Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ITL Bulletin

Using Security Configuration Checklists and the National Checklist Program

May 25, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-70 Rev. 2, National Checklist Program for IT ProductsGuidelines for

Full Virtualization Technologies: Guidelines for Secure Implementation and Management

April 25, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST SP 800-125, Guide To Security for Full Virtualization Technologies: Recommendations of the National

Managing Information Security Risk: Organization, Mission, and Information System View

March 22, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-39, Integrated Enterprise-Wide Risk Management: Organization, Mission

Internet Protocol Version 6 (IPv6): NIST Guidelines Help Organizations Manage the Secure Deployment of the New Network Protocol

January 31, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-119, Guidelines for the Secure Deployment of IPv6. Written by Sheila

Securing WiMAX Wireless Communications

December 27, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-127, Guide to Securing WiMAX Wireless Communications: Recommendations of

The Exchange of Health Care Information: Designing a Security Architecture to Protect Information Security and Privacy

November 23, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NISTIR 7497, Security Architecture Design Process for Health Information Exchanges (HIEs). The publication

Cyber Security Strategies for the Smart Grid: Protecting the Advanced, Digital Infrastructure for Electric Power

October 27, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NISTIR 7628, Guidelines for Smart Grid Cyber Security. The guidelines were developed as a consensus

Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of their Information Systems

September 27, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-117, Guide To Adopting and Using the Security Content Automation

Assessing the Effectiveness of Security Controls in Federal Information Systems

August 23, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal

Contingency Planning for Information Systems: Updated Guide for Federal Organizations

July 20, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-34, Rev. 1, Contingency Planning Guide for Federal Information Systems

How To Identify Personnel With Significant Responsibilities For Information Security

June 22, 2010

Author(s)

Mark Wilson

This Bulletin is written to assist federal departments and agencies to meet their information security training responsibilities. Determining who has

Guide to Protecting Personally Identifiable Information

April 28, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-122, Guide to Protecting the Confidentiality of Personally Identifiable

Revised Guide Helps Federal Organizations Improve Their Risk Management Practices and Information System Security

March 29, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-37, Revision 1, Guide for Applying the Risk Management Framework to

Secure Management of Keys in Cryptographic Applications: Guidance for Organizations

February 24, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-57, Recommendation for Key Management, Part 3, Application Specific Key

Security Metrics: Measurements to Support the Continued Development of Information Security Technology

January 27, 2010

Author(s)

Shirley M. Radack

This bulletin summarizes the information that was presented in NIST Interagency Report (NISTIR)7564, Directions in Security Metrics Research, by Wayne Jansen

Cybersecurity Fundamentals for Small Business Owners

November 19, 2009

Author(s)

Shirley M. Radack

This bulletin summarizes the information that was published in NIST Interagency Report (NISTIR) 7621, Small Business Information Security: The Fundamentals, by

Protecting Information Systems with Firewalls: Revised Guidelines on Firewall Technologies and Policies

October 29, 2009

Author(s)

Shirley M. Radack

Firewalls are essential devices or programs that help organizations protect their networks and systems, and help home users protect their computers, from

Updated Digital Signature Standard Approved as Federal Information Processing Standard (FIPS)186-3

September 28, 2009

Author(s)

Shirley M. Radack

This bulletin summarizes the information in Federal Information Processing Standard (FIPS) Publication 186-3, Digital Signature Standard (DSS). Approved in June

Revised Catalog of Security Controls for Federal Information Systems and Organizations: For Use in Both National Security and Nonnational Security Systems

August 20, 2009

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems

Risk Management Framework: Helping Organizations Implement Effective Information Security Programs

July 23, 2009

Author(s)

Shirley M. Radack

This bulletin summarizes information about the Risk Management Framework (RMF) and points to NIST standards and guidelines that assist agencies in achieving

Security for Enterprise Telework and Remote Access Solutions

June 24, 2009

Author(s)

Karen A. Scarfone

Many people telework (also known as telecommuting), which is the ability for an organization s employees and contractors to perform work from locations other

The System Development Life Cycle (SDLC)

April 29, 2009

Author(s)

Shirley M. Radack

This bulletin summarizes the information that was disseminated by the National Institute of Standards and Technology (NIST) in Special Publication (SP) 800-64

The Cryptographic Hash Algorithm Family: Revision of the Secure Hash Standard and Ongoing Competition for New Hash Algorithms

March 25, 2009

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in Federal Information Processing Standard (FIPS) 180-3, Secure Hash Standard; NIST Special Publication (SP)

Using Personal Identity Verification (PIV) Credentials in Physical Access Control Systems (PACS)

February 26, 2009

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-116, A Recommendation for the Use of PIV Credentials in Physical Access

Security of Cell Phones and PDAs

January 29, 2009

Author(s)

Shirley M. Radack

This bulletin summarizes the information disseminated in NIST Special Publication (SP) 800-124, Guidelines on Cell Phone and PDA Security: Recommendations of

Guide to Information Security Testing and Assessment

December 18, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment

Bluetooth Security: Protecting Wireless Networks and Devices

November 20, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-121, Guide to Bluetooth Security: Recommendations of the National

Keeping Information Technology (IT) System Servers Secure: A General Guide to Good Practices

October 15, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-123, Guide to General Server Security: Recommendations of the National

Using Performance Measurements to Evaluate and Strengthen Information System Security

September 18, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-55, Revision 1, Performance Measurement Guide for Information Security

Security Assessments: Tools for Measuring the Effectiveness of Security Controls

August 21, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in NIST Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems