USA CySec Policy

I put this list together during March/April 2021 to help write a paper using public-facing search engines, but The IT Law Wiki deserves extra praise for providing a majority of my starting points.

Huge thank you to everyone who has contacted me about what they see, or do not see, in this list. Considering my notes from last year, this has already expanded beyond what I had originally planned. My Spring '22 semester is over so this list is on pause for now.

Collections:

NIST Special Publications (IT Law Wiki)

OMB Memoranda (IT Law Wiki)

Executive Orders (IT Law Wiki)

Research:

1914 - Federal Trade Commission Act of 1914 (FTC, Wikipedia)
1934 - Communications Act of 1934 (IT Law Wiki, Wikipedia)
1965 - Brooks Automatic Data Processing Act of 1965 (IT Law Wiki)
1974 - Privacy Act of 1974 (DOJ, IT Law Wiki, Wikipedia)
1978 - Foreign Intelligence Services Act of 1978 (GovInfo [PDF], IT Law Wiki, Wikipedia)
1980 - Paperwork Reduction Act (EPA, IT Law Wiki, Wikipedia)
1984 - Comprehensive Crime Control Act of 1984 (Congress, Wikipedia)
1984 - Semiconductor Chip Protection Act of 1984 (Congress, IT Law Wiki, Wikipedia)
1984 - Small Business Computer Security and Education Act of 1984 (Congress)
1986 - Electronic Communications Privacy Act of 1986 (IT Law Wiki, Wikipedia)
1986 - Computer Fraud and Abuse Act of 1986 (Congress, IT Law Wiki, Wikipedia)
1987 - Executive Order 12591: Facilitating Access to Science and Technology (National Archives)
1987 - Computer Security Act of 1987 (Congress, IT Law Wiki, Wikipedia)
1988 - Computer Matching and Privacy Protection Act of 1988 (Congress, IT Law Wiki, Privacy Wiki)
1988 - Video Privacy Protection Act of 1988 (Congress, IT Law Wiki, Wikipedia
1990 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-1: Bibliography of Selected Computer Security Publications, January 1980-October 1989 (NIST [PDF])

1990 - Chief Financial Officers Act of 1990 (CIO, Congress, IT Law Wiki, Wikipedia)
1990 - Computer Software Rental Amendments Act of 1990 (Congress, IT Law Wiki, Wikisource)
1991 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-2: Public Key Cryptography (IT Law Wiki)
NIST SP 800-3: Establishing a Computer Security Incident Response Capability (IT Law Wiki)

1991 - High Performance Computing Act of 1991 (Congress, IT Law Wiki, Wikipedia)
1992 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-4: Computer Security Consideratins in Federal Procurements (IT Law Wiki)
NIST SP 800-5: A Guide to Selection of Anti-Virus Tools and Techniques (IT Law Wiki)
NIST SP 800-6: Automated Tools for Testing Computer System Vulnerability (IT Law Wiki)

1992 - Scientific and Technology Act of 1992 (Congress)
1993 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-8: Security Issues in the Database Language SQL
NIST SP 800-9: Good Security Practices for Electronic Commerce, Including Electronic Data Interchange

1993 - Government Performance and Results Act of 1993 (CIO, Congress, IT Law Wiki)
1993 - Executive Order 12829: National Industrial Security Program (National Archives, IT Law Wiki)
1993 - Executive Order 12864: United States Advisory Council on the Natioal Information Infrastructure (National Archives [PDF], IT Law Wiki)
1993 - Executive Order 12881: The Establishment of the National Science and Technology Council (GovInfo [PDF], IT Law Wiki)
1993 - Executive Order 12882: President's Committee of Advisors on Science and Technology (GovInfo [PDF], IT Law Wiki)
1993 - GPO Electronic Information Access Enhancement Act (Congress, IT Law Wiki)
1994 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-7: Security in Open Systems (IT Law Wiki)
NIST SP 800-10: Keeping Your Site Comfortably Secure

Interagency / Internal Report:

NISTIR 5468: Report of the NIST Workshop on Key Escrow Encryption (NIST)
NISTIR 5472: A Head Start on Assurance (NIST)
NISTIR 5540: Multi-Agency Certification and Accreditation Process (NIST)
NISTIR 5570: An Assessment of the DOD Goal Security Architecture for Non-Military Use (NIST)
NISTIR 5590: Proceedings Report of the International Invitation Workshop on Developmental Assurance (NIST)

1994 - Communications Assistance for Law Enforcement Act (Congress, FCC, IT Law Wiki, Wikipedia)
1994 - Presidential Decision Directive 23 (Clinton Digital Library, IT Law Wiki)
1994 - Presidential Decision Directive 29 (Clinton Digital Library, IT Law Wiki)
1995 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-11: The Impact of the FCC's Open Network Architecture on NS/EP Telecommunications Security
NIST SP 800-12: An Introductino to Information Security (IT Law Wiki)
NIST SP 800-13: Telecommunications Security Guidelines for Telecommunications Management Network (IT Law Wiki)

Interagency / Internal Report:

NISTIR 5788: Public Key Infrastructure Invitational Workshop, September 28, 1995, MITRE Corporation, McLean Virginia (NIST)

1995 - Paperwork Reduction Act of 1995(Congress, IT Law Wiki)
1995 - Digital Performance Right in Sound Recordings Act (IT Law Wiki, Wikipedia)
1996 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (IT Law Wiki)

Interagency / Internal Report:

NISTIR 5820: Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applicatios (NIST)

1996 - Office of Management and Budget Memoranda (White House [1995-1998], Federal Privacy Council, IT Law Wiki)

M-96-20: Implementation of the Information Technology Management Reform Act of 1996 (IT Law Wiki)

1996 - Executive Order 12999: Educational Technology: Ensuring Opportunity for All Children in the Next Century (GovInfo [PDF], IT Law Wiki, Wikipedia)
1996 - Executive Order 13010: Critical Infrastructure Protection (Homeland Security Digital Library, IT Law Wiki, Wikipedia)
1996 - Executive Order 13011: Federal Information Technology (IT Law Wiki, Wikisource)
1996 - Executive Order 13026: Administration of Export Controls on Encryption Products (GovInfo [PDF], IT Law Wiki)
1996 - Federal Trademark Dilution Act of 1995 (IT Law Wiki)
1996 - Health Insurance Portability and Accountability Act of 1996 (HHS, Congress, IT Law Wiki, Wikipedia)
1996 - Telecommunications Act of 1996 (FCC, Congress, IT Law Wiki, Wikipedia)

1996 - Communications Decency Act of 1996 (IT Law Wiki, Wikipedia)

1996 - Economic Espionage Act of 1996 (Congress, IT Law Wiki, Wikipedia)
1996 - Information Technology Management Reform Act of 1996 (GovInfo, IT Law Wiki, Wikipedia)

Clinger-Cohen Act (CIO, IT Law Wiki)

1997 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Interagency / Internal Report:

NISTIR 6068: Report on the TMACH Experiment (NIST)

1997 - Office of Management and Budget Memoranda (White House [1995-1998], Federal Privacy Council, IT Law Wiki)

M-97-16: Information Technology Architectures (IT Law Wiki)
M-97-15: Local Telecommunications Services Policy (IT Law Wiki)

1997 - Executive Order 13035: Advisory Committee on High-Performance Computing and Communications, Information Technology, and the Next Generation Internet (GovInfo, IT Law Wiki, Wikisource)
1997 - No Electronic Theft Act (Congress, IT Law Wiki, Wikipedia)
1998 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-16: Information Technology Security Training Requirements (NIST, IT Law Wiki)

Interagency / Internal Report:

NISTIR 6192: A Revised Model for Role Based Access Control (NIST)

1998 - Presidential Decision Directive 62 (Clinton Digital Library, IT Law Wiki)
1998 - Presidential Decision Directive 63 (Clinton Digital Library, IT Law Wiki)
1998 - Government Paperwork Elimination Act of 1998 (CIO, Congress, IT Law Wiki, Wikipedia)
1998 - Digital Millennium Copyright Act (Cornell LII, IT Law Wiki, Wikipedia)
1998 - Identity Theft and Assumption Deterrence Act of 1998 (Congress, IT Law Wiki, Privacy Wiki)
1998 - Children's Online Privacy Protection Act (Congress, IT Law Wiki, Wikipedia)
1999 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-19: Mobile Agent Security (IT Law Wiki)

Interagency / Internal Report:

NISTIR 6390: Randomness Testing of the Advanced Encryption Standard Candidate Algorithms (NIST)
NISTIR 6416: Applying Mobile Agents to Intrusion Detection and Response (NIST)
NISTIR 6462: CSPP - Guidance for COTS Security Protection Profiles (NIST)

1999 - Office of Management and Budget Memoranda (White House [1999], Federal Privacy Council, IT Law Wiki)

M-99-05: Instructions on Complyig with President's Memorandum of May 14, 1998, "Privacy and Personal Information in Federal Records" (IT Law Wiki)
M-99-17: Minimizing Regulatory and Information Technology Requirements That Could Affect Progress Fixing the Year 2000 Problem
M-99-18: Privacy Policies on Federal Web Sites (IT Law Wiki)
M-99-20: Security of Federal Automated Information Resources (IT Law Wiki)
M-99-21: Revised Reporting Guidance on Year 2000 Efforts
M-00-03: Reporting Y2K Compliance of Non-mission Critical Systems (IT Law Wiki)

1999 - Department of Defense Directive 5535.03: DoD Domestic Technology Transfer (T2) Program (ESD [PDF])
1999 - Department of Defense Issuance 5535.08: DoD Domestic Technology Transfer (T2) Program (ESD [PDF])
1999 - Executive Order 13073: Year 2000 Conversion (GovInfo [PDF], IT Law Wiki, Wikisource)
1999 - Executive Order 13103: Computer Software Piracy (GovInfo [PDF], IT Law Wiki, Wikisource)
1999 - Executive Order 13127: Amendment to Executive Order 13073, Year 2000 Conversion (GovInfo [PDF], IT Law Wiki, Wikisource)
1999 - Executive Order 13133: Working Group on Unlawful Conduct on the Internet (GovInfo [PDF], IT Law Wiki)
1999 - Executive Order 13181: To Protect the Privacy of Protected Health Information in Oversight Investigations (GovInfo [PDF], IT Law Wiki, Wikisource)
1999 - Gramm-Leach-Bliley Act (FTC, IT Law Wiki, Wikipedia)
1999 - Federal Enterprise Architecture Framework (Obama White House Archives, Centers for Medicare & Medicaid Services, IT Law Wiki, Wikipedia)
1999 - Trademark Cyberpiracy Prevention Act (Congress, IT Law Wiki, Wikipedia)
2000 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-23: Guidelines to Federal Organizations on Security Assurance & Acquisition/Use of Tested/Evaluated Products (NIST)
NIST SP 800-25: Federal Agency Use of Public Key Technology for Digital Signatures and Authentication (IT Law Wiki)

