National Institute of Standards and Technology (NIST) Standards

National Institute of Standards and Technology (NIST) Standards

SP Documents

• Lowest to highest
• Highest to lowest

Important SP Documents

• SP 800-12 Rev. 1: An Introduction to Computer Security: The NIST Handbook
  June 2017 | Page | PDF

• SP 800-14: Generally Accepted Principles and Practices for Security IT Systems
  September 1996 | Page | PDF

• SP 800-53 Rev. 4: Security and Privacy Controls for Federal Information Systems and Organizations
  April 2013 | Page | PDF

• SP 800-30 Rev. 1: Guide for Conducting Risk Assessments
  September 2012 | Page | PDF

• SP 800-37 Rev. 1: Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach
  February 2010 | Page | PDF

• SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View
  March 2011 | Page | PDF

• SP 800-18 Rev. 1: Guide for Developing Security Plans for Federal Information Systems
  February 2006 | Page | PDF

• SP 800-27 Rev. A: Engineering Principles for Information Technology Security
  June 2004 | Page | PDF

• SP 800-160 Vol. 1: Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
  November 2016 | Page | PDF

• SP 800-30 Rev. 1: Guide for Conducting Risk Assessments
  September 2012 | Page | PDF | EPUB

• SP 800-61 Rev. 2: Computer Security Incident Handling Guide
  August 2012 | Page | PDF

• SP 800-64 Rev. 2: Security Considerations in the Information Systems Development Life Cycle October 2008 | Page | PDF

• SP 800-100: Information Security Handbook: A Guide for Managers
  October 2006 | Page | PDF

Federal Information Processing (FIPS) standards

• FIPS 140: Security Requirement for Cryptographic Modules
  Page | PDF

• FIPS 186: Digital Signature Standard
  Page | PDF

• FIPS 197: Advanced Encryption Standard
  Page | PDF

• FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors
  Page | PDF

ISO Standards

• ISO/IEC 15408 – Evaluating Criteria for IT Security (Common Criteria)
  • ISO/IEC 15408-1:2005
  • ISO/IEC 15408-2:2008
  • ISO/IEC 15408-3:2008
• ISO/IEC 21827:2008 – Systems Security Engineering Capability Maturity Model® (SSE-CMM®)
• ISO/IEC 25000:2005 – Software Engineering Product Quality
• ISO/IEC 27000:2009 – Information Security Management System (ISMS) Overview and Vocabulary
• ISO/IEC 27001:2005 – Information Security Management Systems Requirements
• ISO/IEC 27002:2005/Cor1:2007 – Code of Practice for Information Security Management
• ISO/IEC 27005:2008 - Information Security Risk Management
• ISO/IEC 27006:2007 – Requirements for Bodies Providing Audit and Certification of Information Security Management Systems
• ISO 28000:2007 - Specification for security management systems for the supply chain

PCI Standards

• Payment Card Industry Data Security Standard (PCI DSS)
• Payment Application Data Security Standard (PA-DSS)

Organization for the Advancement of Structured Information Standards (OASIS)

• Application Vulnerability Description Language (AVDL)
• Security Assertion Markup Language (SAML)
• eXtensible Access Control Markup Language (XACML)
• Key Management Interoperability Protocol (KMIP) Specification
• Universal Description, Discovery and Integration (UDDI)
• Web Services (WS-*) Security