Resources

  • 32 CFR 2002 Code of Federal Regulations, Title 32, *Controlled Unclassified Information* (32 C.F.R. 2002).
    91f992fb-f668-4c91-a50f-0f05b95ccee3
  • 41 CFR 201 "Federal Acquisition Supply Chain Security Act; Rule," 85 Federal Register 54263 (September 1, 2020), pp 54263-54271.
    0f963c17-ab5a-432a-a867-91eac550309b
  • 5 CFR 731 Code of Federal Regulations, Title 5, *Administrative Personnel* , Section 731.106, *Designation of Public Trust Positions and Investigative Requirements* (5 C.F.R. 731.106).
    a5ef5e56-5c1a-4911-b419-37dddc1b3581
  • ATOM54 Atomic Energy Act (P.L. 83-703), August 1954.
    d3b71d4d-27c1-40f7-ad7f-1c1fe6d8bde8
  • CMPPA Computer Matching and Privacy Protection Act of 1988 (P.L. 100-503), October 1988.
    94c64e1a-456c-457f-86da-83ac0dfc85ac
  • CNSSD 505 Committee on National Security Systems Directive No. 505, *Supply Chain Risk Management (SCRM)* , August 2017.
    031cc4b7-9adf-4835-98f1-f1ca493519cf
  • CNSSI 1253 Committee on National Security Systems Instruction No. 1253, *Security Categorization and Control Selection for National Security Systems* , March 2014.
    4e4fbc93-333d-45e6-a875-de36b878b6b9
  • CNSSI 4009 Committee on National Security Systems Instruction No. 4009, *Committee on National Security Systems (CNSS) Glossary* , April 2015.
    6f63a36d-24bb-44f3-885a-5a50b5e1ada0
  • CNSSP 22 Committee on National Security Systems Policy No. 22, *Cybersecurity Risk Management Policy* , August 2016.
    8a687894-cdab-423d-b95b-8d9475e4b51e
  • DHS NIPP Department of Homeland Security, *National Infrastructure Protection Plan (NIPP)* , 2009.
    b9951d04-6385-478c-b1a3-ab68c19d9041
  • DHS TIC Department of Homeland Security, *Trusted Internet Connections (TIC)*.
    4f42ee6e-86cc-403b-a51f-76c2b4f81b54
  • DOD STIG Defense Information Systems Agency, *Security Technical Implementation Guides (STIG)*.
    aa66e14f-e7cb-4a37-99d2-07578dfd4608
  • DODI 8510.01 Department of Defense Instruction 8510.01, *Risk Management Framework (RMF) for DoD Information Technology (IT)* , March 2014.
    d6f8ff7f-4b71-47ba-b61b-a5ee3ffd3af0
  • DODTERMS Department of Defense, *Dictionary of Military and Associated Terms*.
    1c861e8c-cb40-463e-9cf2-693554107693
  • DSB 2017 Department of Defense, Defense Science Board, *Task Force on Cyber Deterrence* , February 2017.
    00db708b-4704-4fcb-b854-b66d1d756a58
  • EGOV E-Government Act [includes FISMA] (P.L. 107-347), December 2002.
    7b0b9634-741a-4335-b6fa-161228c3a76e
  • EO 13526 Executive Order 13526, *Classified National Security Information* , December 2009.
    55b0c93a-5e48-457a-baa6-5ce81c239c49
  • EO 13556 Executive Order 13556, *Controlled Unclassified Information* , November 2010.
    34a5571f-e252-4309-a8a1-2fdb2faefbcd
  • EO 13587 Executive Order 13587, *Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information* , October 2011.
    0af071a6-cf8e-48ee-8c82-fe91efa20f94
  • EO 13636 Executive Order 13636, *Improving Critical Infrastructure Cybersecurity* , February 2013.
    3406fdc0-d61c-44a9-a5ca-84180544c83a
  • EO 13800 Executive Order 13800, *Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure* , May 2017.
    09afa3a7-e564-4c5f-865f-2679049563b0
  • EO 13873 Executive Order 13873, *Executive Order on Securing the Information and Communications Technology and Services Supply Chain* , May 2019.
    21caa535-1154-4369-ba7b-32c309fee0f7
  • EVIDACT Foundations for Evidence-Based Policymaking Act of 2018 (P.L. 115-435), January 2019.
    511da9ca-604d-43f7-be41-b862085420a9
  • FASC18 Secure Technology Act [includes Federal Acquisition Supply Chain Security Act] (P.L. 115-390), December 2018.
    4ff10ed3-d8fe-4246-99e3-443045e27482
  • FED PKI General Services Administration, *Federal Public Key Infrastructure*.
    a1555677-2b9d-4868-a97b-a1363aff32f5
  • FIPS 140-3 National Institute of Standards and Technology (2019) Security Requirements for Cryptographic Modules. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 140-3.
    678e3d6c-150b-4393-aec5-6e3481eb1e00
  • FIPS 180-4 National Institute of Standards and Technology (2015) Secure Hash Standard (SHS). (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 180-4.
    eea3c092-42ed-4382-a6f4-1adadef01b9d
  • FIPS 186-4 National Institute of Standards and Technology (2013) Digital Signature Standard (DSS). (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 186-4.
    7c37a38d-21d7-40d8-bc3d-b5e27eac17e1
  • FIPS 196 National Institute of Standards and Technology (1997) Standards for Security Categorization of Federal Information and Information Systems. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 196.
    ff989cdc-649d-4f45-8f61-9309c9680933
  • FIPS 197 National Institute of Standards and Technology (2001) Advanced Encryption Standard (AES). (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 197.