Interagency / Internal Report:

NISTIR 6483: Randomness Testing of the Advanced Encryption Standard Finalist Candidates (NIST)

2000 - Office of Management and Budget Memoranda (White House [2000], Federal Privacy Council, IT Law Wiki)

M-00-07: Incorporating and Funding Security in Information Systems Investments (IT Law Wiki)
M-00-10: OMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act (IT Law Wiki)
M-00-13: Privacy Policies and Data Collection on Federal Web Sites (IT Law Wiki)
M-00-15: OMB Guidance on Implementing the Electronic Signatures in Global and National Commerce Act (IT Law Wiki)
M-01-05: Guidance on Inter-Agency Sharing of Personal Data – Protecting Personal Privacy (IT Law Wiki)

2000 - Information Quality Act of 2000 (CIO, IT Law Wiki, Wikipedia)
2000 - Freedom of Information Act (CIO, IT Law Wiki, Wikipedia)
2000 - Computer Crime Enforcement Act (Congress)
2001 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-26: Security Self-Assessment Guide for Information Technology Systems (IT Law Wiki)
NIST SP 800-38A: Recommendation for Block Cipher Modes of Operation (NIST)

Federal Information Processing Standards:

FIPS 197: Advanced Encryption Standard (NIST)

2001 - Office of Management and Budget Memoranda (White House [2001], Federal Privacy Council, IT Law Wiki)

M-01-08: Guidance On Implementing the Government Information Security Reform Act (IT Law Wiki)
M-01-24: Reporting Instructions for the Government Information Security Reform Act (IT Law Wiki)
M-01-28: Citizen-Centered E-Government: Developing the Action Plan (IT Law Wiki)
M-02-01: Guidance for Preparing and Submitting Security Plans of Action and Milestones (IT Law Wiki)

2001 - Executive Order 13218: 21st Century Workforce Initiative (GovInfo [PDF], IT Law Wiki, Wikisource)
2001 - Executive Order 13226: Predisten's Council of Advisors on Science and Technology (GovInfo [PDF], IT Law Wiki, Wikisource)
2001 - Executive Order 13231: Critical Infrastructure Protection in the Information Age (DHS [PDF], IT Law Wiki, Wikisource)
2001 - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (George Bush White House Archives, Congress, IT Law Wiki, Wikipedia)
2002 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-4A: Computer Security Considerations in Federal Procurements
NIST SP 800-49: Federal S/MIME V3 Client Profile (NIST, IT Law Wiki)

Federal Information Processing Standards:

FIPS 140-2: Security Requirements for Cryptographic Modules (NIST)

2002 - Office of Management and Budget Memoranda (White House [2002], Federal Privacy Council, IT Law Wiki)

M-02-08: Redundant Information Systems Relating to On-Line Rulemaking Initiative (IT Law Wiki)
M-02-09: Reporting Instructions for the Government Information Security Reform Act and Updated Guidance on Security Plans of Action and Milestones
M-02-12: Reducing Redundant IT Infrastructure to Homeland Security (IT Law Wiki)
M-02-13: Review and Consolidation of Business Management Systems for the Proposed Department of Homeland Security
M-02-15: Revision of OMB Circular A-16

2002 - Department of Defense Directive 4200.15: Manufacturing Technology (ManTech) Program
2002 - Department of Defense Issuance 2015.4: Defense Research, Development, Test and Evaluation (RDT&E) Information Exchange Program (IEP) (ESD [PDF])
2002 - Homeland Security Act of 2002 (DHS, IT Law Wiki, Wikipedia)

2002 - Cyber Security Enhancement Act of 2002 (IT Law Wiki)

2002 - E-Government Act of 2002 (DOJ, IT Law Wiki, Wikipedia)

2002 - Confidential Information Protection and Statistical Efficiency Act of 2002 (CIO, IT Law Wiki, Wikipedia)
2002 - Federal Information Security Management Act of 2002 (IT Law Wiki, Wikipedia)

2002 - Sarbanes-Oxley Act of 2002 (Congress, IT Law Wiki, Wikipedia)
2002 - Help America Vote Act of 2002 (House, Congress [PDF], IT Law Wiki, Wikipedia)
2002 - Cyber Security Research and Development Act (Congress, IT Law Wiki)
2003 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-59: Guidleine for Identifying an Information System as a National Security System (NIST, IT Law Wiki)
NIST SP 800-50: Building an Information Technology Security Awareness and Training Program (NIST)
NIST SP 800-35: Guide to Information Technology Security Services (NIST)

Interagency / Internal Report:

NISTIR 6887 2003 Edition: Government Smart Card Interoperability Specification, Version 2.1 (NIST)
NISTIR 6977: Vulnerabilities in Quantum Key Distribution Protocols (NIST)
NISTIR 6981: Policy Expression and Enforcement for Handheld Devices (NIST)
NISTIR 6985: COTS Security Protection Profile - Operating Systems (NIST)
NISTIR 7007: An Overview of Issues in Testing Intrusion Detection Systems (NIST)
NISTIR 7030: Picture Password (NIST)
NISTIR 7046: A Framework for Multi-mode Authentication (NIST)
NISTIR 7059: 1st Annual PKI Research Workshop Proceedings (NIST)

2003 - Office of Management and Budget Memoranda (White House [2003], Federal Privacy Council, IT Law Wiki)

M-03-18: Implementation Guidance for the E-Government Act of 2002 (IT Law Wiki)
M-03-19: Reporting Instructions for the Federal Information Security Management Act and Updated Guidance on Quarterly IT Security Reporting
M-03-22: OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (IT Law Wiki)
M-04-04: E-Authentication Guidance (IT Law Wiki)

2003 - Controlling the Assault of Non-Solicited Pornography and Marketing Act (Congress, IT Law Wiki, Wikipedia)
2004 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-27A: Engineering Principles for Information Technology Security (IT Law Wiki)
NIST SP 800-72: Guidelines on PDA Forensics (NIST, IT Law Wiki)

Interagency / Internal Report:

NISTIR 6529-A: Common Biometric Exchange Formats Framework (NIST)
NISTIR 7056: Card Technology Developments and Gap Analysis Interagency Report (NIST)
NISTIR 7085: 2nd Annual PKI Research Workshop Proceedings (NIST)
NISTIR 7100: PDA Forensic Tools (NIST)
NISTIR 7111: Computer Security Division 2003 Annual Report (NIST)
NISTIR 7122: 3rd Annual PKI Research Workshop Proceedings (NIST)

Federal Information Processing Standards:

FIPS 199: Standards for Security Categorization of Federal Information and Information Systems (NIST)

2004 - Office of Management and Budget Memoranda (White House [2004], Federal Privacy Council, IT Law Wiki)

M-04-08: Maximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the President’s 24 E-Gov Initiatives
M-04-15: Development of Homeland Security Presidential Directive (HSPD) – 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources (IT Law Wiki)
M-04-16: Software Acquisition (IT Law Wiki)
M-04-19: Information Technology (IT) Project Manager (PM) Qualification Guidance (IT Law Wiki)
M-04-24: Expanded Electronic Government (E-Gov) President’s Management Agenda (PMA) Scorecard Cost, Schedule and Performance Standard for Success (IT Law Wiki)
M-04-25: FY 2004 Reporting Instructions for the Federal Information Security Management Act (IT Law Wiki)
M-04-26: Personal Use Policies and “File Sharing” Technology (IT Law Wiki)
M-05-02: Financial Management Systems
M-05-04: Policies for Federal Agency Public Websites (IT Law Wiki)
M-05-05: Electronic Signatures: How to Mitigate the Risk of Commercial Managed Services (IT Law Wiki)

2004 - Department of Defense Directive 8100.02: Use of Commercial Wireless Devices, Services, and Technologies In The Department of Defense (DoD) Global Information Grid (GIG) (ESD [PDF])
2004 - Department of Defense Issuance 8580.1: Information Assurance (IA) in the Defense Acquisition System (ESD [PDF])
2004 - Executive Order 13335: Incentives for the Use of Health Information Technology and Establishing the Position of the National Health Information Technology Coordinator (GovInfo [PDF], IT Law Wiki, Wikisource)
2004 - Executive Order 13349: Amending Executive Order 13226 to Designate the President's Council of Advisors on Science and Technology to Serve as the National Nanotechnology Advisory Panel (GovInfo, IT Law Wiki, Wikisource)
2004 - Executive Order 13355: Strengthened Management of the Intelligence Community (GovInfo [PDF], IT Law Wiki, Wikisource)
2004 - Identity Theft Penalty Enhancement Act (House, IT Law Wiki)
2005 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-21: Guideline for Implementing Cryptography in the Federal Government (IT Law Wiki)
NIST SP 800-58: Security Considerations for Voice Over IP Systems (NIST, IT Law Wiki)

Interagency / Internal Report:

NISTIR 7188: Specification for the Extensible Configuration Checklist Description Format (NIST)
NISTIR 7200: Proximity Beacons and Mobile Device Authentication (NIST)
NISTIR 7206: Smart Cards and Mobile Device Authentication (NIST)
NISTIR 7219: Computer Security Division 2004 Annual Report (NIST)
NISTIR 7224: 4th Annual PKI R&D Workshop "Multiple Paths to Trust" Proceedings (NIST)
NISTIR 7250: Cell Phone Forensic Tools (NIST)

2005 - Office of Management and Budget Memoranda (White House [2005], Federal Privacy Council, IT Law Wiki)

M-05-08: Designation of Senior Agency Officials for Privacy (IT Law Wiki)
M-05-15: FY 2005 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (IT Law Wiki)
M-05-16: Regulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings
M-05-22: Transition Planning for Internet Protocol Version 6 (IPv6) (IT Law Wiki)
M-05-23: Improving Information Technology (IT) Project Planning and Execution (IT Law Wiki)
M-05-24: Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors (IT Law Wiki)
M-06-02: Improving Public Access to and Dissemination of Government Information and Using the Federal Enterprise Architecture Data Reference Model (IT Law Wiki)

2005 - Department of Defense Directive 8115.01: Information Technology Portfolio Management (ESD [PDF])
2005 - Department of Defense Directive 5160.64E: Legal Information Technology (ESD [PDF])
2005 - Department of Defense Issuance 3608.11: Information Operations Career Force (ESD [PDF])
2005 - Family Entertainment and Copyright Act of 2005 (Congress, IT Law Wiki, Wikipedia)
2006 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-18 Rev. 1: Guide for Developing Security Plans for Federal Information Systems (NIST, IT Law Wiki)
NIST SP 800-85B: PIV Data Model Test Guidelines (NIST)
NIST SP 800-86: Guide to Integrating Forensic Techniques into Incident Response (NIST, IT Law Wiki)
NIST SP 800-92: Guide to Computer Security Log Management (NIST, IT Law Wiki)
NIST SP 800-84: Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities (NIST)
NIST SP 800-89: Recommendation for Obtaining Assurances for Digital Signature Applications (NIST)
NIST SP 800-96: PIV Card to Reader Interoperability Guidelines (NIST)

Interagency / Internal Report:

NISTIR 7275: Specification for the Extensible Configuration Checklist Description Format Version 1.1 (NIST)
NISTIR 7284: Personal Identity Verification Card Management Report (NIST)
NISTIR 7285: Computer Security Division 2005 Annual Report (NIST)
NISTIR 7290: Fingerprint Identification and Mobile Handheld Devices (NIST)
NISTIR 7308: An Algorithm for Generating Very Large Covering Arrays (NIST)
NISTIR 7313: 5th Annual PKI R&D Workshop "Making PKI Easy to Use" Proceedings (NIST)
NISTIR 7316: Assessment of Access Control Systems (NIST)
NISTIR 7337: Personal Identity Verification Demonstration Summary (NIST)

Federal Information Processing Standards:

FIPS 200: Minimum Security Requirements for Federal Information and Information Systems (NIST)

2006 - Office of Management and Budget Memoranda (White House [2006], Federal Privacy Council, IT Law Wiki)

M-06-06: Sample Privacy Documents for Agency Implementation of Homeland Security Presidential Directive (HSPD) 12 (IT Law Wiki)
M-06-07: Designation of a Senior Agency Official for Geospatial Information (IT Law Wiki)
M-06-15: Safeguarding Personally Identifiable Information (IT Law Wiki)
M-06-16: Protection of Sensitive Agency Information (IT Law Wiki)
M-06-19: Reporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments (IT Law Wiki)
M-06-22: Cost Savings Achieved Through E-Government and Line of Business Initiatives
Recommendations for Identity Theft Related Data Breach Notification

2006 - Department of Defense Issuance 8115.02: Information Technology Portfolio Management Implementation (ESD [PDF])
2006 - Executive Order 13407: Public Alert Warning System (GovInfo [PDF], IT Law Wiki, Wikisource)
2007 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-97: Establishing Wireless Robust Security Networks (NIST, IT Law Wiki)
NIST SP 800-94: Guide to Intrusion Detection and Prevention Systems (NIST, IT Law Wiki)
NIST SP 800-45 Version 2: Guidlines on Electronic Mail Security (NIST, IT Law Wiki)
NIST SP 800-100: Information Security Handbook (NIST)
NIST SP 800-98: Guidelines for Securing Radio Frequency Identification Systems (NIST, IT Law Wiki)
NIST SP 800-38C: Recommendation for Block Cipher Modes of Operation (NIST)
NIST SP 800-95: Guide to Secure Web Services (NIST, IT Law Wiki)
NIST SP 800-44 Version 2: Guidelines on Securing Public Web Servers (NIST, IT Law Wiki)
NIST SP 800-111: Guide to Storage Encryption Technologies for End User Devices (NIST, IT Law Wiki)
NIST SP 800-38D: Recommendation for Block Cipher Modes of Operation (NIST)

Interagency / Internal Report:

NISTIR 7275 Rev. 2: Specification for the Extensible Configuration Checklist Description Format Version 1.1.3 (NIST)
NISTIR 7358: Program Review for Information Security Management Assistance (NIST)
NISTIR 7359: Information Security Guide for Government Executives (NIST)
NISTIR 7387: Cell Phone Forensic Tools (NIST)
NISTIR 7399: Computer Security Division 2006 Annual Report (NIST)
NISTIR 7427: 6th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings (NIST)
NISTIR 7435: The Common Vulnerability Scoring System and its Applicability to Federal Agency Systems(NIST)
NISTIR 7452: Secure Biometric Match-on-Card Feasibility Report (NIST)

2007 - Office of Management and Budget Memoranda (White House [2007], Federal Privacy Council, IT Law Wiki)

M-07-11: Implementation of Commonly Accepted Security Configurations for Windows Operating Systems (IT Law Wiki)
M-07-16: Safeguarding Against and Responding to the Breach of Personally Identifiable Information (IT Law Wiki)
M-07-19: FY 2007 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (IT Law Wiki)
M-07-20: FY 2007 E-Government Act Reporting Instructions
M-07-24: Updated Principles for Risk Analysis (IT Law Wiki)
M-08-05: Implementation of Trusted Internet Connections (TIC) (IT Law Wiki)

Trusted Internet Connections (CISA, GSA, IT Law Wiki, Wikipedia)

2007 - Energy Independence and Security Act of 2007 (EPA, Congress, IT Law Wiki, Wikipedia)
2008 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-28 Version 2: Guidlines on Active Content and Mobile Code (NIST, IT Law Wiki)
NIST SP 800-113: Guide to SSL VPNs (NIST)
NIST SP 800-55 Rev. 1: Performance Measurement Guide for Information Security (NIST, IT Law Wiki)
NIST SP 800-123: Guide to General Server Security (NIST)
NIST SP 800-60 Vol. 1 Rev. 1: Guide for Mapping Types of Information and Information Systems to Security Categories (NIST)
NIST SP 800-60 Vol. 2 Rev. 1: Guide for Mapping Types of Information and Information Systems to Security Categories (NIST, IT Law Wiki)
NIST SP 800-115: Technical Guide t Information Security Testing and Assessment (NIST, IT Law Wiki)
NIST SP 800-66 Rev. 1: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule (NIST, IT Law Wiki)

Interagency / Internal Report:

NISTIR 7275 Rev. 3: Specification for the Extensible Configuration Checklist Description Format Version 1.1.4 (NIST)
NISTIR 7442: Computer Security Division 2007 Annual Report (NIST)
NISTIR 7516: Forensic Filtering of Cell Phone Protocols (NIST)
NISTIR 7539: Symmetric Key Injection onto Smart Cards (NIST)
NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems (NIST)

Federal Information Processing Standards:

FIPS 198-1: The Keyed-Hash Message Authentication Code (NIST)

2008 - Office of Management and Budget Memoranda (White House [2008], Federal Privacy Council, IT Law Wiki)

M-08-09: New FISMA Privacy Reporting Requirements for FY 2008
M-08-15: Tools Available for Implementing Electronic Records Management (IT Law Wiki)
M-08-16: Guidance for Trusted Internet Connection Statement of Capability Form (SOC)
M-08-21: FY 2008 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (IT Law Wiki)
M-08-22: Guidance on the Federal Desktop Core Configuration (FDCC)
M-08-23: Securing the Federal Government’s Domain Name System Infrastructure (Submission of Draft Agency Plans Due by September 5, 2008) (IT Law Wiki)
M-08-26: Transition from FTS2001 to Networx (IT Law Wiki)
M-08-27: Guidance for Trusted Internet Connection (TIC) Compliance (IT Law Wiki)
M-09-02: Information Technology Management Structure and Governance Framework (IT Law Wiki)

2008 - Department of Defense Issuance 5210.45: Personnel Security Policies and Procedures for Sensitive Cryptologic Information in the National Security Agency/Central Security Service (ESD [PDF])
2008 - Executive Order 13462: President's Intelligence Advisory Board and Intelligence Oversight Board (GovInfo [PDF], IT Law Wiki, Wikisource)
2008 - Executive Order 13475: Further Amendments To Executive Orders 12139 and 12949 in Light of the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 (GovInfo, IT Law Wiki, Wikisource)
2008 - Comprehensive National Cybersecurity Initiative (Obama White House Archives, IT Law Wiki, Wikipedia)
2008 - Identity Theft Enforcement and Restitution Act of 2008 (Congress, Cornell LII, IT Law Wiki)
2008 - Securing Cyberspace for the 44th Presidency (CSIS, Berkman Klein Center, IT Law Wiki)
2009 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-106: Randomized Hashing for Digital Signatures (NIST)
NIST SP 800-102: Recommendation for Digital Signature Timelines (NIST)
NIST SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy (NIST, IT Law Wiki)
NIST SP 800-108: Recommendation for Key Derivation Using Pseudorandom Functions (NIST)

Interagency / Internal Report:

NISTIR 7536: Computer Security Division 2008 Annual Report (NIST)
NISTIR 7564: Directions in Security Metrics Research (NIST)
NISTIR 7581: System and Network Security Acronyms and Abbreviations (NIST)
NISTIR 7611: Use of ISO/IEC 24727 (NIST)
NISTIR 7617: Mobile Forensic Reference Materials (NIST)
NISTIR 7620: Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition (NIST)

2009 - Office of Management and Budget Memoranda (White House [2009], Federal Privacy Council, IT Law Wiki)

M-09-12: President’s Memorandum on Transparency and Open Government – Interagency Collaboration (IT Law Wiki)
M-09-27: Science and Technology Priorities for the FY 2011 Budget
M-09-29: FY 2009 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (IT Law Wiki)
M-09-32: Update on the Trusted Internet Connections Initiative (IT Law Wiki)
M-10-06: Open Government Directive (IT Law Wiki)

2009 - Department of Defense Issuance 4640.07: Telecommunications Services in the National Capital Region (NCR) (ESD [PDF])
2009 - Executive Order 13526: Classified National Security Information (GovInfo [PDF], IT Law Wiki, Wikipedia)
2009 - Health Information Technology for Economic and Clinical Health Act (Congress, HHS, IT Law Wiki, Wikipedia)
2009 - Cyberspace Policy Review (IT Law Wiki)
2010 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-38E: Recommendation for Block Cipher Modes of Operation (NIST)
NIST SP 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (NIST, IT Law Wiki)
NIST SP 800-22 Rev. 1a: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications (NIST)
NIST SP 800-142: Practical Combinatorial Testing (NIST)
NIST SP 800-38A Addendum: Recommendation for Block Cipher Modes of Operation (NIST)
NIST SP 800-34 Rev. 1: Contingency Plannig Guide for Federal Information Systems (NIST, IT Law Wiki)
NIST SP 800-132: Recommendation for Password-Based Key Derivation (NIST)
NIST SP 800-119: Guidelines for the Secure Deployment of IPv6 (NIST)

Interagency / Internal Report:

