NIST Special Publications, from: http://csrc.nist.gov/publications/nistpubs/ Key to types of file extensions: .pdf - opened by using Adobe Acrobat Reader .doc - Microsoft Word .ps - Postscript, viewed by Ghostscript or any other script viewing software .wpd - Wordperfect .htm / .html - Web pages, use web browser such as Netscape or Microsoft Explorer .gz or .zip - zipped file (compressed), use WinZip for example to unzip file .txt - text file, can use Notepad, Wordpad, Microsoft Word or any other text reader software 800 Series NOTE: See key at top of page to find out what type of software application to use to open certain file extensions. SP 800-64, Security Considerations in the Information System Development Life Cycle. October, 2003 SP 800-59 Guideline for Identifying an Information System as a National Security System, August 2003 SP 800-55 Security Metrics Guide for Information Technology Systems, July 2003 SP 800-51 Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme, September 2002 SP 800-50, Building an Information Technology Security Awareness and Training Program October, 2003 SP 800-47 Security Guide for Interconnecting Information Technology Systems, September 2002 SP 800-46 Security for Telecommuting and Broadband Communications, September 2002 SP 800-45 Guidelines on Electronic Mail Security, September 2002 SP 800-44 Guidelines on Securing Public Web Servers, September 2002 SP 800-42, Guideline on Network Security Testing October, 2003 SP 800-41 Guidelines on Firewalls and Firewall Policy, January 2002 SP 800-40 Procedures for Handling Security Patches,xi September 2002 SP 800-38A Recommendation for Block Cipher Modes of Operation - Methods and Techniques, December 2001 SP 800-36, Guide to Selecting Information Security Products October, 2003 SP 800-35, Guide to Information Technology Security Services October, 2003 SP 800-34 Contingency Planning Guide for Information Technology Systems, June 2002 SP 800-33 Underlying Technical Models for Information Technology Security, December 2001 SP 800-32 Introduction to Public Key Technology and the Federal PKI Infrastructure, February 2001 SP 800-31 Intrusion Detection Systems (IDS), November 2001 SP 800-30 Risk Management Guide for Information Technology Systems, January 2002 SP 800-29 A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2, June 2001 SP 800-28 Guidelines on Active Content and Mobile Code, October 2001 SP 800-27 Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 SP 800-26 Security Self-Assessment Guide for Information Technology Systems, November 2001 SP 800-25 Federal Agency Use of Public Key Technology for Digital Signatures and Authentication, October 2000 SP 800-24 PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does, August 2000 SP 800-23 Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products, August 2000 SP 800-22 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications, October 2000 SP 800-21 Guideline for Implementing Cryptography in the Federal Government, November 1999 SP 800-20 Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures, Revised April 2000 SP 800-19 Mobile Agent Security October 1999 SP 800-18 Guide for Developing Security Plans for Information Technology Systems, December 1998 SP 800-17 Modes of Operation Validation System (MOVS): Requirements and Procedures, February 1998 SP 800-16 Information Technology Security Training Requirements: A Role- and Performance-Based Model (supersedes NIST Spec. Pub. 500-172), April 1998 SP 800-15 Minimum Interoperability Specification for PKI Components (MISPC), Version 1, January 1998 SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems, September 1996 SP 800-13 Telecommunications Security Guidelines for Telecommunications Management Network, October 1995 SP 800-12 An Introduction to Computer Security: The NIST Handbook, October 1995 SP 800-11 The Impact of the FCC's Open Network Architecture on NS/EP Telecommunications Security, February 1995 SP 800-10 Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls, December 1994 SP 800-9 Good Security Practices for Electronic Commerce, Including Electronic Data Interchange, December 1993 SP 800-8 Security Issues in the Database Language SQL, August 1993 SP 800-7 Security in Open Systems, July 1994 SP 800-6 Automated Tools for Testing Computer System Vulnerability, December 1992 SP 800-5 A Guide to the Selection of Anti-Virus Tools and Techniques, December 1992 SP 800-4 Computer Security Considerations in Federal Procurements: A Guide for Procurement Initiatiors, Contracting Officers, and Computer Security Officials, March 1992 SP 800-3 Establishing a Computer Security Incident Response Capability (CSIRC), November 1991 SP 800-2 Public-Key Cryptography, April 1991 500 Series NOTE: See key at top of page to find out what type of software application to use to open certain file extensions. SP 500-189 Security in ISDN, September 1991 SP 500-174 Guide for Selecting Automated Risk Analysis Tools, October 1989 SP 500-172 Computer Security Training Guidelines, November 1989 SP 500-171 Computer Users' Guide to the Protection of Information Resources, 1989 SP 500-170 Management Guide to the Protection of Information Resources, 1989 SP 500-169 Executive Guide to the Protection of Information Resources, 1989 SP 500-166 Computer Viruses and Related Threats: A Management Guide, August 1989 SP 500-157 Smart Card Technology: New Methods for Computer Access Control, September 1988 SP 500-158 Accuracy, Integrity, and Security in Computerized Vote-Tallying, August 1988 SP 500-156 Message Authentication Code (MAC) Validation System: Requirements and Procedures, May 1988 SP 500-153 Guide to Auditing for Controls and Security: A System Development Life Cycle Approach, April 1988 SP 500-134 Guide on Selecting ADP Backup Process Alternatives, November 1985 SP 500-133 Technology Assessment: Methods for Measuring the Level of Computer Security, October 1985 SP 500-120 Security of Personal Computer Systems - A Management Guide, January 1985 SP 500-61 Maintenance Testing for the Data Encryption Standard, August 1980