Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Protect

These mappings are intended to demonstrate the relationship between existing NIST publications and the Cybersecurity Framework. These preliminary mappings are intended to evolve and progress over time as new publications are created and existing publications are updated. Initially, each publication has been mapped only once to the category considered most applicable. Certain NIST publications that have broad applicability across multiple categories of a function have been included within the General Mappings section.

General Mappings

This table provides publications that have broad applicability across multiple categories of a function.

PROTECT (PR)

800-64 Rev. 2

Security Considerations in the System Development Life Cycle

800-160

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

 

NIST Cybersecurity Publication by Category

This table consists of NIST Publications that have been mapped only once to an individual Category.

PROTECT (PR)

Identity Management, Authentication and Access Control (PR.AC): Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions.

800-63-3

Digital Identity Guidelines

800-63A

Digital Identity Guidelines: Enrollment and Identity Proofing

800-63B

Digital Identity Guidelines: Authentication and Lifecycle Management

800-63C

Digital Identity Guidelines: Federation and Assertions

800-46 Rev. 2

Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security

800-189

Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation

800-157

Guidelines for Derived Personal Identity Verification (PIV) Credentials

800-162

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

800-81-2

Secure Domain Name System (DNS) Deployment Guide

800-116 Rev. 1

A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

800-76-2

Biometric Specifications for Personal Identity Verification

800-79-2

Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)

800-166

Derived PIV Application and Data Model Test Guidelines

800-156

Representation of PIV Chain-of-Trust for Import and Export

800-96

PIV Card to Reader Interoperability Guidelines

800-73-4

Interfaces for Personal Identity Verification

800-178

A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)

800-120

Recommendation for EAP Methods Used in Wireless Network Access Authentication

800-192

Verification and Test Methods for Access Control Policies/Models

800-98

Guidelines for Securing Radio Frequency Identification (RFID) Systems

1800-12

Derived Personal Identity Verification (PIV) Credentials

1800-9

Access Rights Management for the Financial Services Sector

1800-3

Attribute Based Access Control (2nd Draft)

1800-2

Identity and Access Management for Electric Utilities

 

Awareness and Training (PR.AT): The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.

800-84

Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

800-181 Rev. 1

National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework

800-50

Building an Information Technology Security Awareness and Training Program

800-16 Rev. 1

A Role-Based Model for Federal Information Technology/Cybersecurity Training

800-114 Rev. 1

User's Guide to Telework and Bring Your Own Device (BYOD) Security

 

Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

800-133 Rev. 2

Recommendation for Cryptographic Key Generation

800-111

Guide to Storage Encryption Technologies for End User Devices

800-175A

Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies

800-175B

Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms

800-89

Recommendation for Obtaining Assurances for Digital Signature Applications

800-78-4

Cryptographic Algorithms and Key Sizes for Personal Identity Verification

800-171 Rev. 1

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

800-121 Rev. 2

Guide to Bluetooth Security

800-113

Guide to SSL VPNs

800-127

Guide to Securing WiMAX Wireless Communications

800-187

Guide to LTE Security

800-123

Guide to General Server Security

800-41 Rev. 1

Guidelines on Firewalls and Firewall Policy

800-67 Rev. 2

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

800-56A Rev. 3

Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography

800-38A

Recommendation for Block Cipher Modes of Operation: Methods and Techniques

800-38A Addendum

Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode

800-38B

Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication

800-38C

Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality

800-38D

Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC

800-38E

Recommendation for Block Cipher Modes of Operation:  the XTS-AES Mode for Confidentiality on Storage Devices

800-38F

Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping

800-124 Rev. 1

Guidelines for Managing the Security of Mobile Devices in the Enterprise

800-38G

Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption

 

800-90A Rev. 1

Recommendation for Random Number Generation Using Deterministic Random Bit Generators

800-90B

Recommendation for the Entropy Sources Used for Random Bit Generation

800-90C

Recommendation for Random Bit Generator (RBG) Constructions

800-132

Recommendation for Password-Based Key Derivation: Part 1: Storage Applications

800-153

Guidelines for Securing Wireless Local Area Networks (WLANs)

