Standard for practical sanitization of information storage media decisions based on the level of confidentiality of information.

Guidelines for incident handling, particularly for analyzing incident-related data and determining the appropriate response to each incident.

US federal guidance on managing a continuous supply of log data; managing log generation and storage; protecting the confidentiality, integrity, and availability of logs; and performing effective analysis of log data.

US federal standard for installing, configuring, and maintaining secure servers

This document supports the development, selection, and implementation of measures to be used at the information system and program levels. These measures indicate the effectiveness of security controls applied to information systems and supporting inf ...

US federal guidelines for the development, selection, and implementation to be used at information system and program levels to assess the effectiveness of security controls.

Practical guidance on IT principles and practices to support compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

US federal guideline describing three types of solutions: full disk encryption, volume and virtual disk encryption, and file/folder encryption. Recommendations for implementing and using each type.

Describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them.

A broad overview of information security program elements to assist US federal agency managers in understanding how to establish and implement an information security program.

This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recomm ...

This project supports the US Department of Homeland Security (DHS) Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of sof ...

Guidance on challenges related to integration of information security practices into Web service-based SOA design and development. Practical guidance on standards applicable to Web services and common security threats to SOAs based on Web services.

US federal guidelines for selecting and specifying security controls for information systems.

To encourage a more widespread adoption of interoperable health information technology, The American Recovery and Reinvestment Act of 2009 calls for the Office of the National Coordinator (ONC) for Health IT, in consultation with NIST, to recognize a prog ...

As part of the ongoing initiative to develop a unified information security framework for the federal government and its contractors, NIST has included security controls in its catalog for both national security and non national security systems. The upda ...

The draft Federal Information Processing Standard (FIPS)180-4 is a proposed revision of FIPS 180-3. Draft FIPS 180-4 adds a general procedure for creating an initialization hash value and two additional secure hash algorithms: SHA-512/224 and SHA-512/256, ...

Standard for integrating essential information technology (IT) security steps into an established IT system development life cycle (SDLC).

NIST SP 800-144 provides an overview of the security and privacy challenges for public cloud computing and gives recommendations that organizations should consider when outsourcing data, applications, and infrastructure to a public cloud environment. ...

This document describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program (NCP) to find and retrieve checklists. The publication also describes the policies, procedures, and general requir ...