Get the ePub FREE this month when you buy a paperback that's in Amazon Matchbook!

We print U.S. govt pubs so you don't have to.

National Institute of Standards and Technology

NIST Special Publications, NISTIR

NIST Special Publications

Yes, you can download any NIST Publication and print it yourself, but who has time for that?  If its a 500 page book it will take hours to print it over the Network, punch holes in the pages and put it in a huge binder.  It's more cost effective to order a copy from Amazon.com.  Many are also available as eBook with bookmarks and hyperlinks to make searching easier and faster. AND, get the eBook FREE when you buy the paperback.  The eBook has Hyperlinks.

To purchase, search by number on Amazon.com

  • NIST AMS 300-4   Guide to Industrial Wireless Systems Deployments Apr-18
  • NIST SP 500-288   Specification for WS-Biometric Devices (WS-BD) Nov-11
  • NIST SP 500-291   NIST Cloud Computing Standards Roadmap Version 2 Jul-13
  • NIST SP 500-292   NIST Cloud Computing Reference Architecture Sep-11
  • NIST SP 500-293   Kindle Complete 3 volumes
  • NIST SP 500-293 V 1&2 US Government Cloud Computing Technology Roadmap Oct-14
  • NIST SP 500-293 V 3     US Government Cloud Computing Technology Roadmap Nov-11
  • NIST SP 500-299  NIST Cloud Computing Security Reference Architecture May-13
  • NIST SP 500-304  Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information Jun-15
  • NIST SP 500-307  Cloud Computing Service Metrics Descriptions Apr-18
  • NIST SP 500-325  Fog Computing Conceptual Model Mar-18
  • NIST SP 800-12 R1    An Introduction to Information Security Jun-17
  • NIST SP 800-16    A Role-Based Model for Federal Information Technology/Cybersecurity Training Mar-14
  • NIST SP 800-18 R1 Developing Security Plans for Federal Information Systems Feb-17
  • NIST SP 800-22 R1 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications Apr-10
  • NIST SP 800-30 Guide for Conducting Risk Assessments Sep-12
  • NIST SP 800-31 Intrusion Detection Systems Nov-01
  • NIST SP 800-32 Public Key Technology and the Federal PKI Infrastructure Feb-06
  • NIST SP 800-34 R1 Contingency Planning Guide for Federal Information Systems May-10
  • NIST SP 800-35 Guide to Information Technology Security Services Oct-03
  • NIST SP 800-36 Guide to Selecting Information Technology Security Products Oct-03
  • NIST SP 800-37 R2 Risk Management Framework for Information Systems and Organizations May-18
  • NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May-05
  • NIST SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping Dec-12
  • NIST SP 800-39 Managing Information Security Risk Mar-11
  • NIST SP 800-40 R 3 Guide to Enterprise Patch Management Technologies Jul-13
  • NIST SP 800-41 Guidelines on Firewalls and Firewall Policy Sep-09
  • NIST SP 800-44 Guidelines on Securing Public Web Servers Sep-07
  • NIST SP 800-45 Ver 2 Guidelines on Electronic Mail Security Feb-07
  • NIST SP 800-46 R 2 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security Jul-16
  • NIST SP 800-47 Security Guide for Interconnecting Information Technology Systems Aug-02
  • NIST SP 800-48  R 1 Guide to Securing Legacy IEEE 802.11 Wireless Networks Jul-08
  • NIST SP 800-49 Federal S/MIME V3 Client Profile Nov-02
  • NIST SP 800-50 Building an Information Technology Security Awareness and Training Program Oct-03
  • NIST SP 800-52 R2 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations Draft Nov-17
  • NIST SP 800-53 R 4 Security and Privacy Controls for Federal Information Systems and Organizations Jan-15
  • NIST SP 800-53 R 5 Security and Privacy Controls for Information Systems and Organizations Aug-17
  • NIST SP 800-53A R 4 Assessing Security and Privacy Controls Dec-14
  • NIST SP 800-54 Border Gateway Protocol Security Jul-07
  • NIST SP 800-56A R2 Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography May-13
  • NIST SP 800-56 (Combined) Recommendation for Key-Establishment Schemes SP 800-56A, 56B & 56C
  • NIST SP 800-56A R3 Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Aug-17