NISTIR 7497: Security Architecture Design Process for Health Information Exchanges (NIST, IT Law Wiki)
NISTIR 7502: The Common Configuration Scoring System (NIST)
NISTIR 7559: Forensics Web Services (NIST, IT Law Wiki)
NISTIR 7601: Framework for Emergency Response Officials (NIST)
NISTIR 7609: Cryptographic Key Management Workshop Summary -- June 8-9, 2009 (NIST, IT Law Wiki)
NISTIR 7653: Computer Security Division 2009 Annual Report (NIST, IT Law Wiki)
NISTIR 7657: A Report on the Privilege (Access) Management Workshop (NIST)
NISTIR 7658: Guide to SIMfill Use and Development (NIST)
NISTIR 7665: Proceedings of the Privilege Management Workshop, September 1-3, 2009 (NIST)
NISTIR 7676: Maintaining and Using Key History on Personal Identity Verification Cards (NIST)
NISTIR 7773: An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events (NIST)

2010 - Office of Management and Budget Memoranda (White House [2010], Federal Privacy Council, IT Law Wiki)

M-10-10: Federal Agency Coordination on Health Information Technology (HIT) (IT Law Wiki)
M-10-15: FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (IT Law Wiki)
M-10-22: Guidance for Online Use of Web Measurement and Customization Technologies (IT Law Wiki)
M-10-23: Guidance for Agency Use of Third-Party Websites and Applications (IT Law Wiki)
M-10-25: Reforming the Federal Government’s Efforts to Manage Information Technology Projects (IT Law Wiki)
M-10-26: Immediate Review of Financial Systems IT Projects (IT Law Wiki)
M-10-27: Information Technology Investment Baseline Management Policy (IT Law Wiki)
M-10-28: Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security (DHS) (IT Law Wiki)
M-10-30: Science and Technology Priorities for the FY 2012 Budget
M-10-31: Immediate Review of Information Technology Projects (IT Law Wiki)
M-11-02: Sharing Data While Protecting Privacy (IT Law Wiki)
M-11-06: WikiLeaks – Mishandling of Classified Information (IT Law Wiki)

2010 - Department of Defense Directive 5505.13E: DoD Executive Agent (EA) for The DoD Cyber Crime Center (DC3) (ESD [PDF])
2010 - Department of Defense Issuance O-5100.93: Defense Counterintelligence (CI) and Human Intelligence (HUMINT) Center (DCHC) (ESD [PDF])
2010 - Department of Defense Issuance 3115.12: Open Source Intelligence (OSINT) (ESD [PDF])
2010 - Executive Order 13539: President's Council of Advisors on Science and Technology (GovInfo, IT Law Wiki, Wikisource)
2010 - Executive Order 13556: Controlled Unclassified Information (Obama White House Archives, IT Law Wiki, )

Controlled Unclassified Information (IT Law Wiki, Wikipedia)

2010 - National Initiative for Cybersecurity Education (NIST, IT Law WIki, Wikipedia)
2011 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-125: Guide to Security for Full Virtualization Technologies (NIST, IT Law Wiki)
NIST SP 800-126 Rev. 1: The Technical Specification for the Security Content Automation Protocol (NIST)
NIST SP 800-51 Rev. 1: Guide to Using Vulnerability Naming Schemes (NIST)
NIST SP 800-39: Managing Information Security Risk (NIST, IT Law Wiki)
NIST SP 800-147: BIOS Protection Guidelines (NIST, IT Law Wiki)
NIST SP 800-145: The NIST Definition of Cloud Computing (NIST, IT Law Wiki)
NIST SP 800-137: Information Security Coninuous Monitoring for Federal Information Systems and Organizations (NIST, IT Law Wiki)
NIST SP 800-155: BIOS Integrity Measurement Guidelines (NIST)
NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing (NIST, IT Law Wiki)
NIST SP 800-135 Rev. 1: Recommendation for Existing Application-Specific Key Derivation Functions (NIST)

Interagency / Internal Report:

NISTIR 7682: Information System Security Best Practices for UOCAVA-Supporting Systems (NIST)
NISTIR 7692: Specification for the Open Checklist Interactive Language Version 2.0 (NIST)
NISTIR 7693: Specification for Asset Identification 1.1 (NIST)
NISTIR 7694: Specification for Asset Reporting Format 1.1 (NIST)
NISTIR 7695: Common Platform Enumeration (NIST)
NISTIR 7696: Common Platform Enumeration (NIST)
NISTIR 7697: Common Platform Enumeration (NIST)
NISTIR 7698: Common Platform Enumeration (NIST)
NISTIR 7711: Security Best Practices for the Electronic Transmission of Election Materials for UOCAVA Voters (NIST)
NISTIR 7751: Computer Security Division 2010 Annual Report (NIST, IT Law Wiki)
NISTIR 7756: CAESARS Framework Extension (NIST)
NISTIR 7764: Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition (NIST)
NISTIR 7770: Security Considerations for Remote Electronic UOCAVA Voting (NIST)
NISTIR 7771: Conformance Test Architecture for Biometric Data Interchange Formats - Version Beta 2.0 (NIST)
NISTIR 7788: Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs (NIST)
NISTIR 7791: Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2007 (NIST)
NISTIR 7802: Trust Model for Security Automation Data 1.0 (NIST)
NISTIR 7806: ANSI/NIST-ITL 1-2011 Requirements and Conformance Test Assertions (NIST)
NISTIR 7815: Access Control for SAR Systems (NIST)

2011 - Office of Management and Budget Memoranda (White House [2011], Federal Privacy Council, IT Law Wiki)

M-11-08: Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems
M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD) 12–Policy for a Common Identification Standard for Federal Employees and Contractors (IT Law Wiki)
M-11-20: Implementing Telework Enhancement Act of 2010 IT Purchasing Requirements (IT Law Wiki)
M-11-24: Implementing Executive Order 13571 on Streamlining Service Delivery and Improving Customer Service (IT Law Wiki)
M-11-27: Implementing the Telework Enhancement Act of 2010: Security Guidelines (IT Law Wiki)
M-11-29: Chief Information Officer Authorities (IT Law Wiki)
M-11-33: FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (IT Law Wiki)

2011 - Department of Defense Issuance 8520.03: Identity Authentication for Information Systems (ESD [PDF])
2011 - Department of Defense Issuance 8520.02: Public Key Infrastructure (PKI) and Public Key (PK) Enabling (ESD [PDF])
2011 - Department of Defense Issuance 8320.05: Electromagnetic Spectrum Data Sharing (ESD [PDF])
2011 - Department of Defense Issuance 3115.15: Geospatial Intelligence (GEOINT) (ESD [PDF])
2011 - Executive Order 13587: Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information (Obama White House Archives, IT Law Wiki, Wikisource)
2011 - National Strategy for Trusted Identities in Cyberspace (Obama White House Archives [PDF], IT Law Wiki, Wikipedia)
2011 - Cybersecurity Two Years Later (CSIS, IT Law Wiki)
2011 - Federal Risk and Authorization Management Program (FedRAMP, GSA, IT Law Wiki, Wikipedia)
2011 - Department of Defense Strategy for Operating in Cyberspace (NIST [2011 PDF], IT Law Wiki, Wikipedia)
2012 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-153: Guidelines for Securing Wireless Local Area Networks (NIST)
NIST SP 800-126 Rev. 2: The Technical Specification for the Security Content Automation Protocol (NIST)
NIST SP 800-146: Cloud Computing Synopsis and Recommendations (NIST, IT Law Wiki)
NIST SP 800-94 Rev. 1: Guide to Intrusion Detection and Prevention Systems (NIST)
NIST SP 800-61 Rev. 2: Computer Security Incident Handling Guide (NIST)
NIST SP 800-107 Rev. 1: Recommendation for Applications Using Approved Hash Algorithms (NIST)
NIST SP 800-30 Rev. 1: Guide for Conducting Risk Assessments (NIST, IT Law Wiki)
NIST SP 800-164: Guidelines on Hardware-Rooted Security in Mobile Devices (NIST)
NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation (NIST)

Interagency / Internal Report:

NISTIR 7275 Rev. 4: Specification for the Extensible Configuration Checklist Description Format Version 1.2(NIST)
NISTIR 7622: Notional Supply Chain Risk Management Practices for Federal Information Systems (NIST)
NISTIR 7799: Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications ()
NISTIR 7800: Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (NIST)
NISTIR 7816: Computer Security Division 2011 Annual Report (NIST)
NISTIR 7817: A Credential Reliability and Revocation Model for Federated Identities (NIST)
NISTIR 7848: Specification for the Asset Summary Reporting Format 1.0 (NIST)
NISTIR 7864: The Common Misuse Scoring System (NIST)
NISTIR 7867 Rev. 2012: Usability of PIV Smartcards for Logical Access (NIST)
NISTIR 7870: NIST Test Personal Identity Verification Cards (NIST)
NISTIR 7874: Guidelines for Access Control System Evaluation Metrics (NIST)
NISTIR 7877: BioCTS 2012 (NIST)
NISTIR 7878: Combinatorial Coverage Measurement (NIST)
NISTIR 7896: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition (NIST)

2012 - Office of Management and Budget Memoranda (White House [2012], Federal Privacy Council, IT Law Wiki)

M-12-10: Implementing PortfolioStat (IT Law Wiki)
M-12-15: Science and Technology Priorities for the FY 2014 Budget
M-12-18: Managing Government Records Directive (IT Law Wiki)
M-12-20: FY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management

2012 - Department of Defense Issuance 1035.01: Telework Policy (ESD [PDF])
2012 - Department of Defense Issuance 5200.44: Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN) (ESD [PDF])
2012 - Executive Order 13616: Accelerating Broadband Infrastructure Deployment (GovInfo, IT Law Wiki, Wikisource)
2012 - Continuous Diagnostics and Mitigation Program (GSA, CISA, IT Law WIki)
2012 - First Responder Network Authority (FirstNet, House, IT Law Wiki, Wikipedia)
2012 - International Traffic in Arms Regulations Act (Cornell LII, IT Law Wiki, Wikipedia)
2013 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-124 Rev. 1: Guidelines for Managing the Security of Mobile Devices in the Enterprise (IT Law Wiki)
NIST SP 800-76-2: Biometric Specifications for Personal Identity Verification (NIST)
NIST SP 800-165: Computer Security Division 2012 Annual Report (NIST, IT Law Wiki)
NIST SP 800-83 Rev. 1: Guide to Malware Incident Prevention and Handling for Desktops and Laptops (NIST, IT Law Wiki)
NIST SP 800-40 Rev. 3: Guide to Enterprise Patch Management Technologies (NIST, IT Law Wiki)
NIST SP 800-130: A Framework for Designing Cryptographic Key Management Systems (NIST, IT Law Wiki)
NIST SP 800-81-2: Secure Domain Name System Deployment Guide (NIST)