    736d6310-e403-4b57-a79d-9967970c66d7
  • FIPS 198-1 National Institute of Standards and Technology (2008) Standards for Security Categorization of Federal Information and Information Systems. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 198-1.
    e9d6c5f2-b3aa-4a28-8bea-a0135718d453
  • FIPS 199 National Institute of Standards and Technology (2004) Standards for Security Categorization of Federal Information and Information Systems. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 199.
    628d22a1-6a11-4784-bc59-5cd9497b5445
  • FIPS 200 National Institute of Standards and Technology (2006) Minimum Security Requirements for Federal Information and Information Systems. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 200.
    599fb53d-5041-444e-a7fe-640d6d30ad05
  • FIPS 201-2 National Institute of Standards and Technology (2013) Personal Identity Verification (PIV) of Federal Employees and Contractors. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 201-2.
    7ba1d91c-3934-4d5a-8532-b32f864ad34c
  • FIPS 202 National Institute of Standards and Technology (2015) SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 202.
    a295ca19-8c75-4b4c-8800-98024732e181
  • FISMA IMP Federal Information Security Modernization Act (FISMA) Implementation Project.
    d68867c0-2f21-4193-bef8-300f3270db56
  • FISMA Federal Information Security Modernization Act (P.L. 113-283), December 2014.
    0c67b2a9-bede-43d2-b86d-5f35b8be36e9
  • FOIA96 Freedom of Information Act (FOIA), 5 U.S.C. § 552, As Amended By Public Law No. 104-231, 110 Stat. 3048, Electronic Freedom of Information Act Amendments of 1996.
    d9b1262c-9ee6-4c3e-846f-3a15f9d7eaa6
  • HSPD 12 Homeland Security Presidential Directive 12, Policy for a Common Identification Standard for Federal Employees and Contractors, August 2004.
    f16e438e-7114-4144-bfe2-2dfcad8cb2d0
  • HSPD 7 Homeland Security Presidential Directive 7, *Critical Infrastructure Identification, Prioritization, and Protection* , December 2003.
    488d6934-00b2-4252-bf23-1b3c2d71eb13
  • IETF 4949 Internet Engineering Task Force (IETF), Request for Comments: 4949, *Internet Security Glossary, Version 2* , August 2007.
    7623635e-1a92-4250-a829-4a5c8a4da2bc
  • IETF 5905 Internet Engineering Task Force (IETF), Request for Comments: 5905, *Network Time Protocol Version 4: Protocol and Algorithms Specification* , June 2010.
    e4d37285-1e79-4029-8b6a-42df39cace30
  • IR 7539 Cooper DA, MacGregor WI (2008) Symmetric Key Injection onto Smart Cards. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7539.
    15dc76ff-b17a-4eeb-8948-8ea8de3ccc2c
  • IR 7559 Singhal A, Gunestas M, Wijesekera D (2010) Forensics Web Services (FWS). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7559.
    2be7b163-e50a-435c-8906-f1162f2a457a
  • IR 7622 Boyens JM, Paulsen C, Bartol N, Shankles S, Moorthy R (2012) Notional Supply Chain Risk Management Practices for Federal Information Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7622.
    e24b06cc-9129-4998-a76a-65c3d7a576ba
  • IR 7676 Cooper DA (2010) Maintaining and Using Key History on Personal Identity Verification (PIV) Cards. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7676.
    4b38e961-1125-4a5b-aa35-1d6c02846dad
  • IR 7788 Singhal A, Ou X (2011) Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7788.
    aa5d04e0-6090-4e17-84d4-b9963d55fc2c
  • IR 7817 Ferraiolo H (2012) A Credential Reliability and Revocation Model for Federated Identities. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7817.
    91701292-8bcd-4d2e-a5bd-59ab61e34b3c
  • IR 7849 Chandramouli R (2014) A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7849.
    4f5f51ac-2b8d-4b90-a3c7-46f56e967617
  • IR 7870 Cooper DA (2012) NIST Test Personal Identity Verification (PIV) Cards. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7870.
    604774da-9e1d-48eb-9c62-4e959dc80737
  • IR 7874 Hu VC, Scarfone KA (2012) Guidelines for Access Control System Evaluation Metrics. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7874.
    7f473f21-fdbf-4a6c-81a1-0ab95919609d
  • IR 7956 Chandramouli R, Iorga M, Chokhani S (2013) Cryptographic Key Management Issues & Challenges in Cloud Services. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7956.
    849b2358-683f-4d97-b111-1cc3d522ded5
  • IR 7966 Ylonen T, Turner P, Scarfone KA, Souppaya MP (2015) Security of Interactive and Automated Access Management Using Secure Shell (SSH). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 7966.
    3915a084-b87b-4f02-83d4-c369e746292f
  • IR 8011-1 Dempsey KL, Eavy P, Moore G (2017) Automation Support for Security Control Assessments: Volume 1: Overview. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8011, Volume 1.
    bbac9fc2-df5b-4f2d-bf99-90d0ade45349
  • IR 8011-2 Dempsey KL, Eavy P, Moore G (2017) Automation Support for Security Control Assessments: Volume 2: Hardware Asset Management. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8011, Volume 2.