  • NIST SP 800-56B R1 Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography Sep-14
  • NIST SP 800-56C R1 Recommendation for Key-Derivation Methods in Key-Establishment Schemes Aug-17
  • NIST SP 800-57 R4 Part 1: Recommendation for Key Management Jan-16
  • NIST SP 800-57 Pt 2 Part 2: Best Practices for Key Management Organization Nov-18
  • NIST SP 800-58 Security Considerations for Voice Over IP Systems Jan-05
  • NIST SP 800-60  Kindle Complete    
  • NIST SP 800-60 V1 R1 Guide for Mapping Types of Information and Information Systems to Security Categories Aug-08
  • NIST SP 800-60 V2 R1 Appendices for Guide for Mapping Types of Information and Information Systems to Security Categories Aug-08
  • NIST SP 800-61 R2 Computer Security Incident Handling Guide Aug-12
  • NIST SP 800-63-3 Digital Identity Guidelines Jun-17
  • NIST SP 800-63   Kindle Complete    
  • NIST SP 800-63a Digital Identity Guidelines - Enrollment and Identity Proofing Jun-17
  • NIST SP 800-63b Digital Identity Guidelines - Authentication and Lifecycle Management Jun-17
  • NIST SP 800-63c Digital Identity Guidelines - Federation and Assertions Jun-17
  • NIST SP 800-64 R2 Security Considerations in the System Development Life Cycle Oct-08
  • NIST SP 800-66 Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule Oct-08
  • NIST SP 800-67 Recommendation for the Triple Data Encryption Standard (TDEA) Block Cipher Jul-17
  • NIST SP 800-70 R 4 Final National Checklist Program for IT Products – Guidelines for Checklist Users and Developers Feb-18
  • NIST SP 800-71  Recommendation for Key Establishment Using Symmetric Block Ciphers Jun 2018
  • NIST SP 800-72 Guidelines on PDA Forensics Nov-04
  • NIST SP 800-73-4 Interfaces for Personal Identity Verification May-15
  • NIST SP 800-76-2 Biometric Specifications for Personal Identity Verification Jul-13
  • NIST SP 800-77 Guide to IPsec VPNs  Dec-05
  • NIST SP 800-79-2 Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)  Jul-15
  • NIST SP 800-81-2 Secure Domain Name System (DNS) Deployment Guide Sep-13
  • NIST SP 800-82 R2 Guide to Industrial Control Systems (ICS) Security May-15
  • NIST SP 800-83 Guide to Malware Incident Prevention and Handling for Desktops and Laptops Jul-13
  • NIST SP 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities Sep-06
  • NIST SP 800-85A-4 PIV Card Application and Middleware Interface Test Guidelines  Apr-16
  • NIST SP 800-85B-4 PIV Data Model Test Guidelines (Draft) Aug-14
  • NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response Aug-06
  • NIST SP 800-88 R1 Guidelines for Media Sanitization  Dec-14
  • NIST SP 800-90 complete Kindle
  • NIST SP 800-90A R1 Random Number Generation Using Deterministic Random Bit Generators Jun-15
  • NIST SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation Jan-16
  • NIST SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation Jan-18
  • NIST SP 800-90C Recommendation for Random Bit Generator (RBG) Constructions - 2nd Draft Apr-16
  • NIST SP 800-92 Guide to Computer Security Log Management Sep-06
  • NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS) Feb-07
  • NIST SP 800-95 Guide to Secure Web Services Aug-07
  • NIST SP 800-97 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i Feb-07
  • NIST SP 800-98  Guidelines for Securing Radio Frequency Identification (RFID) Systems Apr-07
  • NIST SP 800-101 Guidelines on Mobile Device Forensics May-14
  • NIST SP 800-107 Recommendation for Applications Using Approved Hash Algorithms Aug-12
  • NIST SP 800-111 Guide to Storage Encryption Technologies for End User Devices Nov-07
  • NIST SP 800-113 Guide to SSL VPNs Jul-08
  • NIST SP 800-114 User's Guide to Telework and Bring Your Own Device (BYOD) Security  Jul-16
  • NIST SP 800-115 Technical Guide to Information Security Testing and Assessment Sep-08
  • NIST SP 800-116 R1 A Recommendation for the Use of PIV Credentials in PACS Jun 18
  • NIST SP 800-119 Guidelines for the Secure Deployment of IPv6 Dec-10