Interagency / Internal Report:

NISTIR 7916: Proceedings of the Cybersecurity in Cyber-Physical Systems Workshop, April 23-24, 2012 (NIST)
NISTIR 7933: Requirements and Conformance Test Assertions for ANSI/NIST-ITL 1-2011 Record Type 18 - DNA Record (NIST)
NISTIR 7956: Cryptographic Key Management Issues & Challenges in Cloud Services (NIST, IT Law Wiki)
NISTIR 7957: Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2011 NIEM XML Encoded Transactions (NIST)
NISTIR 7970: Taxonomic Rules for Password Policies (NIST)

Federal Information Processing Standards:

FIPS 186-4: Digital Signature Standard (NIST)
FIPS 201-2: Personal Identity Verification of Federal Employees and Contractors (NIST)

2013 - Office of Management and Budget Memoranda (White House [2013], Federal Privacy Council, IT Law Wiki)

M-13-01: Guidance for Agencies on Transfers from the Spectrum Relocation Fund for Certain Pre-Auction Costs
M-13-10: Antideficiency Act Implications of Certain Online Terms of Service Agreements
M-13-13: Open Data Policy – Managing Information as an Asset (IT Law Wiki)
M-13-16: Science and Technology Priorities for the FY 2015 Budget
M-14-03: Enhancing the Security of Federal Information and Information Systems (IT Law Wiki)
M-14-04: Fiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management

2013 - Department of Defense Directive 5134.10: Defense Advanced Research Projects Agency (DARPA) (ESD [PDF])
2013 - Department of Defense Issuance 3305.09: DoD Cryptologic Training (ESD [PDF])
2013 - Department of Defense Issuance 3305.10: Geospatial-Intelligence (GEOINT) Training (ESD [PDF])
2013 - Department of Defense Issuance 8320.02: Sharing Data, Information, and Technology (IT) Services in the Department of Defense (ESD [PDF])
2013 - Department of Defense Issuance 5525.16: Law Enforcement Defense Data Exchange (LE D-DEx) (ESD [PDF])
2013 - Department of Defense Issuance 1444.02 Vol. 1: Data Submission Requirements for DoD Civilian Personnel: Appropriated Fund (APF) Civilians (ESD [PDF])
2013 - Department of Defense Issuance 1444.02 Vol. 2: Data Submission Requirements for DoD Civilian Personnel: Nonappropriated Fund (NAF) Civilians (ESD [PDF])
2013 - Department of Defense Issuance 1444.02 Vol. 3: Data Submission Requirements for DoD Civilian Personnel: Foreign National (FN) Civilians (ESD [PDF])
2013 - Department of Defense Issuance 1444.02 Vol. 4: Data Submission Requirements for DoD Civilian Personnel: Workforce and Address Dynamic Records (ESD [PDF])
2013 - Executive Order 13636: Improving Critical Infrastructure Cybersecurity (Obama White House Archives, IT Law Wiki, Wikisource)
2013 - Executive Order 13642: Making Open and Machine Readable the New Default for Government Information (Obama White House Archives, IT Law Wiki, Wikisource)
2014 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-16 Rev. 1: A Role-Based Model for Federal Information Technology/Cybersecurity Traning (NIST, IT Law Wiki)
NIST SP 800-101 Rev. 1: Guidlines on Mobile Device Forensics (NIST, IT Law Wiki)
NIST SP 800-168: Approximate Matching (NIST, IT Law Wiki)
NIST SP 800-85B-4: PIV Data Model Test Guidelines (NIST)
NIST SP 800-147B: BIOS Protection Guidelines for Servers (NIST)
NIST SP 800-170: Computer Security Division 2013 Annual Report (NIST)
NIST SP 800-88 Rev. 1: Guidelines for Media Sanitization (NIST, IT Law Wiki)
NIST SP 800-53A Rev. 4: Assessing Security and Privacy Controls in Federal Information Systems and Organizations (NIST)
NIST SP 800-157: Guidelines for Derived Personal Identity Verification Credentials (NIST)

Interagency / Internal Report:

NISTIR 7628 Rev. 1: Guidelines for Smart Grid Cybersecurity (NIST, IT Law Wiki)
NISTIR 7849: A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification (NIST)
NISTIR 7924: Reference Certificate Policy (NIST)
NISTIR 7946: CVSS Implementation Guidance (NIST)
NISTIR 7983: Authentication Diary Study (NIST)
NISTIR 7991: United States Federal Employees' Password Management Behaviors – A Department of Commerce Case Study (NIST)

2014 - Office of Management and Budget Memoranda (White House [2014], Federal Privacy Council, IT Law Wiki)

M-14-11: Science and Technology Priorities for FY 2016 Budget
M-14-16: Guidance on Managing Email

2014 - Department of Defense Directive 3222.04: Electronic Warfare (EW) Policy (ESD [PDF])
2014 - Department of Defense Directive O-5100.19: Critical Information Communications (CRITICOMM) System
2014 - Department of Defense Directive 5144.02: DoD Chief Information Officer (DoD CIO) (ESD [PDF])
2014 - Department of Defense Issuance 8510.01: Risk Management Framework (RMF) for DoD Information Technology (IT) (ESD [PDF])
2014 - Department of Defense Issuance 8500.01: Cybersecurity (ESD [PDF])
2014 - Department of Defense Issuance 2040.02: International Transfers of Technology, Articles, and Services (ESD [PDF])
2014 - Department of Defense Issuance 8330.01: Interoperability of Information Technology (IT), Including National Security Systems (NSS) (ESD [PDF])
2014 - Department of Defense Issuance 8551.01: Ports, Protocols, and Services Management (PPSM) (ESD [PDF])
2014 - Committee on National Security Systems Instruction 1253 (DCSA [2014 PDF], IT Law Wiki)
2014 - Federal Information Security Modernization Act of 2014 (CISA, Congress, IT Law Wiki, Wikipedia)
2014 - Cybersecurity Enhancement Act of 2014 (Congress, IT Law Wiki, Privacy Wiki)
2014 - Digital Accountability and Transparency Act of 2014 (CIO, Congress, IT Law Wiki, Wikipedia)
2014 - National Cybersecurity Protection Act of 2014 (Congress, IT Law Wiki, )
2014 - Cybersecurity Workforce Assessment Act (Congress)
2014 - Homeland Security Cybersecurity Workforce Assessment Act (Congress)
2015 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-57 Part 3 Rev. 1: Recommendation for Key Management, Part 3 (NIST)
NIST SP 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations (NIST)
NIST SP 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification (NIST)
NIST SP 800-82 Rev. 2: Guide to Industrial Control Systems Security (NIST, IT Law Wiki)
NIST SP 500-304: Conformance Testing Methodology Framework for ANSI/NIST-ITL 1-2011 Update (NIST)
NIST SP 800-90A Rev. 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators (NIST, IT Law Wiki)
NIST SP 800-79-2: Guidelines for the Authorization of Personal Identity Verification Card Issuers and Derived PIV Credential Issuers (NIST)
NIST SP 800-176: Computer Security Division 2014 Annual Report (NIST, IT Law Wiki)
NIST SP 800-167: Guide to Application Whitelisting (NIST, IT Law Wiki)
NIST SP 800-152: A Profile for U.S. Federal Cryptogrpahic Key Management Systems (NIST, IT Law Wiki)

Interagency / Internal Report:

NISTIR 7823: Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework (NIST)
NISTIR 7863: Cardholder Authentication for the PIV Digital Signature Key (NIST, IT Law Wiki)
NISTIR 7904: Trusted Geolocation in the Cloud (NIST, IT Law Wiki)
NISTIR 7966: Security of Interactive and Automated Access Management Using Secure Shell (NIST)
NISTIR 7987 Rev. 1: Policy Machine (NIST)
NISTIR 8014: Considerations for Identity Management in Public Safety Mobile Networks (NIST)
NISTIR 8018: Public Safety Mobile Application Security Requirements Workshop Summary (NIST)
NISTIR 8023: Risk Management for Replication Devices (NIST, IT Law Wiki)
NISTIR 8041: Proceedings of the Cybersecurity for Direct Digital Manufacturing Symposium (NIST)
NISTIR 8050: Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy (NIST)
NISTIR 8053: De-Identification of Personal Information (NIST, IT Law Wiki)
NISTIR 8058: Security Content Automation Protocol Version 1.2 Content Style Guide (NIST)
NISTIR 8074 Vol. 1: Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity (NIST, IT Law Wiki)
NISTIR 8074 Vol. 2: Supplemental Information for the Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity (NIST, IT Law Wiki)
NISTIR 8085: Forming Common Platform Enumeration Names from Software Identification Tags (NIST)
NISTIR 8089: An Industrial Control System Cybersecurity Performance Testbed (NIST)

Federal Information Processing Standards:

FIPS 180-4: Secure Hash Standard (NIST)
FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions (NIST)

2015 - Office of Management and Budget Memoranda (White House [2015], Federal Privacy Council, IT Law Wiki)

M-15-01: Fiscal Year 2014-2015 Guidance on Improving Federal Information Security and Privacy Management Practices
M-15-13: Policy to Require Secure Connections across Federal Websites and Web Services
M-15-14: Management and Oversight of Federal Information Technology
M-15-16: Multi-Agency Science and Technology Priorities for the FY 2017 Budget
M-16-02: Category Management Policy 15-1: Improving the Acquisition and Management of Common Information Technology: Laptops and Desktops (IT Law Wiki)
M-16-03: Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements
M-16-04: Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government (IT Law Wiki)

2015 - Department of Defense Issuance 8310.01: Information Technology Standards in the DoD (ESD [PDF])
2015 - Department of Defense Issuance 8130.01: Installation Geospatial Information and Services (IGI&S) (ESD [PDF])
2015 - Department of Defense Issuance 8540.01: Cross Domain (CD) Policy (ESD [PDF])
2015 - Department of Defense Issuance 4650.10: Land Mobile Radio (LMR) Interoperability and Standardization (ESD [PDF])
2015 - Department of Defense Issuance 8320.07: Implementing the Sharing of Data, Information, and Information Technology (IT) Services in the Department of Defense (ESD [PDF])
2015 - Department of Defense Issuance 8580.02: Security of Individually Identifiable Health Information in DoD Health Care Programs (ESD [PDF])
2015 - Department of Defense Issuance 8440.01: DoD Information Technology (IT) Service Management (ITSM) (ESD [PDF])
2015 - Executive Order 13691: Promoting Private Sector Cybersecurity Information Sharing (Obama White House Archive, IT Law Wiki, Wikisource)
2015 - Executive Order 13694: Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities (GovInfo, IT Law Wiki, Wikisource)
2015 - Executive Order 13702: Creating a National Strategic Computing Initiative (GovInfo, IT Law Wiki, )

