NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
SP 1800-4: “Mobile Device Security: Cloud and Hybrid Builds”
SP 1800-2: “Identity and Access Management for Electric Utilities”
SP 1800-1: “Securing Electronic Health Records on Mobile Devices”
SP 800-192: “Verification and Test Methods for Access Control Policies/Models”
SP 800-190: “Application Container Security Guide”
SP 800-185: “SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash”
SP 800-184: “Guide for Cybersecurity Event Recovery”
SP 800-183: “Networks of ‘Things’”
SP 800-181: “National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework”
SP 800-180: “NIST Definition of Microservices, Application Containers and System Virtual Machines”
SP 800-175B: “Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms”
SP 800-167: “Guide to Application Whitelisting”
SP 800-164: “Guidelines on Hardware-Rooted Security in Mobile Devices”
SP 800-163: “Vetting the Security of Mobile Applications”
SP 800-162: “Guide to Attribute Based Access Control (ABAC) Definition and Considerations”
SP 800-161: “Supply Chain Risk Management Practices for Federal Information Systems and Organizations”
SP 800-160 Vol. 2: “Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems”
SP 800-160 Vol. 1: “Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”
SP 800-157: “Guidelines for Derived Personal Identity Verification (PIV) Credentials”
SP 800-156: “Representation of PIV Chain-of-Trust for Import and Export”
SP 800-155: “BIOS Integrity Measurement Guidelines”
SP 800-154: “Guide to Data-Centric System Threat Modeling”
SP 800-153: “Guidelines for Securing Wireless Local Area Networks (WLANs)”
SP 800-152: “A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)”
SP 800-150: “Guide to Cyber Threat Information Sharing”
SP 800-147B: “BIOS Protection Guidelines for Servers”
SP 800-147: “BIOS Protection Guidelines”
SP 800-146: “Cloud Computing Synopsis and Recommendations”
SP 800-145: “The NIST Definition of Cloud Computing”
SP 800-144: “Guidelines on Security and Privacy in Public Cloud Computing”
SP 800-142: “Practical Combinatorial Testing”
SP 800-137: “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations”
SP 800-135 Rev. 1: “Recommendation for Existing Application-Specific Key Derivation Functions”
SP 800-133: “Recommendation for Cryptographic Key Generation”
SP 800-132: “Recommendation for Password-Based Key Derivation: Part 1: Storage Applications”
SP 800-131A Rev. 1: “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths”
SP 800-130: “A Framework for Designing Cryptographic Key Management Systems”
SP 800-128: “Guide for Security-Focused Configuration Management of Information Systems”
SP 800-127: “Guide to Securing WiMAX Wireless Communications”
SP 800-126 Rev. 3: “The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3”
SP 800-125B: “Secure Virtual Network Configuration for Virtual Machine (VM) Protection”
SP 800-125A: “Security Recommendations for Hypervisor Deployment on Servers”
SP 800-125: “Guide to Security for Full Virtualization Technologies”
SP 800-124 Rev. 1: “Guidelines for Managing the Security of Mobile Devices in the Enterprise”
SP 800-123: “Guide to General Server Security”
SP 800-122: “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)”
SP 800-121 Rev. 2: “Guide to Bluetooth Security”
SP 800-120: “Recommendation for EAP Methods Used in Wireless Network Access Authentication”
SP 800-119: “Guidelines for the Secure Deployment of IPv6”
SP 800-117 Rev. 1: “Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2”
SP 800-117: “Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0”
SP 800-116 Rev. 1: “A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)”
SP 800-116: “A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)”
SP 800-115: “Technical Guide to Information Security Testing and Assessment”
SP 800-114 Rev. 1: “User’s Guide to Telework and Bring Your Own Device (BYOD) Security”
SP 800-113: “Guide to SSL VPNs”
SP 800-111: “Guide to Storage Encryption Technologies for End User Devices”
SP 800-108: “Recommendation for Key Derivation Using Pseudorandom Functions (Revised)”
SP 800-107 Rev. 1: “Recommendation for Applications Using Approved Hash Algorithms”
SP 800-102: “Recommendation for Digital Signature Timeliness”
SP 800-101 Rev. 1: “Guidelines on Mobile Device Forensics”
SP 800-100: “Information Security Handbook: A Guide for Managers”
SP 800-98: “Guidelines for Securing Radio Frequency Identification (RFID) Systems”
SP 800-97: “Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i”
SP 800-96: “PIV Card to Reader Interoperability Guidelines”
SP 800-95: “Guide to Secure Web Services”
SP 800-94 Rev. 1: “Guide to Intrusion Detection and Prevention Systems (IDPS)”
SP 800-92: “Guide to Computer Security Log Management”
SP 800-88 Rev. 1: “Guidelines for Media Sanitization”
SP 800-86: “Guide to Integrating Forensic Techniques into Incident Response”
SP 800-85B-4: “PIV Data Model Test Guidelines”
SP 800-85A-4: “PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)”
SP 800-84: “Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities”
SP 800-83 Rev. 1: “Guide to Malware Incident Prevention and Handling for Desktops and Laptops”
SP 800-82 Rev. 2: “Guide to Industrial Control Systems (ICS) Security”
SP 800-81-2: “Secure Domain Name System (DNS) Deployment Guide”
SP 800-79-2: “Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)”
SP 800-77: “Guide to IPsec VPNs”
SP 800-76-2: “Biometric Specifications for Personal Identity Verification”
SP 800-73-4: “Interfaces for Personal Identity Verification”
SP 800-64 Rev. 2: “Security Considerations in the System Development Life Cycle”
SP 800-63C: “Digital Identity Guidelines: Federation and Assertions”