    70402863-5078-43af-9a6c-e11b0f3ec370
  • IR 8011-3 Dempsey KL, Eavy P, Goren N, Moore G (2018) Automation Support for Security Control Assessments: Volume 3: Software Asset Management. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8011, Volume 3.
    996241f8-f692-42d5-91f1-ce8b752e39e6
  • IR 8011-4 Dempsey KL, Takamura E, Eavy P, Moore G (2020) Automation Support for Security Control Assessments: Volume 4: Software Vulnerability Management. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8011, Volume 4.
    d2ebec9b-f868-4ee1-a2bd-0b2282aed248
  • IR 8023 Dempsey KL, Paulsen C (2015) Risk Management for Replication Devices. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8023.
    4c501da5-9d79-4cb6-ba80-97260e1ce327
  • IR 8040 Greene KK, Kelsey JM, Franklin JM (2016) Measuring the Usability and Security of Permuted Passwords on Mobile Platforms. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8040.
    81aeb0a3-d0ee-4e44-b842-6bf28d2bd7f5
  • IR 8062 Brooks S, Garcia M, Lefkovitz N, Lightman S, Nadeau E (2017) An Introduction to Privacy Engineering and Risk Management in Federal Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8062.
    98d415ca-7281-4064-9931-0c366637e324
  • IR 8112 Grassi P, Lefkovitz N, Nadeau E, Galluzzo R, Dinh, A (2018) Attribute Metadata: A Proposed Schema for Evaluating Federated Attributes. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8112.
    a2590922-82f3-4277-83c0-ca5bee06dba4
  • IR 8179 Paulsen C, Boyens JM, Bartol N, Winkler K (2018) Criticality Analysis Process Model: Prioritizing Systems and Components. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8179.
    d4296805-2dca-4c63-a95f-eeccaa826aec
  • IR 8272 Paulsen C, Winkler K, Boyens JM, Ng J, Gimbi J (2020) Impact Analysis Tool for Interdependent Cyber Supply Chain Risks. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8272.
    38ff38f0-1366-4f50-a4c9-26a39aacee16
  • ISO 15026-1 International Organization for Standardization/International Electrotechnical Commission/Institute of Electrical and Electronics Engineers (ISO/IEC/IEEE) 15026-1:2019, *Systems and software engineering — Systems and software assurance — Part 1: Concepts and vocabulary* , March 2019.
    0c559766-0df1-468f-a499-3577bb6dfa46
  • ISO 15288 International Organization for Standardization/International Electrotechnical Commission/Institute of Electrical and Electronics Engineers (ISO/IEC/IEEE) 15288:2015, *Systems and software engineering —Systems life cycle processes* , May 2015.
    7d8ec7b7-dba0-4a17-981c-c959dbcc6c68
  • ISO 15408-1 International Organization for Standardization/International Electrotechnical Commission 15408-1:2009, *Information technology —Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model* , April 2017.
    6afc1b04-c9d6-4023-adbc-f8fbe33a3c73
  • ISO 15408-2 International Organization for Standardization/International Electrotechnical Commission 15408-2:2008, *Information technology —Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements* , April 2017.
    87087451-2af5-43d4-88c1-d66ad850f614
  • ISO 15408-3 International Organization for Standardization/International Electrotechnical Commission 15408-3:2008, *Information technology—Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements* , April 2017.
    4452efc0-e79e-47b8-aa30-b54f3ef61c2f
  • ISO 20243 International Organization for Standardization/International Electrotechnical Commission 20243-1:2018, *Information technology — Open Trusted Technology Provider™ Standard (O-TTPS) — Mitigating maliciously tainted and counterfeit products — Part 1: Requirements and recommendations* , February 2018.
    15a95e24-65b6-4686-bc18-90855a10457d
  • ISO 25237 International Organization for Standardization/International Electrotechnical Commission 25237:2017, *Health informatics —Pseudonymization* , January 2017.
    c22d2905-4087-4397-b574-c534b9e808c8
  • ISO 27036 International Organization for Standardization/International Electrotechnical Commission 27036-1:2014, *Information technology—Security techniques—Information security for supplier relationships, Part 1: Overview and concepts* , April 2014.
    863caf2a-978a-4260-9e8d-4a8929bce40c
  • ISO 29100 International Organization for Standardization/International Electrotechnical Commission 29100:2011, *Information technology—Security techniques—Privacy framework* , December 2011.
    094ad8c9-960f-4091-acff-8c99a390f08d
  • ISO 29147 International Organization for Standardization/International Electrotechnical Commission 29147:2018, *Information technology—Security techniques—Vulnerability disclosure* , October 2018.
    8df72805-2e5c-4731-a73e-81db0f0318d0
  • ISO 29148 International Organization for Standardization/International Electrotechnical Commission/Institute of Electrical and Electronics Engineers (ISO/IEC/IEEE) 29148:2018, *Systems and software engineering—Life cycle processes—Requirements engineering* , November 2018.
    06ce9216-bd54-4054-a422-94f358b50a5d
  • LAMPSON73 B. W. Lampson, *A Note on the Confinement Problem* , Communications of the ACM 16, 10, pp. 613-615, October 1973.
    d1cdab13-4218-400d-91a9-c3818dfa5ec8
  • NARA CUI National Archives and Records Administration, Controlled Unclassified Information (CUI) Registry.
    c28ae9a8-1121-42a9-a85e-00cfcc9b9a94
  • NCPR National Institute of Standards and Technology (2020) *National Checklist Program Repository* . Available at
    d744d9a3-73eb-4085-b9ff-79e82e9e2d6e
  • NEUM04 *Principled Assuredly Trustworthy Composable Architectures* , P. Neumann, CDRL A001 Final Report, SRI International, December 2004.
    aea5026f-e5c5-4256-8293-ffcdc487bcd5
  • NIAP CCEVS National Information Assurance Partnership, *Common Criteria Evaluation and Validation Scheme*.