National Strategic Computing Initiative (NSF, Wikipedia)

2015 - Cybersecurity Act of 2015 (Congress, Sullivan & Cromwell [PDF], IT Law Wiki)

2015 - Cybersecurity Information Sharing Act of 2015 (Congress, CISA, IT Law Wiki, Wikipedia)

2015 - The Department of Defense Cyber Strategy (IT Law Wiki, Homeland Security Digital Library)
2015 - Binding Operational Directive 15-01 (CISA)
2015 - Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015 (Congress, Wikipedia)
2016 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-73-4: Interfaces for Personal Identity Verification (NIST, IT Law Wiki)
NIST SP 800-180: NIST Definition of Microservices, Application Containers and System Virtual Machines (NIST, IT Law Wiki)
NIST SP 800-125B: Secure Virtual Network Configuration for Virtual Machine Protection (NIST)
NIST SP 800-154: Guide to Data-Centric System Threat Modeling (NIST)
NIST SP 800-38G: Recommendation for Block Cipher Modes of Operation (NIST)
NIST SP 800-85A-4: PIV Card Application and Middleware Interface Test Guidelines (NIST)
NIST SP 800-90C: Recommendation for Random Bit Generator Constructions (NIST)
NIST SP 800-156: Representation of PIV Chain-of-Trust for Import and Export (NIST)
NIST SP 800-166: Derived PIV Application and Data Model Test Guidelines (NIST)
NIST SP 800-183: Network of 'Things' (NIST, IT Law Wiki)
NIST SP 800-114 Rev. 1: User's Guide to Telework and Bring Your Own Device Security (NIST)
NIST SP 800-46 Rev. 2: Guide to Enterprise Telework, Remote Access, and Bring Your Own Device Security (NIST, IT Law Wiki)
NIST SP 800-182: Computer Security Division 2015 Annaul Report (NIST)
NIST SP 800-175A: Guideline for Using Cryptographic Standards in the Federal government (NIST)
NIST SP 800-178: A Comparison of Attribute Based Access Control Standards for Data Service Applications (NIST)
NIST SP 800-150: Guide to Cyber Threat Information Sharing (NIST, IT Law Wiki)
NIST SP 800-38B: Recommendation for Block Cipher Modes of Operation (NIST)
NIST SP 500-320: Report of the Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (NIST)
NIST SP 800-179: Guide to Securing Apple OS X 10.10 Systems for IT Professionals (NIST)
NIST SP 800-188: De-Identifying Government Datasets (NIST)
NIST SP 800-185: SHA-3 Derived Functions (NIST)
NIST SP 800-184: Guide for Cybersecurity Event Recovery (NIST, IT Law Wiki)

Interagency / Internal Report:

NISTIR 7511 Rev. 4: Security Content Automation Protocol Version 1.2 Validation Program Test Requirements (NIST)
NISTIR 7621 Rev. 1: Small Business Information Security (NIST, IT Law Wiki)
NISTIR 7977: NIST Cryptographic Standards and Guidelines Development Process (NIST)
NISTIR 8040: Measuring the Usability and Security of Permuted Passwords on Mobile Platforms (NIST)
NISTIR 8054: NSTIC Pilots(NIST)
NISTIR 8055: Derived Personal Identity Verification Credentials Proof of Concept Research (NIST)
NISTIR 8060: Guidelines for the Creation of Interoperable Software Identification Tags(NIST)
NISTIR 8080: Usability and Security Considerations for Public Safety Mobile Authentication (NIST, IT Law Wiki)
NISTIR 8103: Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem (NIST)
NISTIR 8105: Report on Post-Quantum Cryptography (NIST)
NISTIR 8138: Vulnerability Description Ontology (NIST)
NISTIR 8144: Assessing Threats to Mobile Devices & Infrastructure (NIST)
NISTIR 8151: Dramatically Reducing Software Vulnerabilities (NIST, IT Law Wiki)

2016 - Office of Management and Budget Memoranda (White House [2016], Federal Privacy Council, IT Law Wiki)

M-16-12: Category Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing (IT Law Wiki)
M-16-13: Guidance for Agencies on Transfers from the Spectrum Relocation Fund for Research and Development and Planning Activities
M-16-14: Category Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response
M-16-15: Federal Cybersecurity Workforce Strategy
M-16-19: Data Center Optimization Initiative (DCOI)
M-16-20: Category Management Policy 16-3: Improving the Acquisition and Management of Common Information Technology: Mobile Devices and Services
M-16-21: Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software (IT Law Wiki)

2016 - Department of Defense Directive 8521.01E: DoD Biometrics (ESD [PDF])
2016 - Department of Defense Directive 51005.72: Defense Technology Security Administration (DTSA) (ESD [PDF])
2016 - Department of Defense Issuance 8530.01: Cybersecurity Activities Support to DoD Information Network Operations (ESD PDF)
2016 - Executive Order 13718: Commission on Enhancing National Cybersecurity (Obama White House Archive, GovInfo, IT Law Wiki)

Commission on Enhancing National Cybersecurity (Wikipedia)

2016 - Executive Order 13757: Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (GovInfo, IT Law Wiki, Wikipedia)
2016 - Federal Cybersecurity Research and Development Strategic Plan (IT Law Wiki)
2016 - Binding Operational Directive 16-01 (CISA)
2016 - Binding Operational Directive 16-02 (CISA)
2016 - Binding Operational Directive 16-03 (CISA)
2016 - Making Electronic Government Accountable By Yielding Tangible Efficiencies Act of 2016 (Congress, IT Law WIki)
2017 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-121 Rev. 2: Guide to Bluetooth Security (NIST)
NIST SP 800-12 Rev. 1 (NIST, IT Law Wiki)
NIST SP 800-192: Verification and Test Methods for Access Control Policies/Models (NIST)
NIST SP 1800-9: Access Rights Management for the Financial Services Sector (NIST)
NIST SP 1800-3: Attribute Based Access Control (NIST)
NIST SP 800-190: Application Container Security Guide (NIST, IT Law Wiki)
NIST SP 800-195: 2016 NIST/ITL Cybersecurity Program Annual Report (NIST)
NIST SP 800-67 Rev. 2: Recommendation for the Triple Data Encryption Algorithm Block Cipher (NIST)
NIST SP 800-187: Guide to LET Security (NIST)

Interagency / Internal Report:

NISTIR 8011 Vol. 1: Automation Support for Security Control Assessments (NIST, IT Law Wiki)
NISTIR 8011 Vol. 2: Automation Support for Security Control Assessments (NIST, IT Law Wiki)
NISTIR 8062: An Introduction to Privacy Engineering and Risk Management in Federal Systems (NIST, IT Law Wiki)
NISTIR 8114: Report on Lightweight Cryptography (NIST, IT Law Wiki)
NISTIR 8139: Identifying Uniformity with Entropy and Divergence (NIST)
NISTIR 8165: Impact of Code Complexity on Software Analysis (NIST)
NISTIR 8176: Security Assurance Requirements for Linux Application Container Deployments (NIST)
NISTIR 8188: Key Performance Indicators for Process Control System Cybersecurity Performance Analysis (NIST)
NISTIR 8192: Enhancing Resilience of the Internet and Communications Ecosystem (NIST, IT Law Wiki)
NISTIR 8193: National Initiative for Cybersecurity Education Framework Work Role Capability Indicators (NIST)
NISTIR 8194: Exploratory Lens Model of Decision-Making in a Potential Phishing Attack Scenario (NIST)
NISTIR 8201: Internet of Things (IoT) Cybersecurity Colloquium (NIST, IT Law Wiki)

2017 - Office of Management and Budget Memoranda (White House [2017], Federal Privacy Council, IT Law Wiki)

M-17-02: Precision Medicine Initiative Privacy and Security
M-17-04: Additional Guidance for Data Act Implementation: Further Requirements For Reporting And Assuring Data Reliability
M-17-05: Fiscal Year 2016 – 2017 Guidance On Federal Information Security And Privacy Management Requirements
M-17-06: Policies for Federal Agency Public Websites and Digital Services
M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information
M-17-25: Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (IT Law Wiki)
M-17-30: Fiscal Year 2019 Administration Research and Development Budget Priorities

2017 - Executive Order 13794: Establishment of the American Technology Council (GovInfo, Federal Register)
2017 - Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (CISA, IT Law Wiki)
2017 - Binding Operational Directive 17-01 (CISA)
2017 - Binding Operational Directive 18-01 (CISA)
2017 - Strengthening State and Local Cyber Crim Fighting Act of 2017 (Congress, Wikipedia)
2017 - Countering America's Adversaries Through Sanctions Act (Congress)
2017 - Strengthening State and Local Cyber Crime Fighting Act of 2017 (Congress)
2018 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation (NIST)
NIST SP 1800-6: Domain Name System-Based Electronic Mail Security (NIST)
NIST SP 800-126 Rev. 3: The Technical Specification for the Security Content Automation Protocol (NIST)
NIST SP 800-126A: SCAP 1.3 Component Specification Version Updates (NIST)
NIST SP 800-70 Rev. 4: National Checklist Program for IT Products (NIST)
NIST SP 500-325: Fog Computing Conceptual Model (NIST)
NIST SP 800-160 Vol. 1: Systems Security Engineering (NIST)
NIST SP 800-56A Rev. 3: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography (NIST)
NIST SP 800-87 Rev. 2: Codes for Identification of Federal and Federally-Assisted Organizations (NIST)
NIST SP 800-193: Platform Firmware Resiliency Guidelines (NIST, IT Law Wiki)
NIST SP 800-202: Quick Start Guide for Populating Mobile Test Devices (NIST)
NIST SP 800-125A Rev. 1: Security Recommendations for Server-based Hypervisor Platforms (NIST)
NIST SP 800-171A: Assessing Security Requirements for Controlled Unclassified Information (NIST, IT Law Wiki)
NIST SP 800-116 Rev. 1: Guidelines for the Use of PIV Credentials in Faciility Access (NIST)
NIST SP 800-203: 2017 NIST/ITL Cybersecurity Program Annual Report (NIST, IT Law Wiki)
NIST SP 800-71: Recommendation for Key Establishment Using Symmetric Block Ciphers (NIST)
NIST SP 1800-2: Identity and Access Management for Electric Utilities (NIST, IT Law Wiki)
NIST SP 1800-1: Securing Electronic Health Records on Mobile Devices (NIST, IT Law Wiki)
NIST SP 1800-8: Securing Wireless Infusion Pumps in Healthcare Delivery Oganizations (NIST)
NIST SP 1800-5: IT Asset Management (NIST, IT Law Wiki)
NIST SP 1800-18: Privilieged Account Management for the Financial Services Sector (NIST)
NIST SP 800-179 Rev. 1: Guide to Securing Apple macOS 10.12 Systems for IT Professionals (NIST)
NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations (NIST, IT Law Wiki)