800-77

Guide to IPsec VPNs

800-177 Rev. 1

Trustworthy Email (2nd Draft)

800-17

Modes of Operation Validation System (MOVS): Requirements and Procedures

800-20

Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures

800-108

Recommendation for Key Derivation Using Pseudorandom Functions (Revised)

800-57 Part 1 Rev. 4

Recommendation for Key Management, Part 1: General

800-57 Part 2

Recommendation for Key Management, Part 2: Best Practices for Key Management Organization

800-57 Part 3 Rev. 1

Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance

800-107 Rev. 1

Recommendation for Applications Using Approved Hash Algorithms

800-56B Rev. 1

Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography

800-56C Rev. 1

Recommendation for Key Derivation through Extraction-then-Expansion

800-147

BIOS Protection Guidelines

800-147B

BIOS Protection Guidelines for Servers

800-155

BIOS Integrity Measurement Guidelines

800-32

Introduction to Public Key Technology and the Federal PKI Infrastructure

800-25

Federal Agency Use of Public Key Technology for Digital Signatures and Authentication

800-130

A Framework for Designing Cryptographic Key Management Systems

500-304

Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update: 2013, Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information

800-102

Recommendation for Digital Signature Timeliness

800-185

SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash

800-49

Federal S/MIME V3 Client Profile

800-85A-4

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)

800-85B-4

PIV Data Model Test Guidelines

800-106

Randomized Hashing for Digital Signatures

800-131A Rev. 1

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

800-52 Rev. 2

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

800-122

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

800-22 Rev. 1a

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

800-95

Guide to Secure Web Services

800-44 Ver. 2

Guidelines on Securing Public Web Servers

800-125

Guide to Security for Full Virtualization Technologies

800-125A

Security Recommendations for Hypervisor Deployment (2nd Draft)

800-125B

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

800-190

Application Container Security Guide

800-29

A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2

800-135 Rev. 1

Recommendation for Existing Application-Specific Key Derivation Functions

800-119

Guidelines for the Secure Deployment of IPv6

800-15

MISPC Minimum Interoperability Specification for PKI Components, Version 1

1800-11

Data Integrity: Recovering from Ransomware and Other Destructive Events

1800-6

Domain Name Systems-Based Electronic Mail Security

1800-4

Mobile Device Security: Cloud and Hybrid Builds

1800-1

Securing Electronic Health Records on Mobile Devices

 

Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

800-128

Guide for Security-Focused Configuration Management of Information Systems

800-160

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

800-164

Guidelines on Hardware-Rooted Security in Mobile Devices

800-64 Rev. 2

Security Considerations in the System Development Life Cycle

800-193

Platform Firmware Resiliency Guidelines

800-188

De-Identifying Government Datasets (2nd Draft)

800-126 Rev. 3

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3

800-126A

SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3

800-117 Rev. 1

Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2

800-51 Rev. 1

Guide to Using Vulnerability Naming Schemes

800-70 Rev. 4

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

800-43

Systems Administration Guidance for Securing Windows 2000 Professional System

800-144

Guidelines on Security and Privacy in Public Cloud Computing

800-179

Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist

800-69

Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist

800-68 Rev. 1

Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

800-47

Security Guide for Interconnecting Information Technology Systems

800-88 Rev. 1

Guidelines for Media Sanitization

1800-8

Securing Wireless Infusion Pumps in Healthcare Delivery Organizations

 

Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

800-13

Telecommunications Security Guidelines for Telecommunications Management Network

800-58

Security Considerations for Voice Over IP Systems

800-97

Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i

800-48 Rev. 1

Guide to Securing Legacy IEEE 802.11 Wireless Networks

800-167

Guide to Application Whitelisting

800-45 Ver. 2

Guidelines on Electronic Mail Security

 

 

 

Created February 1, 2018, Updated May 4, 2021