    795aff72-3e6c-4b6b-a80a-b14d84b7f544
  • NIST CAVP National Institute of Standards and Technology (2020) *Cryptographic Algorithm Validation Program* . Available at
    84dc1b0c-acb7-4269-84c4-00dbabacd78c
  • NIST CMVP National Institute of Standards and Technology (2020) *Cryptographic Module Validation Program* . Available at
    1acdc775-aafb-4d11-9341-dc6a822e9d38
  • NIST CSF National Institute of Standards and Technology (2018) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. (National Institute of Standards and Technology, Gaithersburg, MD).
    a806de34-70a2-4239-8030-4ab286acc7b8
  • NIST PF National Institute of Standards and Technology (2020) Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management, Version 1.0. (National Institute of Standards and Technology, Gaithersburg, MD).
    956dcbb3-8109-4b6a-9058-ff0b909ec812
  • NITP12 Presidential Memorandum for the Heads of Executive Departments and Agencies, *National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs* , November 2012.
    528135e3-c65b-461a-93d3-46513610f792
  • NSA CSFC National Security Agency, *Commercial Solutions for Classified Program (CSfC)*.
    3d575737-98cb-459d-b41c-d7e82b73ad78
  • NSA MEDIA National Security Agency, *Media Destruction Guidance*.
    df9f87e9-71e7-4c74-9ac3-3cabd4e92f21
  • NVD 800-53 National Institute of Standards and Technology (2020) *National Vulnerability Database: NIST Special Publication 800-53 [database of controls].* Available at
    782a8c6d-39a4-45df-a6db-ad0b9226fa38
  • ODNI CTF Office of the Director of National Intelligence (ODNI) Cyber Threat Framework.
    89f2a08d-fc49-46d0-856e-bf974c9b1573
  • ODNI NITP Office of the Director National Intelligence, *National Insider Threat Policy*
    06d74ea9-2178-449c-a9c5-b2980f804ac8
  • OMB A-108 Office of Management and Budget Memorandum Circular A-108, *Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act* , December 2016.
    3671ff20-c17c-44d6-8a88-7de203fa74aa
  • OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
    27847491-5ce1-4f6a-a1e4-9e483782f0ef
  • OMB M-03-22 Office of Management and Budget Memorandum M-03-22, *OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002* , September 2003. [https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2003/m03_22.pdf](https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2003/m03_22.pdf)
    d229ae60-51dd-4d7b-a8bf-1f7195cc7561
  • OMB M-08-05 Office of Management and Budget Memorandum M-08-05, *Implementation of Trusted Internet Connections (TIC)* , November 2007.
    047b041a-b4b0-4537-ab2d-2b36283eeda0
  • OMB M-17-06 Office of Management and Budget Memorandum M-17-06, *Policies for Federal Agency Public Websites and Digital Services* , November 2016.
    206a3284-6a7e-423c-8ea9-25b22542541d
  • OMB M-17-12 Office of Management and Budget Memorandum M-17-12, *Preparing for and Responding to a Breach of Personally Identifiable Information* , January 2017.
    5f4705ac-8d17-438c-b23a-ac7f12362ae4
  • OMB M-17-25 Office of Management and Budget Memorandum M-17-25, *Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure* , May 2017.
    81c44706-0227-4258-a920-620a4d259990
  • OMB M-19-03 Office of Management and Budget Memorandum M-19-03, *Strengthening the Cybersecurity of Federal Agencies by Enhancing the High Value Asset Program* , December 2018.
    c5e11048-1d38-4af3-b00b-0d88dc26860c
  • OMB M-19-15 Office of Management and Budget Memorandum M-19-15, *Improving Implementation of the Information Quality Act* , April 2019.
    227063d4-431e-435f-9e8f-009b6dbc20f4
  • OMB M-19-23 Office of Management and Budget Memorandum M-19-23, *Phase 1 Implementation of the Foundations for Evidence-Based Policymaking Act of 2018: Learning Agendas, Personnel, and Planning Guidance* , July 2019.
    d886c141-c832-4ad7-ac6d-4b94f4b550d3
  • POPEK74 G. Popek, *The Principle of Kernel Design* , in 1974 NCC, AFIPS Cong. Proc., Vol. 43, pp. 977-978.
    79453f84-26a4-4995-8257-d32d37aefea3
  • PRIVACT Privacy Act (P.L. 93-579), December 1974.
    18e71fec-c6fd-475a-925a-5d8495cf8455
  • SALTZER75 J. Saltzer and M. Schroeder, *The Protection of Information in Computer Systems* , in Proceedings of the IEEE 63(9), September 1975, pp. 1278-1308.
    c9495d6e-ef64-4090-8509-e58c3b9009ff
  • SP 800-100 Bowen P, Hash J, Wilson M (2006) Information Security Handbook: A Guide for Managers. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-100, Includes updates as of March 7, 2007.