Interagency / Internal Report:

NISTIR 7511 Rev. 5: Security Content Automation Protocol Version 1.3 Validation Program Test Requirements (NIST)
NISTIR 8011 Vol. 3: Automation Support for Security Control Assessments (NIST)
NISTIR 8112: Attribute Metadata (NIST)
NISTIR 8149: Developing Trust Frameworks to Support Identity Federations (NIST)
NISTIR 8179: Criticality Analysis Process Model (NIST)
NISTIR 8200: Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (NIST, IT Law Wiki)
NISTIR 8202: Blockchain Technology Overview (NIST)
NISTIR 8241: Organizational Views of NIST Cryptographic Standards and Testing and Validation Programs (NIST)

2018 - Office of Management and Budget Memoranda (White House [2018], Federal Privacy Council, IT Law Wiki)

M-18-12: Implementation of the Modernizing Government Technology Act
M-18-22: FY 2020 Administration Research and Development Budget Priorities
M-18-25: Modernize Infrastructure Permitting Cross-Agency Priority Goal Performance Accountability System

2018 - Department of Defense Directive 5101.19E: DoD Executive Agents for the DoD Cyber Test and Cyber Training Ranges (ESD [PDF])
2018 - Department of Defense Directive 8470.01E: DoD Executive Agent (DoD EA) for Commercial Software Product Management of Core Enterprise Technology Agreements (CETAs) (ESD [PDF])
2018 - Executive Order 13821: Streamlining and Epediting Requests to Locate Broadband Facilities in Rural America (Federal Register)
2018 - Department of Defense Cyber Strategy Summary (DOD [PDF], IT Law Wiki)
2018 - Binding Operational Directive 18-02 (CISA)
2018 - Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA, Congress, IT Law Wiki, Wikipedia)
2018 - Evidence-Based Policy Making Act (CIO, Congress, Wikipedia)
2018 - Open, Public, Electronic, and Necessary Government Data Act (DATA, CIO, Congress, Data Foundation, IT Law Wiki, Wikipedia)
2018 - National Institute of Standards and Technology Small Business Cybersecurity Act (Congress, IT Law Wiki)
2018 - Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act (Congress)
2019 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 1800-4: Mobile Device Security (NIST, IT Law Wiki)
NIST SP 800-177 Rev. 1: Trustworthy Email (NIST, IT Law Wiki)
NIST SP 800-38G Rev. 1: Recommendation for Block Cipher Modes of Operation (NIST)
NIST SP 800-56B Rev. 2: Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography (NIST)
NIST SP 800-131A Rev. 2: Transitioning the Use of Cryptographic Algorithms and Key Lengths (NIST)
NIST SP 800-163 Rev. 1: Vetting the Security of Mobile Applications (NIST)
NIST SP 800-205: Attribute Considerations for Access Control Systems (NIST)
NIST SP 1800-14: Protecting the Integrity of Internet Routing (NIST)
NIST SP 1800-17: Multifactor Authentication for E-Commerce (NIST, IT Law Wiki)
NIST SP 800-162: Guide to Attribute Based Access Control Definitions and Considerations (NIST, IT Law Wiki)
NIST SP 800-204: Security Strategies for Microservices-based Application Systems (NIST)
NIST SP 1800-7: Situational Awareness for Electric Utilities (NIST)
NIST SP 1800-12: Derived Personal Identity Verification Credentials (NIST)
NIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security Implementations (NIST)
NIST SP 800-128: Guide for Security-Focused Configuration Management of Information systems (NIST, IT Law Wiki)
NIST SP 1500-4r2: NIST Big Data Interoperability Framework (NIST)
NIST SP 800-186: Recommendations for Discrete Logarithm-Based Cryptography (NIST)
NIST SP 800-189: Resilient Interdomain Traffic Exchange (NIST)

Interagency / Internal Report:

NISTIR 7298 Rev. 3: Glossary of Key Information Security Terms (NIST, IT Law Wiki)
NISTIR 8177: Metrics and Key Performance Indicators for Robotic Cybersecurity Performance Analysis (NIST)
NISTIR 8183: Cybersecurity Framework Manufacturing Profile (NIST)
NISTIR 8183A Vol. 1: Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide (NIST)
NISTIR 8183A Vol. 2: Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide (NIST)
NISTIR 8183A Vol. 3: Cybersecurity Framework Manufacturing Profile Low Impact Level Example Implementations Guide (NIST)
NISTIR 8213: A Reference for Randomness Beacons (NIST)
NISTIR 8214: Threshold Schemes for Cryptographic Primitives (NIST)
NISTIR 8221: A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data (NIST)
NISTIR 8227: Manufacturing Profile Implementation Methodology for a Robotic Workcell (NIST)
NISTIR 8228: Considerations for Managing Internet of Things Cybersecurity and Privacy Risks (NIST, IT Law Wiki)
NISTIR 8240: Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process (NIST)
NISTIR 8267: Security Review of Consumer Home Internet of Things Products (NIST, IT Law Wiki)
NISTIR 8268: Status Report on the First Round of the NIST Lightweight Cryptography Standardization Process (NIST)
NISTIR 8269: A Taxonomy and Terminology of Adversarial Machine Learning (NIST)

Federal Information Processing Standards:

FIPS 140-3: Security Requirements for Cryptographic Modules (NIST)
FIPS 186-5: Digital Signature Standard (NIST)

2019 - Office of Management and Budget Memoranda (White House [2019], Federal Privacy Council, IT Law Wiki)

M-19-02: Fiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements
M-19-03: Strengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program (IT Law Wiki)
M-19-19: Update to Data Center Optimization Initiative
M-19-21: Transition of Electronic Records
M-19-25: FY 2021 Administration Research and Development Budget Priorities
M-19-26: Update to the Trusted Internet Connections (TIC) Initiative

2019 - Department of Defense Issuance 8170.01: Online Information Management and Electronic Messaging (ESD [PDF])
2019 - Department of Defense Issuance 6025.18: Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Compliance in DoD Health Care Programs (ESD [PDF])
2019 - Department of Defense Issuance 2000.26: DoD Use of the Federal Bureau of Investigation (FBI) eGuardian System (ESD [PDF])
2019 - Executive Order 13859: Maintaining American Leadership in Artificial Intelligence (GovInfo, IT Law Wiki, Wikipedia)
2019 - Executive Order 13873: Securing the Information and Communications Technology and Services Supply Chain (GovInfo, IT Law Wiki)
2019 - Emergency Directive 19-01 (CISA)
2019 - Creating Advanced Streamlined Electronic Services for Constituents Act of 2019 (CIO, Congress, Cornell LII)
2019 - Binding Operational Directive 19-02 (CISA)
2019 - Cyberspace Solarium Commission (CSC, IT Law Wiki, Wikipedia)
2019 - Cybersecurity Maturity Model Certification (Acquisition & Sustainment, IT Law Wiki)
2020 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-63A: Digital Identity Guidelines (NIST)
NIST SP 800-63C: Digital Identity Guidelines (NIST)
NIST SP 800-63-4: Digital Identity Guidelines (NIST)
NIST SP 800-63-3: Digital Identity Guidelines (NIST)
NIST SP 800-63B: Digital Identity Guidelines (NIST, IT Law Wiki)
NIST SP 800-206: Annual Report 2018 (NIST)
NIST SP 800-140B: CMVP Security Policy Requirements (NIST)
NIST SP 800-140A: CMVP Documentation Requirements (NIST)
NIST SP 800-140F: CMVP Approved Non-Invasice Attack Mitigation Test Metrics (NIST)
NIST SP 800-140E: CMVP Approved Authetication Mechanisms (NIST)
NIST SP 800-140C: CMVP Approved Security Functions (NIST)
NIST SP 800-140D: CMVP Approved Sensitive Parameter Generation and Establishment Methods (NIST)
NIST SP 800-140: FIPS 140-3 Derived Test Requirements (NIST)
NIST SP 800-124 Rev. 2: Guidelines for Managing the Security of Mobile Devices in the Enterprise (NIST)
NIST SP 800-175B Rev. 1: Guideline for Using Cryptographic Standards in the Federal Governemnt (NIST)
NIST SP 800-57 Part 2 Rev. 1: Recommendation for Key Management (NIST)
NIST SP 800-57 Part 1 Rev. 5: Recommendation for Key Management (NIST)
NIST SP 1800-23: Energy Sector Asset Management (NIST)
NIST SP 800-137A: Assessing Information Security Continuous Monitoring Programs (NIST)
NIST SP 800-204A: Building Secure Microservices-based Applications Using Service-Mesh Architecture (NIST)
NIST SP 800-133 Rev. 2: Recommendation for Cryptographic Key Generation (NIST)
NIST SP 1800-16: Securing Web Transactions (NIST)
NIST SP 800-77 Rev. 1: Guide to IPsec VPNs (NIST)
NIST SP 800-210: General Access Control Guidance for Cloud Systems (NIST)
NIST SP 800-207: Zero Trust Architecture (NIST)
NIST SP 800-56C Rev. 2: Recommendation for Key-Derivation Methods in Key-Establishment Schemes (NIST)
NIST SP 1500-16: Improving Veteran Transitions to Civilian Cybersecurity Roles (NIST)
NIST SP 800-211: 2019 NIST/ITL Cybersecurity Program Annual Report (NIST, IT Law Wiki)
NIST SP 800-46 Rev. 3: Guide to Enterprise Telework Security (NIST)
NIST SP 1800-21: Mobile Device Security (NIST)
NIST SP 1800-11: Data Integrity (NIST, IT Law Wiki)
NIST SP 800-55 Rev. 2: Performance Measurement Guide for Information Security (NIST)
NIST SP 800-209: Security Guidelines for Storage Infrastructure (NIST)
NIST SP 800-208: Recommendation for Stateful Hash-Based Signature Schemes (NIST)
NIST SP 800-181 Rev. 1: Workforce Framework for Cybersecurity (NIST)
NIST SP 1800-26: Data Integrity (NIST, IT Law Wiki)
NIST SP 1800-25: Data Integrity (NIST)
NIST SP 800-53 Rev. 5: Security and Privacy Controls for Information Ssytems and Organizations (NIST, IT Law Wiki)
NIST SP 800-53B: Control Baselines for Information Systems and Organizations (NIST)
NIST SP 1800-24: Securing Picture Archiving and Communication Systems (NIST)