SP 800-63B: “Digital Identity Guidelines: Authentication and Life Cycle Management”
SP 800-61 Rev. 2: “Computer Security Incident Handling Guide”
SP 800-53 Rev. 5: “Security and Privacy Controls for Information Systems and Organizations”
SP 800-53A Rev. 4: “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans”
SP 800-52: “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations”
SP 800-51 Rev. 1: “Guide to Using Vulnerability Naming Schemes”
SP 800-50: “Building an Information Technology Security Awareness and Training Program”
SP 800-48 Rev. 1: “Guide to Securing Legacy IEEE 802.11 Wireless Networks”
SP 800-47: “Security Guide for Interconnecting Information Technology Systems”
SP 800-46 Rev. 2: “Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security”
SP 800-45 Version 2: “Guidelines on Electronic Mail Security”
SP 800-44 Version 2: “Guidelines on Securing Public Web Servers”
SP 800-41 Rev. 1: “Guidelines on Firewalls and Firewall Policy”
SP 800-40 Rev. 3: “Guide to Enterprise Patch Management Technologies”
SP 800-37 Rev. 2: “Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach”
SP 800-36: “Guide to Selecting Information Technology Security Products”
SP 800-35: “Guide to Information Technology Security Services”
SP 800-34 Rev. 1: “Contingency Planning Guide for Federal Information Systems”
SP 800-33: “Underlying Technical Models for Information Technology Security”
SP 800-32: “Introduction to Public Key Technology and the Federal PKI Infrastructure”
SP 800-30 Rev. 1: “Guide for Conducting Risk Assessments”
SP 800-25: “Federal Agency Use of Public Key Technology for Digital Signatures and Authentication”
SP 800-23: “Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products”
SP 800-19: “Mobile Agent Security”
SP 800-18 Rev. 1: “Guide for Developing Security Plans for Federal Information Systems”
SP 800-17: “Modes of Operation Validation System (MOVS): Requirements and Procedures”
SP 800-16 Rev. 1: “A Role-Based Model for Federal Information Technology/Cybersecurity Training”
SP 800-15: “MISPC Minimum Interoperability Specification for PKI Components, Version 1”
SP 800-13: “Telecommunications Security Guidelines for Telecommunications Management Network”
SP 800-12 Rev. 1: “An Introduction to Information Security”
SP 500-320: “Report of the Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)”
SP 500-299: “NIST Cloud Computing Security Reference Architecture”
Audit
Business Continuity Planning
Development and Acquisition
E-Banking
Information Security
Management
Operations
Outsourcing Technology Services
Retail Payment Systems
Supervision of Technology Service Providers
Wholesale Payment Systems
https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html
Security 101 for Covered Entities
Administrative Safeguards
Physical Safeguards
Technical Safeguards
Organizational, Policies and Procedures and Documentation Requirements
Basics of Risk Analysis and Risk Management
Security Standards: Implementation for the Small Provider
HIPAA Security Guidance
Risk Analysis
HHS Security Risk Assessment Tool
NIST HIPAA Security Rule Toolkit Application
Remote Use
Mobile Device
Ransomware
Federal Information Processing Standards Publication 140-2: Security Requirements for Cryptographic Modules
NIST HIPAA Security Rule Toolkit Application
NIST Cybersecurity Framework to HIPAA Security Rule Crosswalk
FTC HIPAA-related Guidance: “Security Risks to Electronic Health Information from Peer-to-Peer File Sharing Applications”
FTC HIPAA-related Guidance: “Safeguarding Electronic Protected Health Information on Digital Copiers”
FTC HIPAA-related Guidance: “Medical Identity Theft”
OCR Cyber Awareness Newsletters
PCI DSS v3.2
Glossary of Terms, Abbreviations, and Acronyms v3.2
PCI DSS Summary of Changes v3.1 to v3.2
Prioritized Approach for PCI DSS v3.2
Prioritized Approach Summary of Changes Version 3.1 to 3.2
Prioritized Approach Tool
PCI DSS Quick Reference Guide v3.2
Small Merchant Reference Guide Order Form
PCI Quick Reference Order Form
ROC Reporting Template v3.2
PCI DSS AOC - Merchants v3.2
PCI DSS AOC - Service Providers v3.2
AOC Extra Form for Service Providers
Supplemental Report on Compliance—Designated Entities v3.2
Supplemental AOC for Onsite Assessments—Designated Entities v3.2
Frequently Asked Questions (FAQs) for use with PCI DSS ROC Reporting Template v3.x
FAQs for Designated Entities Supplemental Validation
Acceptable Encryption Policy
Acceptable Use Policy
Clean Desk Policy
Data Breach Response Policy
Disaster Recovery Plan Policy
Digital Signature Acceptance Policy
Email Policy
Ethics Policy
Pandemic Response Planning Policy
Password Construction Guidelines
Password Protection Policy
Security Response Plan Policy
End User Encryption Key Protection Policy
Acquisition Assessment Policy
Bluetooth Baseline Requirements Policy
Remote Access Policy
Remote Access Tools Policy
Router and Switch Security Policy
Wireless Communication Policy
Wireless Communication Standard
Database Credentials Policy
Technology Equipment Disposal Policy
Information Logging Standard
Lab Security Policy
Server Security Policy
Software Installation Policy
Workstation Security (For HIPAA) Policy
Web Application Security Policy
International Information Systems Security Certification Consortium (ISC2): https://isc2.org
Information Systems Audit and Control Association (ISACA): https://isaca.org
Information Systems Security Association, Inc. (ISSA): https://issa.org
SANS Institute: https://sans.org
Disaster Recovery Institute (DRI): https://drii.org
CompTIA: https://www.comptia.org
The Forum of Incident Response and Security Teams (FIRST): https://first.org
The Institute of Internal Auditors: https://theiia.org
EC-Council: https://www.eccouncil.org/