    4c0ec2ee-a0d6-428a-9043-4504bc3ade6f
  • SP 800-101 Ayers RP, Brothers S, Jansen W (2014) Guidelines on Mobile Device Forensics. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-101, Rev. 1.
    10cf2fad-a216-41f9-bb1a-531b7e3119e3
  • SP 800-111 Scarfone KA, Souppaya MP, Sexton M (2007) Guide to Storage Encryption Technologies for End User Devices. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-111.
    22f2d4f0-4365-4e88-a30d-275c1f5473ea
  • SP 800-113 Frankel SE, Hoffman P, Orebaugh AD, Park R (2008) Guide to SSL VPNs. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-113.
    6bc4d137-aece-42a8-8081-9ecb1ebe9fb4
  • SP 800-114 Souppaya MP, Scarfone KA (2016) User's Guide to Telework and Bring Your Own Device (BYOD) Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-114, Rev. 1.
    42e37e51-7cc0-4ffa-81c9-0ac942da7e99
  • SP 800-115 Scarfone KA, Souppaya MP, Cody A, Orebaugh AD (2008) Technical Guide to Information Security Testing and Assessment. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-115.
    122177fa-c4ed-485d-8345-3082c0fb9a06
  • SP 800-116 Ferraiolo H, Mehta KL, Ghadiali N, Mohler J, Johnson V, Brady S (2018) A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-116, Rev. 1.
    2100332a-16a5-4598-bacf-7261baea9711
  • SP 800-121 Padgette J, Bahr J, Holtmann M, Batra M, Chen L, Smithbey R, Scarfone KA (2017) Guide to Bluetooth Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-121, Rev. 2.
    d17ebd7a-ffab-499d-bfff-e705bbb01fa6
  • SP 800-124 Souppaya MP, Scarfone KA (2013) Guidelines for Managing the Security of Mobile Devices in the Enterprise. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-124, Rev. 1.
    0f66be67-85e7-4ca6-bd19-39453e9f4394
  • SP 800-125B Chandramouli R (2016) Secure Virtual Network Configuration for Virtual Machine (VM) Protection. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-125B.
    88660532-2dcf-442e-845c-03340ce48999
  • SP 800-126 Waltermire DA, Quinn SD, Booth H, III, Scarfone KA, Prisaca D (2018) The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-126, Rev. 3.
    8016d2ed-d30f-4416-9c45-0f42c7aa3232
  • SP 800-128 Johnson LA, Dempsey KL, Ross RS, Gupta S, Bailey D (2011) Guide for Security-Focused Configuration Management of Information Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-128, Includes updates as of October 10, 2019.
    20db4e66-e257-450c-b2e4-2bb9a62a2c88
  • SP 800-12 Nieles M, Pillitteri VY, Dempsey KL (2017) An Introduction to Information Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-12, Rev. 1.
    c7ac44e8-10db-4b64-b2b9-9e32ec1efed0
  • SP 800-130 Barker EB, Smid ME, Branstad DK, Chokhani S (2013) A Framework for Designing Cryptographic Key Management Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-130.
    3653e316-8923-430e-8943-b3b2b2562fc6
  • SP 800-137A Dempsey KL, Pillitteri VY, Baer C, Niemeyer R, Rudman R, Urban S (2020) Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-137A.
    62ea77ca-e450-4323-b210-e0d75390e785
  • SP 800-137 Dempsey KL, Chawla NS, Johnson LA, Johnston R, Jones AC, Orebaugh AD, Scholl MA, Stine KM (2011) Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-137.
    067223d8-1ec7-45c5-b21b-c848da6de8fb
  • SP 800-147 Cooper DA, Polk T, Regenscheid AR, Souppaya MP (2011) BIOS Protection Guidelines. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-147.
    e47ee630-9cbc-4133-880e-e013f83ccd51
  • SP 800-150 Johnson CS, Waltermire DA, Badger ML, Skorupka C, Snyder J (2016) Guide to Cyber Threat Information Sharing. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-150.
    9ef4b43c-42a4-4316-87dc-ffaf528bc05c
  • SP 800-152 Barker EB, Branstad DK, Smid ME (2015) A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-152.
    2494df28-9049-4196-b233-540e7440993f
  • SP 800-154 Souppaya MP, Scarfone KA (2016) Guide to Data-Centric System Threat Modeling. (National Institute of Standards and Technology, Gaithersburg, MD), Draft NIST Special Publication (SP) 800-154.
    708b94e1-3d5e-4b22-ab43-1c69f3a97e37
  • SP 800-156 Ferraiolo H, Chandramouli R, Mehta KL, Mohler J, Skordinski S, Brady S (2016) Representation of PIV Chain-of-Trust for Import and Export. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-156.
    d9e036ba-6eec-46a6-9340-b0bf1fea23b4
  • SP 800-160-1 Ross RS, Oren JC, McEvilley M (2016) Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 1, Includes updates as of March 21, 2018.
    e3cc0520-a366-4fc9-abc2-5272db7e3564
  • SP 800-160-2 Ross RS, Pillitteri VY, Graubart R, Bodeau D, McQuaid R (2019) Developing Cyber Resilient Systems: A Systems Security Engineering Approach. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 2.
    61ccf0f4-d3e7-42db-9796-ce6cb1c85989
  • SP 800-161 Boyens JM, Paulsen C, Moorthy R, Bartol N (2015) Supply Chain Risk Management Practices for Federal Information Systems and Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-161.
    e8e84963-14fc-4c3a-be05-b412a5d37cd2
  • SP 800-162 Hu VC, Ferraiolo DF, Kuhn R, Schnitzer A, Sandlin K, Miller R, Scarfone KA (2014) Guide to Attribute Based Access Control (ABAC) Definition and Considerations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-162, Includes updates as of August 2, 2019.
