NIST, or the National Institute of Standards and Technology, is a federal agency within the United States Department of Commerce. Founded in 1901, NIST was originally known as the National Bureau of Standards and received its current name in 1988.
NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. It provides industry, academia, government, and other users with over 1,300 Standard Reference Materials®.
One of the most well-known aspects of NIST is its role in cybersecurity. It develops and issues standards, guidelines, and other publications to assist in managing cost-effective programs to protect information and information systems of federal agencies.
NIST's work is implemented in various sectors and is often used as a baseline or reference in many areas of technology, industry, and science. It provides critical resources to a broad array of industries, from information technology and cybersecurity to atomic physics, biotechnology, and healthcare informatics.
Here are 20 recent standards and special publications from NIST (National Institute of Standards and Technology).
This document provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations.
NIST SP 800-171 (Rev. 2): Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
Provides requirements for protecting the confidentiality of Controlled Unclassified Information (CUI).
Provides technical requirements for federal agencies implementing digital identity services.
This publication provides guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization.
Provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations.
Recommends procedures for incident handling, particularly for analyzing incident-related data and determining the appropriate response to each incident.
This publication provides guidelines for managing risk to organizational operations, organizational assets, individuals, and other organizations resulting from the operation of an information system.
This guide provides guidelines for conducting risk assessments of federal information systems and organizations, amplifying the guidance in SP 800-39.
Provides instructions, recommendations, and considerations for government IT contingency planning.
This publication provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material.
This publication assists organizations in implementing a media sanitization program with proper and applicable management controls.
Provides assistance to organizations in the planning, acquisition, and implementation of information security services.
Provides recommendations on developing firewall policies and explains the technical features of firewalls and various types of firewall technologies.
Provides recommendations for intrusion detection system (IDS) and intrusion prevention system (IPS) product selection, implementation, configuration, securing, monitoring, and maintenance.
Provides recommendations for log management, including how to collect, analyze, and store logs.
Recommendations for organizations considering IPsec VPN solutions for secure network connections.
NIST SP 800-70 (Rev. 4): National Checklist Program for IT Products – Guidelines for Checklist Users and Developers
Provides guidelines for the development, maintenance, and use of checklists to help organizations establish a more secure IT environment.
A guide for IT professionals new to information security, covering the foundation of the field and its basic principles.
Provides guidance on how to develop, select and implement measures to be used in verifying the effectiveness of information security controls.
Provides an analysis of security considerations for VoIP systems, including detailed insight into the risks VoIP poses to an organization's information and recommendations for mitigating those risks.