  • NIST SP 800-120 Recommendation for EAP Methods Used in Wireless Network Access Authentication Sep-08
  • NIST SP 800-121 Guide to Bluetooth Security   May-17
  • NIST SP 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information Apr-10
  • NIST SP 800-123 Guide to General Server Security Jul-08
  • NIST SP 800-124 R1 Managing the Security of Mobile Devices in the Enterprise Jun-13
  • NIST SP 800-125A Security Recommendations for Hypervisor Deployment on Servers Jun-18
  • NIST SP 800-125A R1 Security Recommendations for Server-based Hypervisor Platforms Draft Apr-18
  • NIST SP 800-125 (+ 125B) Secure Virtual Network Configuration for Virtual Machine (VM) Protection Mar-16
  • NIST SP 800-126 R3 Technical Specification for the Security Content Automation Protocol (SCAP) Jul-16
  • NIST SP 800-126 R3 & 126A Technical Specification for the Security Content Automation Protocol (SCAP) Feb-18
  • NIST SP 800-127 Guide to Securing WiMAX Wireless Communications Sep-10
  • NIST SP 800-128 Guide for Security-Focused Configuration Management of Information Systems Aug-11
  • NIST SP 800-130 A Framework for Designing Cryptographic Key Management Systems Aug-13
  • NIST SP 800-131 Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths Nov-15
  • NIST SP 800-133 Recommendation for Cryptographic Key Generation Dec-12
  • NIST SP 800-137 Information Security Continuous Monitoring (ISCM) Sep-12
  • NIST SP 800-142 Practical Combinatorial Testing Oct-10
  • NIST SP 800-144 Guidelines on Security and Privacy in Public Cloud Computing Dec-11
  • NIST SP 800-146 Cloud Computing Synopsis and Recommendations May-12
  • NIST SP 800-147 & 155 BIOS Protection Guidelines & BIOS Integrity measurement Guidelines Apr-11
  • NIST SP 800-150 Guide to Cyber Threat Information Sharing  Oct-16
  • NIST SP 800-152 A Profile for U.S. Federal Cryptographic Key Management Systems Oct-15
  • NIST SP 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs) Feb-12
  • NIST SP 800-154 Guide to Data-Centric System Threat Modeling Mar-16
  • NIST SP 800-155 BIOS Integrity Measurement Guidelines  Dec-11
  • NIST SP 800-156 Representation of PIV Chain-of-Trust for Import and Export May-16
  • NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials Dec-14
  •  NIST SP 800-158 Key Management: The Search resistance of Bit Strings Output by Cryptographic Algorithms NOT RELEASED YET
  • NIST SP 800-160 V 1 Systems Security Engineering - Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems Mar-18
  • NIST SP 800-160 V 2 Systems Security Engineering - Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems Mar-18
  • NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations Apr-15
  • NIST SP 800-162 Guide to Attribute Based Access Control (ABAC) Definition and Considerations Jan-14
  • NIST SP 800-163 Vetting the Security of Mobile Applications Jul-2018
  • NIST SP 800-164 Guidelines on Hardware-Rooted Security in Mobile Devices (Draft) Oct-12
  • NIST SP 800-166 Derived PIV Application and Data Model Test Guidelines Jun-16
  • NIST SP 800-167 Guide to Application Whitelisting NIST SP 800-167 Oct-14
  • NIST SP 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems Jun 18
  • NIST SP 800-171 R1 Errata Protecting Controlled Unclassified Information in Nonfederal Systems Nov-17
  • NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information Jun 18
  • NIST SP 800-175 (A & B) Guideline for Using Cryptographic Standards in the Federal Government Aug-16
  • NIST SP 800-177   Trustworthy Email Sep-16
  • NIST SP 800-177 R1 Trustworthy Email (DRAFT 1) Sep-17
  • NIST SP 800-177 R1 Trustworthy Email (DRAFT 2nd) Dec-17
  • NIST SP 800-178 Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications Oct-16
  • NIST SP 800-179 Guide to Securing Apple OS X 10.10 Systems for IT Professional Dec-16
  • NIST SP 800-181 DRAFT NICE Cybersecurity Workforce Framework (NCWF): National Initiative for Cybersecurity Education Nov-16
  • NIST SP 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework Aug-17
  • NIST SP 800-183 Networks of 'Things'  Jan-16