    2956e175-f674-43f4-b1b9-e074ad9fc39c
  • SP 800-166 Cooper DA, Ferraiolo H, Chandramouli R, Ghadiali N, Mohler J, Brady S (2016) Derived PIV Application and Data Model Test Guidelines. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-166.
    e8552d48-cf41-40aa-8b06-f45f7fb4706c
  • SP 800-167 Sedgewick A, Souppaya MP, Scarfone KA (2015) Guide to Application Whitelisting. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-167.
    38f39739-1ebd-43b1-8b8c-00f591d89ebd
  • SP 800-171 Ross RS, Pillitteri VY, Dempsey KL, Riddle M, Guissanie G (2020) Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-171, Rev. 2.
    7dbd6d9f-29d6-4d1d-9766-f2d77ff3c849
  • SP 800-172 Ross RS, Pillitteri VY, Graubart RD, Guissanie G, Wagner R, Bodeau D (2020) Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (Final Public Draft). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-172.
    f26af0d0-6d72-4a9d-8ecd-01bc21fd4f0e
  • SP 800-177 Rose SW, Nightingale S, Garfinkel SL, Chandramouli R (2019) Trustworthy Email. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-177, Rev. 1.
    1c71b420-2bd9-4e52-9fc8-390f58b85b59
  • SP 800-178 Ferraiolo DF, Hu VC, Kuhn R, Chandramouli R (2016) A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-178.
    388a3aa2-5d85-4bad-b8a3-77db80d63c4f
  • SP 800-181 Petersen R, Santos D, Smith MC, Wetzel KA, Witte G (2020) Workforce Framework for Cybersecurity (NICE Framework). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-181, Rev. 1.
    276bd50a-7e58-48e5-a405-8c8cb91d7a5f
  • SP 800-184 Bartock M, Scarfone KA, Smith MC, Witte GA, Cichonski JA, Souppaya MP (2016) Guide for Cybersecurity Event Recovery. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-184.
    31ae65ab-3f26-46b7-9d64-f25a4dac5778
  • SP 800-188 Garfinkel S (2016) De-Identifying Government Datasets. (National Institute of Standards and Technology, Gaithersburg, MD), Second Draft NIST Special Publication (SP) 800-188.
    c15bfc12-a61e-4ca5-bf35-fa9ce3ccb5d2
  • SP 800-189 Sriram K, Montgomery D (2019) Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-189.
    f5edfe51-d1f2-422e-9b27-5d0e90b49c72
  • SP 800-18 Swanson MA, Hash J, Bowen P (2006) Guide for Developing Security Plans for Federal Information Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-18, Rev. 1.
    30eb758a-2707-4bca-90ad-949a74d4eb16
  • SP 800-192 Yaga DJ, Kuhn R, Hu VC (2017) Verification and Test Methods for Access Control Policies/Models. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-192.
    53df282b-8b3f-483a-bad1-6a8b8ac00114
  • SP 800-28 Jansen W, Winograd T, Scarfone KA (2008) Guidelines on Active Content and Mobile Code. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-28, Version 2.
    f641309f-a3ad-48be-8c67-2b318648b2f5
  • SP 800-30 Joint Task Force Transformation Initiative (2012) Guide for Conducting Risk Assessments. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-30, Rev. 1.
    08b07465-dbdc-48d6-8a0b-37279602ac16
  • SP 800-32 Kuhn R, Hu VC, Polk T, Chang S-J (2001) Introduction to Public Key Technology and the Federal PKI Infrastructure. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-32.
    8cb338a4-e493-4177-818f-3af18983ddc5
  • SP 800-34 Swanson MA, Bowen P, Phillips AW, Gallup D, Lynes D (2010) Contingency Planning Guide for Federal Information Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-34, Rev. 1, Includes updates as of November 11, 2010.
    bc39f179-c735-4da2-b7a7-b2b622119755
  • SP 800-35 Grance T, Hash J, Stevens M, O'Neal K, Bartol N (2003) Guide to Information Technology Security Services. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-35.
    77faf0bc-c394-44ad-9154-bbac3b79c8ad
  • SP 800-37 Joint Task Force (2018) Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-37, Rev. 2.
    482e4c99-9dc4-41ad-bba8-0f3f0032c1f8
  • SP 800-39 Joint Task Force Transformation Initiative (2011) Managing Information Security Risk: Organization, Mission, and Information System View. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-39.
    cec037f3-8aba-4c97-84b4-4082f9e515d2
  • SP 800-40 Souppaya MP, Scarfone KA (2013) Guide to Enterprise Patch Management Technologies. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-40, Rev. 3.
    155f941a-cba9-4afd-9ca6-5d040d697ba9
  • SP 800-41 Scarfone KA, Hoffman P (2009) Guidelines on Firewalls and Firewall Policy. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-41, Rev. 1.
    a7f0e897-29a3-45c4-bd88-40dfef0e034a
  • SP 800-45 Tracy MC, Jansen W, Scarfone KA, Butterfield J (2007) Guidelines on Electronic Mail Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-45, Version 2.
    314e33cb-3681-4b50-a2a2-3fae9604accd
  • SP 800-46 Souppaya MP, Scarfone KA (2016) Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-46, Rev. 2.
