acronyms isdnb.ps (49,942 bytes)
First Half isdnsec1.zip zipped PostScript (500,134 bytes)
Second Half isdnsec2.zip zipped PostScript (442,814 bytes)
Table of Contents isdntoc.ps (63,331 bytes)
SP 500-174 Guide for Selecting Automated Risk Analysis Tools,
October 1989
sp174.txt (53,691 bytes)
SP 500-172 Computer Security Training Guidelines,
November 1989
No electronic version available at this time.
SP 500-171 Computer Users' Guide to the Protection of Information Resources,
sp500-171.txt (15,703 bytes)
SP 500-170 Management Guide to the Protection of Information Resources,
sp500-170.txt (23,917 bytes)
SP 500-169 Executive Guide to the Protection of Information Resources,
sp500-169.txt (22,980 bytes)
SP 500-166 Computer Viruses and Related Threats: A Management Guide,
August 1989
2 different file formats:
sp500166.ps (307,906 bytes)
sp500166.txt (130,565 bytes)
SP 500-157 Smart Card Technology: New Methods for Computer Access Control,
September 1988
No electronic version available at this time.
SP 500-158 Accuracy, Integrity, and Security in Computerized Vote-Tallying,
August 1988
No electronic version available at this time.
SP 500-156 Message Authentication Code (MAC) Validation System: Requirements and Procedures,
May 1988
No electronic version available at this time.
SP 500-153 Guide to Auditing for Controls and Security: A System Development Life Cycle Approach,
April 1988
No electronic version available at this time.
SP 500-134 Guide on Selecting ADP Backup Process Alternatives,
November 1985
No electronic version available at this time.
SP 500-133 Technology Assessment: Methods for Measuring the Level of Computer Security,
October 1985
No electronic version available at this time.
SP 500-120 Security of Personal Computer Systems - A Management Guide,
January 1985
No electronic version available at this time.
SP 500-61 Maintenance Testing for the Data Encryption Standard,
August 1980
No electronic version available at this time.