  • NIST SP 800-184   Guide for Cybersecurity Event Recovery Dec-16
  • NIST SP 800-187 Guide to LTE Security Jan-18
  • NIST SP 800-188 De-Identifying Government Datasets - (2nd DRAFT) Dec-16
  • NIST SP 800-190   Application Container Security Guide Sep-17
  • NIST SP 800-191   The NIST Definition of Fog Computing Aug-17
  • NIST SP 800-192   Verification and Test Methods for Access Control Policies/Models Jun-17
  • NIST SP 800-193 Platform Firmware Resiliency Guidelines   May-18
  • NIST SP 800-202 Quick Start Guide for Populating Mobile Test Devices Mar-18
  • NIST SP 1191     Smart Fire Fighting Jun-15
  • NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices    Jul-18
  • NIST SP 1800-2    Kindle
  • NIST SP 1800-2 Book 1 Identity and Access Management for Electric Utilities 1800-2a & 1800-2b Jul 2018 
  • NIST SP 1800-2 Book 2 Identity and Access Management for Electric Utilities 1800-2c Jul 2018
  • NIST 1800-3 Kindle Complete
  • NIST 1800-3 Book 1 Attribute Based Access Control NIST 1800-3a+b Sep-17
  • NIST 1800-3 Book 2 Attribute Based Access Control 1800-3c Chap 1 - 5 Sep-17
  • NIST 1800-3 Book 3 Attribute Based Access Control 1800-3c Chap 6 - 10 Sep-17
  • NIST SP 1800-4 Kindle Complete
  • NIST SP 1800-4a & b Mobile Device Security: Cloud and Hybrid Builds Nov-15
  • NIST SP 1800-4c Mobile Device Security: Cloud and Hybrid Builds Nov-15
  • NIST SP 1800-5 IT Asset Management: Financial Services Jun- 18
  • NIST SP 1800-6 Domain Name System-Based Electronic Mail Security Jan-18
  • NIST SP 1800-7   Situational Awareness for Electric Utilities Feb-17
  • NIST SP 1800-8 Securing Wireless Infusion Pumps Aug-18
  • NIST SP 1800-9 Kindle Complete
  • NIST SP 1800-9a & b Access Rights Management for the Financial Services Sector - Executive Summary - Approach, Architecture, and Security Characteristics Aug-17
  • NIST SP 1800-9c Access Rights Management for the Financial Services Sector - How To Guide Aug-17
  • NIST SP 1800-11 Kindle Complete
  • NIST SP 1800-11a & b Data Integrity Recovering from Ransomware and Other Destructive Events Sep-17
  • NIST SP 1800-11c Data Integrity Recovering from Ransomware and Other Destructive Events - How To Guide Sep-17
  • NIST SP 1800-12 Derived Personal Identity Verification (PIV) Credentials Aug-18
  • NIST SP 1800-13 Mobile Application Single Sign-On Apr-18
  • NIST SP 1800-14 Protecting the Integrity of Internet Routing Aug-18
  • NIST SP 1800-17 Multifactor Authentication for E-Commerce Aug-18
  • NIST SP 1800-18   Privileged Account Management for the Financial Services Sector Sept 2018
  • NIST SP 1800-19  Trusted Cloud, Nov 2018
  • NISTIR 7298 R2 Glossary of Key Information Security Terms May-13
  • NISTIR 7316 Assessment of Access Control Systems Sep-06
  • NISTIR 7497 Security Architecture Design Process for Health Information Exchanges (HIEs) Sep-10
  • NISTIR 7511 R 5 Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements Apr 18
  • NISTIR 7628 Kindle Complete
  • NISTIR 7628 R1 Vol 1 Guidelines for Smart Grid Cybersecurity - Architecture, and High-Level Requirements Sep-14
  • NISTIR 7628 R1 Vol 2 Guidelines for Smart Grid Cybersecurity - Sep-14
  • NISTIR 7628 R1 Vol 3 Guidelines for Smart Grid Cybersecurity - Supportive Analyses and References Sep-14
  • NISTIR 7756 CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Refer Jan-12
  • NISTIR 7788 Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs Aug-11
  • NISTIR 7823 Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework Mar-15
  • NISTIR 7874 Guidelines for Access Control System Evaluation Metrics Sep-12
  • NISTIR 7904 Trusted Geolocation in the Cloud: Proof of Concept Implementation Dec-15
  • NISTIR 7924 Reference Certificate Policy May-14
  • NISTIR 7966 Security of Interactive and Automated Access Management Using Secure Shell (SSH) Oct-15
  • NISTIR 7977 NIST Cryptographic Standards and Guidelines Development Process Mar-16
  • NISTIR 7987 Policy Machine: Features, Architecture, and Specification Oct-15
  • NISTIR 8006 NIST Cloud Computing Forensic Science Challenges Jun-14
  • NISTIR 8011 Kindle Complete 
  • NISTIR 8011 Vol 1 Automation Support for Security Control Assessments Vol 1 Jun-17
  • NISTIR 8011 Vol 2 Automation Support for Security Control Assessments Vol 2 Jun-17
  • NISTIR 8011 Vol 3 Automation Support for Security Control Assessments: Software Asset Management Vol 3 Draft Apr-18
  • NISTIR 8040 Measuring the Usability and Security of Permuted Passwords on Mobile Platforms Apr-16
  • NISTIR 8053 De-Identification of Personal Information Oct-15
  • NISTIR 8054 NSTIC Pilots: Catalyzing the Identity Ecosystem Apr-15
  • NISTIR 8055 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research Jan-16
  • NISTIR 8060 Guidelines for the Creation of Interoperable Software Identification (SWID) Tags Apr-16
  • NISTIR 8062 Introduction to Privacy Engineering and Risk Management in Federal Systems Jan-17
  • NISTIR 8074 V1 & V2 Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity Dec-15
  • NISTIR 8080 Usability and Security Considerations for Public Safety Mobile Authentication Jul-16
  • NISTIR 8089 An Industrial Control System Cybersecurity Performance Testbed Nov-15
  • NISTIR 8101 A Rational Foundation for Software Metrology Jan-16
  • NISTIR 8105 Report on Post-Quantum Cryptography Apr-16
  • NISTIR 8112 Attribute Metadata - Draft Aug-16
  • NISTIR 8112 Attribute Metadata Jan-18
  • NISTIR 8114 Report on Lightweight Cryptography Mar-17
  • NISTIR 8135 Identifying and Categorizing Data Types for Public Safety Mobile Applications: May-16
  • NISTIR 8138 Vulnerability Description Ontology (VDO) Sep-16
  • NISTIR 8139 Identifying Uniformity with Entropy and Divergence Feb-17
  • NISTIR 8144 Assessing Threats to Mobile Devices & Infrastructure Sep-16
  • NISTIR 8149 Developing Trust Frameworks to Support Identity Federations Jan-18
  • NISTIR 8151 Dramatically Reducing Software Vulnerabilities Nov-16
  • NISTIR 8170 The Cybersecurity Framework May-17
  • NISTIR 8176 Security Assurance Requirements for Linux Application Container Deployments SUPERCEDED Aug-17
  • NISTIR 8176 Security Assurance Requirements for Linux Application Container Oct-17
  • NISTIR 8179 Criticality Analysis Process Model Apr 18
  • NISTIR 8183 Cybersecurity Framework Manufacturing Profile Sep-17
  • NISTIR 8188 Key Performance Indicators for Process Control System Cybersecurity Performance Analysis Aug-17
  • NISTIR 8192 Enhancing Resilience of the Internet and Communications Ecosystem Sep-17
  • NISTIR 8193 National Initiative for Cybersecurity Education (NICE) Framework Work Role Capability Indicators Nov-17
  • NISTIR 8202 Blockchain Technology Overview - NISTIR 8202 Jan-18
  • Whitepaper Cybersecurity Framework Manufacturing Profile Mar-17
  • NISTIR 8214 Threshold Schemes for Cryptographic Primitives Jul 2018
  • Whitepaper NIST Framework for Improving Critical Infrastructure Cybersecurity - Draft 1 Jan-17
  • Whitepaper NIST Framework for Improving Critical Infrastructure Cybersecurity - Draft 2 Dec-17
  • update
  • Whitepaper Challenging Security Requirements for US Government Cloud Computing Adoption Nov-12
  • Whitepaper Secure Inter-Domain Routing Jul-17
  • FIPS PUBS Federal Information Processing Standards Publications   140-2 (2001); 180-4 (2015); 186-2 (2013); 199 (2004); 200 (2006) 2001 to 2015
  • FIPS PUB 140-2 Security Requirements for Cryptographic Modules Dec-02
  • FIPS PUB 140-2 DTR Derived Test Requirements for FIPS PUB 140-2 Jan-11
  • FIPS PUB 140-2 IG Implementation Guidance for FIPS PUB 140-2 Sep-17
  • FIPS PUB 180-4 Kindle Aug-15
  • FIPS PUB 186-4 Digital Signature Standard (DSS) Jul-13
  • FIPS PUB 197, 198, 199 Advanced Encryption Standard (AES), The Keyed-Hash Message Authentication Code (HMAC), Standards for Security Categorization of Federal Information and Information Systems
  • FIPS PUB 200, 201, 202
  • FIPS PUB 200 Minimum Security Requirements for Federal Information and Information Systems Mar-06
  • FIPS PUB 201 Personal Identity Verification (PIV) of Federal Employees and Contractors Aug-13
  • FIPS PUB 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions Aug-15