    83b9d63b-66b1-467c-9f3b-3a0b108771e9
  • SP 800-47 Grance T, Hash J, Peck S, Smith J, Korow-Diks K (2002) Security Guide for Interconnecting Information Technology Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-47.
    c3a76872-e160-4267-99e8-6952de967d04
  • SP 800-50 Wilson M, Hash J (2003) Building an Information Technology Security Awareness and Training Program. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-50.
    511f6832-23ca-49a3-8c0f-ce493373cab8
  • SP 800-52 McKay KA, Cooper DA (2019) Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-52, Rev. 2.
    7537638e-2837-407d-844b-40fb3fafdd99
  • SP 800-53 RES NIST Special Publication 800-53, Revision 5 Resource Center.
    4e0d3c99-0f4e-496f-8951-d4f57c122fc2
  • SP 800-53A Joint Task Force Transformation Initiative (2014) Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-53A, Rev. 4, Includes updates as of December 18, 2014.
    a21aef46-7330-48a0-b2e1-c5bb8b2dd11d
  • SP 800-53B Joint Task Force (2020) Control Baselines and Tailoring Guidance for Federal Information Systems and Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-53B.
    46d9e201-840e-440e-987c-2c773333c752
  • SP 800-55 Chew E, Swanson MA, Stine KM, Bartol N, Brown A, Robinson W (2008) Performance Measurement Guide for Information Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-55, Rev. 1.
    7798067b-4ed0-4adc-a505-79dad4741693
  • SP 800-56A Barker EB, Chen L, Roginsky A, Vassilev A, Davis R (2018) Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56A, Rev. 3.
    20957dbb-6a1e-40a2-b38a-66f67d33ac2e
  • SP 800-56B Barker EB, Chen L, Roginsky A, Vassilev A, Davis R, Simon S (2019) Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56B, Rev. 2.
    0d083d8a-5cc6-46f1-8d79-3081d42bcb75
  • SP 800-56C Barker EB, Chen L, Davis R (2020) Recommendation for Key-Derivation Methods in Key-Establishment Schemes. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56C, Rev. 2.
    eef62b16-c796-4554-955c-505824135b8a
  • SP 800-57-1 Barker EB (2020) Recommendation for Key Management: Part 1 – General. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-57 Part 1, Rev. 5.
    110e26af-4765-49e1-8740-6750f83fcda1
  • SP 800-57-2 Barker EB, Barker WC (2019) Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-57 Part 2, Rev. 1.
    e7942589-e267-4a5a-a3d9-f39a7aae81f0
  • SP 800-57-3 Barker EB, Dang QH (2015) Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-57 Part 3, Rev. 1.
    8306620b-1920-4d73-8b21-12008528595f
  • SP 800-60-1 Stine KM, Kissel RL, Barker WC, Fahlsing J, Gulick J (2008) Guide for Mapping Types of Information and Information Systems to Security Categories. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-60, Vol. 1, Rev. 1.
    e72fde0b-6fc2-497e-a9db-d8fce5a11b8a
  • SP 800-60-2 Stine KM, Kissel RL, Barker WC, Lee A, Fahlsing J (2008) Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-60, Vol. 2, Rev. 1.
    9be5d661-421f-41ad-854e-86f98b811891
  • SP 800-61 Cichonski PR, Millar T, Grance T, Scarfone KA (2012) Computer Security Incident Handling Guide. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-61, Rev. 2.
    49b8aa2d-a88c-4bff-9f20-876ccb8f7dcb
  • SP 800-63-3 Grassi PA, Garcia ME, Fenton JL (2017) Digital Identity Guidelines. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-63-3, Includes updates as of March 2, 2020.
    737513fa-6758-403f-831d-5ddab5e23cb3
  • SP 800-63A Grassi PA, Fenton JL, Lefkovitz NB, Danker JM, Choong Y-Y, Greene KK, Theofanos MF (2017) Digital Identity Guidelines: Enrollment and Identity Proofing. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-63A, Includes updates as of March 2, 2020.
    9099ed2c-922a-493d-bcb4-d896192243ff
  • SP 800-63B Grassi PA, Fenton JL, Newton EM, Perlner RA, Regenscheid AR, Burr WE, Richer, JP, Lefkovitz NB, Danker JM, Choong Y-Y, Greene KK, Theofanos MF (2017) Digital Identity Guidelines: Authentication and Lifecycle Management. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-63B, Includes updates as of March 2, 2020.
    e59c5a7c-8b1f-49ca-8de0-6ee0882180ce
  • SP 800-70 Quinn SD, Souppaya MP, Cook MR, Scarfone KA (2018) National Checklist Program for IT Products: Guidelines for Checklist Users and Developers. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-70, Rev. 4.
    4895b4cd-34c5-4667-bf8a-27d443c12047
  • SP 800-73-4 Cooper DA, Ferraiolo H, Mehta KL, Francomacaro S, Chandramouli R, Mohler J (2015) Interfaces for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-73-4, Includes updates as of February 8, 2016.
    858705be-3c1f-48aa-a328-0ce398d95ef0
  • SP 800-76-2 Grother PJ, Salamon WJ, Chandramouli R (2013) Biometric Specifications for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-76-2.
