Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guideline on Network Security Testing



John P. Wack, Miles C. Tracy, Murugiah P. Souppaya


[Superseded by NIST SP 800-115, Technical Guide to Information Security Testing and Assessment,] The purpose of this document is to provide guidance for security program manager, technical managers, functional managers, and other information technology (IT) staff members who deal with systems concerning when and how to perform tests for network security vulnerabilities and policy implementation. This document identifies network testing requirements and how to prioritize testing activities with limited resources. It describes security testing techniques and tools. This document provides guidance to assist organizations in avoiding redundancy and duplication of effort by providing a consistent approach to network security testing throughout an organization's networks. Furthermore, this document provides a feasible approach for organizations by offering varying levels of network security testing as mandated by an organization's mission and security objectives.The main focus of this document is the basic information about techniques and tools for individuals to begin a testing program. This document is by no means all-inclusive and individuals and organizations should consult the references provided in this document as well as vendor production descriptions and other sources of information.
Special Publication (NIST SP) - 800-42
Report Number


intrusion detection, network security testing, password cracking, system test & evaluation, vulnerability scanners


Wack, J. , Tracy, M. and Souppaya, M. (2003), Guideline on Network Security Testing, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 13, 2024)
Created October 15, 2003, Updated November 10, 2018