    7af2e6ec-9f7e-4232-ad3f-09888eb0793a
  • SP 800-77 Barker EB, Dang QH, Frankel SE, Scarfone KA, Wouters P (2020) Guide to IPsec VPNs. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-77, Rev. 1.
    d4d7c760-2907-403b-8b2a-767ca5370ecd
  • SP 800-78-4 Polk T, Dodson DF, Burr WE, Ferraiolo H, Cooper DA (2015) Cryptographic Algorithms and Key Sizes for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-78-4.
    828856bd-d7c4-427b-8b51-815517ec382d
  • SP 800-79-2 Ferraiolo H, Chandramouli R, Ghadiali N, Mohler J, Shorter S (2015) Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-79-2.
    10963761-58fc-4b20-b3d6-b44a54daba03
  • SP 800-81-2 Chandramouli R, Rose SW (2013) Secure Domain Name System (DNS) Deployment Guide. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-81-2.
    fe209006-bfd4-4033-a79a-9fee1adaf372
  • SP 800-82 Stouffer KA, Lightman S, Pillitteri VY, Abrams M, Hahn A (2015) Guide to Industrial Control Systems (ICS) Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-82, Rev. 2.
    6264c85d-19f5-408a-aa44-d737daaf311e
  • SP 800-83 Souppaya MP, Scarfone KA (2013) Guide to Malware Incident Prevention and Handling for Desktops and Laptops. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-83, Rev. 1.
    3dd249b0-f57d-44ba-a03e-c3eab1b835ff
  • SP 800-84 Grance T, Nolan T, Burke K, Dudley R, White G, Good T (2006) Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-84.
    53be2fcf-cfd1-4bcb-896b-9a3b65c22098
  • SP 800-86 Kent K, Chevalier S, Grance T, Dang H (2006) Guide to Integrating Forensic Techniques into Incident Response. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-86.
    cfdb1858-c473-46b3-89f9-a700308d0be2
  • SP 800-88 Kissel RL, Regenscheid AR, Scholl MA, Stine KM (2014) Guidelines for Media Sanitization. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-88, Rev. 1.
    a5b1d18d-e670-4586-9e6d-4a88b7ba3df6
  • SP 800-92 Kent K, Souppaya MP (2006) Guide to Computer Security Log Management. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-92.
    5eee45d8-3313-4fdc-8d54-1742092bbdd6
  • SP 800-94 Scarfone KA, Mell PM (2007) Guide to Intrusion Detection and Prevention Systems (IDPS). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-94.
    25e3e57b-dc2f-4934-af9b-050b020c6f0e
  • SP 800-95 Singhal A, Winograd T, Scarfone KA (2007) Guide to Secure Web Services. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-95.
    a6b9907a-2a14-4bb4-a142-d4c73026a8b4
  • SP 800-97 Frankel SE, Eydt B, Owens L, Scarfone KA (2007) Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-97.
    03fb73bc-1b12-4182-bd96-e5719254ea61
  • USA PATRIOT USA Patriot Act (P.L. 107-56), October 2001.
    13f0c39d-eaf7-417a-baef-69a041878bb5
  • USC 11101 "Definitions," Title 40 U.S. Code, Sec. 11101. 2018 ed.
    dd1a42a3-20c0-43ba-bbdb-6ea3624f1d38
  • USC 2901 United States Code, 2008 Edition, Title 44 - *Public Printing and Documents* , Chapters 29, 31, and 33, January 2012.
    e922fc50-b1f9-469f-92ef-ed7d9803611c
  • USC 3502 "Definitions," Title 44 U.S. Code, Sec. 3502. 2011 ed.
    82460f0b-1060-420e-9181-554e2dc921df
  • USC 552 United States Code, 2006 Edition, Supplement 4, Title 5 - *Government Organization and Employees* , January 2011.
    ef3550b5-60a0-4489-8d4e-08223a929c7a
  • USCERT IR Department of Homeland Security, *US-CERT Federal Incident Notification Guidelines* , April 2017.
    40b78258-c892-480e-9af8-77ac36648301
  • USGCB National Institute of Standards and Technology (2020) *United States Government Configuration Baseline* . Available at
    98498928-3ca3-44b3-8b1e-f48685373087
  • Cybersecurity and Privacy Reference Tool: *Security and Privacy Controls for Information Systems and Organizations, 5.1.1*
    d68867c0-2f21-4193-bef8-300f32701016
  • NIST Special Publication 800-53, Revision 5: * Security and Privacy Controls for Information Systems and Organizations* (PDF)
    c3397cc9-83c6-4459-adb2-836739dc1b94
  • NIST Special Publication 800-53, Revision 5: * Security and Privacy Controls for Information Systems and Organizations* (DOI link)
    f7cf488d-bc64-4a91-a994-810e153ee481
  • NIST SP 800-53 content and other OSCAL content examples
    5a5ffcb9-2272-484e-8d47-4483a0585dec
  • NIST SP 800-53 Rev 5.1.1 content and other OSCAL content examples
    1f2fcda3-408f-422c-aecd-b1717c3f7843
  • NIST SP 800-53 Rev 5.1.1 content (with minor errors fixed) and other OSCAL content examples
    9a0dc8cb-d398-4635-a7ec-dcbdef1d2113
  • NIST SP 800-53 Rev 5.1.1 content in OSCAL 1.1.2, labels restored and minor bug fixes
    9b0c9c43-2722-4bbb-b132-13d34fb94d45
  • NIST SP 800-53 Rev 5.1.1 content in OSCAL 1.1.2, with minor bug fixes
    cb35e1b6-0467-4234-96ba-224045914965