Interagency / Internal Report:

NISTIR 8006: NIST Cloud Computing Forensic Science Challenges (NIST)
NISTIR 8011 Vol. 4: Automation Support for Security Control Assessments (NIST)
NISTIR 8183 Rev. 1: Cybersecurity Framework Version 1.1 Manufacturing Profile (NIST)
NISTIR 8196: Security Analysis of First Responder Mobile and Wearable Devices (NIST)
NISTIR 8214A: NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives (NIST)
NISTIR 8219: Securing Manufacturing Industrial Control Systems (NIST)
NISTIR 8235: Security Guidance for First Responder Mobile and Wearable Devices (NIST)
NISTIR 8246: Collaborative Vulnerability Metadata Acceptance Process for CVE Numbering Authorities and Authorized Data Publishers (NIST)
NISTIR 8259: Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST)
NISTIR 8259A: IoT Device Cybersecurity Capability Core Baseline (NIST, IT Law Wiki)
NISTIR 8259C: Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline (NIST)
NISTIR 8278: National Online Informative References Program (NIST)
NISTIR 8278A: National Online Informative References Program (NIST)
NISTIR 8286: Integrating Cybersecurity and Enterprise Risk Management (NIST)
NISTIR 8287: A Roadmap for Successful Regional Alliances and Multistakeholder Partnerships to Build the Cybersecurity Workforce (NIST)
NISTIR 8294: Symposium on Federally Funded Research on Cybersecurity of Electric Vehicle Supply Equipment (NIST)
NISTIR 8309: Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process (NIST)

Federal Information Processing Standards:

FIPS 201-3: Personal Identity Verification of Federal Employees and Contractors (NIST)

2020 - Office of Management and Budget Memoranda (White House [2020], Federal Privacy Council, IT Law Wiki)

M-20-04: Fiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements
M-20-13: Updated Guidance on Telework Flexibilities in Response to Coronavirus
M-20-15: Updated Guidance for the National Capital Region on Telework Flexibilities in Response to Coronavirus
M-20-19: Harnessing Technology to Support Mission Continuity
M-20-32: Improving Vulnerability Identification, Management, and Remediation

2020 - Department of Defense Directive 5101.21E: DoD Executive Agent for Unified Platform and Joint Cyber Command and Control (JCC2) (ESD [PDF])
2020 - Department of Defense Directive 5137.02: Under Secretary of Defense for Research and Engineering (USD(R&E)) (ESD [PDF])
2020 - Department of Defense Directive 3610.01: Electromagnetic Spectrum Enterprise Policy (ESD [PDF])
2020 - Department of Defense Directive 8140.01: Cyberspace Workforce Management (ESD [PDF])
2020 - Department of Defense Issuance 5000.82: Acquisition of Information Technology (ESD [PDF])
2020 - Department of Defense Issuance 5000.83: Technology and Program Protection to Maintain Technological Advantage (ESD [PDF])
2020 - Department of Defense Issuance 5000.90: Cybersecurity for Acquisition Decision Authorities and Program Managers (ESD [PDF])
2020 - Department of Defense Issuance 8523.01: Communications Security (ESD [PDF])
2020 - Executive Order 13920: Executive Order on Securing the United States Bulk-Power System (Federal Register, IT Law Wiki, Wikisource)
2020 - Emergency Directive 20-02 (CISA)
2020 - Internet of Things Cybersecurity Improvement Act of 2020 (CIO, Congress, IT Law Wiki)
2020 - Emergency Directive 20-03 (CISA)
2020 - Binding Operational Directive 20-01 (CISA)
2020 - Emergency Directive 21-01 (CISA)
2020 - Emergency Directive 20-04 (CISA)
2020 - Information Technology Modernization Centers of Excellence Program Act (GSA, CIO, Congress)
2020 - Identifying Outputs of Generative Adversarial Networks Act (Congress,)
2021 - National Institute of Standards and Technology (NIST Publications, IT Law Wiki)

Special Publication:

NIST SP 800-171 Rev. 2: Protecting Controlled Unclassified Information in Nonfederal systems and Organizations (NIST, IT Law Wiki)
NIST SP 1800-33: 5G Cybersecurity (NIST)
NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information (NIST)
NIST SP 1800-22: Mobile Device Security (NIST)
NIST SP 1800-27: Securing Property Management Systems (NIST)
NIST SP 800-82 Rev. 3: Guide to Industrial Control Systems Security (NIST)
NIST SP 800-172A: Assessing Enhanced Security Requirements for Controlled Unclassified Information (NIST)
NIST SP 800-66 Rev. 2: Implementing the HIPAA Security Rule (NIST)
NIST SP 1800-30: Security Telehealth Remote Patient Monitoring Ecosystem (NIST)
NIST SP 1800-15: Securing Small-Business and Home Internet of Things Devices (NIST, IT Law Wiki)
NIST SP 800-216: Recommendations for Federal Vulnerability Disclosure Guidelines (NIST)
NIST SP 800-47 Rev. 1: Managing the Security of Information Exchanges (NIST)
NIST SP 800-53A Rev. 5: Assessing Security and Privacy Controls in Information Systems and Organizations (NIST)
NIST SP 1271: Getting Started with the NIST Cybersecurity Framework (NIST)
NIST SP 800-204B: Attribute-based Access Control for Microservices-based Applications using a Service Mesh (NIST)
NIST SP 800-140C Rev. 1: CMVP Approved Security Functions (NIST)
NIST SP 800-140D Rev. 1: CMVP Approved Sensitive Paramter Generation and Establishment Methods (NIST)
NIST SP 800-140F Rev. 1: CMVP Approved Non-Invasive Attack Mitigation Test Metrics (NIST)
NIST SP 1800-13: Mobile Application Single Sign-On (NIST)
NIST SP 1800-32: Security the Industrial Internet of Things (NIST)
NIST SP 800-50 Rev. 1: Building a Cybersecurity and Privacy Awareness and Training Program (NIST)
NIST SP 1800-10: Protecting Information and System Integrity in Industrial Control System Environments (NIST)
NIST SP 800-214: 2020 Cybersecurity and Privacy Annual Report (NIST)
NIST SP 800-204C: Implementation of DevSecOps for a Microservices-based Application with Service Mesh (NIST)
NIST SP 800-218: Secure Software Development Framework Version 1.1 (NIST)
NIST SP 800-108 Rev. 1: Recommendation for Key Derivation Using Pseudorandom Functions (NIST)
NIST SP 1800-19: Trusted Cloud (NIST)
NIST SP 800-161 Rev. 1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST)
NIST SP 1800-31: Improving Enterprise Patching for General IT Systems (NIST)
NIST SP 800-40 Rev. 4: Guide to Enterprise Patch Management Planning (NIST)
NIST SP 1800-34: Validating the Integrity of Computing Devices (NIST)
NIST SP 800-213: IoT Device Cybersecurity Guidance for the Federal Government (NIST, IT Law Wiki)
NIST SP 800-213A: IoT Device Cybersecurity Guidance for the Federal Governemnt (NIST)
NIST SP 800-160 Vol. 2 Rev. 1: Developing Cyber-Resilient Systems (NIST)

Interagency / Internal Report:

NISTIR 8170: Approaches for Federal Agencies to Use the Cybersecurity Framework (NIST, IT Law Wiki)
NISTIR 8212: ISCMA (NIST)
NISTIR 8259B: IoT Non-Technical Supporting Capability Core Baseline (NIST)
NISTIR 8270: Introduction to Cybersecurity for Commercial Satellite Operations (NIST)
NISTIR 8276: Key Practices in Cyber Supply Chain Risk Management (NIST)
NISTIR 8286A: Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (NIST)
NISTIR 8286B: Prioritizing Cybersecurity Risk for Enterprise Risk Management (NIST)
NISTIR 8301: Blockchain Networks (NIST)
NISTIR 8319: Review of the Advanced Encryption Standard (NIST)
NISTIR 8320: Hardware-Enabled Security (NIST)
NISTIR 8320A: Hardware-Enabled Security (NIST)
NISTIR 8320B: Hardware-Enabled Security (NIST)
NISTIR 8322: Workshop Summary Report for “Building the Federal Profile For IoT Device Cybersecurity” Virtual Workshop (NIST)
NISTIR 8323: Foundational PNT Profile (NIST)
NISTIR 8333: Workshop Summary Report for “Cybersecurity Risks in Consumer Home Internet of Things Products” Virtual Workshop (NIST)
NISTIR 8334 : Using Mobile Device Biometrics for Authenticating First Responders (NIST)
NISTIR 8335: Identity as a Service for Public Safety Organizations (NIST)
NISTIR 8336: Background on Identity Federation Technologies for the Public Safety Community (NIST)
NISTIR 8344: Ontology for Authentication (NIST)
NISTIR 8347: NIST Test Personal Identity Verification Cards Version 2 (NIST)
NISTIR 8355: NICE Framework Competencies (NIST)
NISTIR 8356: Considerations for Digital Twin Technology and Emerging Standards (NIST)
NISTIR 8360: Machine Learning for Access Control Policy Verification (NIST)
NISTIR 8369: Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process (NIST)
NISTIR 8374: Cybersecurity Framework Profile for Ransomware Risk Management (NIST)
NISTIR 8379: Summary Report for the Virtual Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance (NIST)
NISTIR 8403: Blockchain for Access Control Systems (NIST)

2021 - Office of Management and Budget Memoranda (White House [2021], Federal Privacy Council, IT Law Wiki)

M-21-02: Fiscal Year 2020-2021 Guidance on Federal Information Security and Privacy Management Requirements
M-21-05: Extension of Data Center Optimization Initiative (DCOI)
M-21-06: Guidance for Regulation of Artificial Intelligence Applications
M-21-07: Completing the Transition to Internet Protocol Version 6 (IPv6)
M-21-30: Protecting Critical Software Through Enhanced Security Measures
M-21-31: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incident

2021 - Department of Defense Directive 5105.36: Defense Contract Audit Agency (ESD [PDF])
2021 - Department of Defense Issuance 8140.02: Identification, Tracking, and Reporting of Cyberspace Workforce Requirements (ESD [PDF])
2021 - Executive Order 14007: President's Council of Advisors on Science and Technology (Federal Register, Wikisource)
2021 - Executive Order 14028: Improving the Nation's Cybersecurity (CISA, NIST, Wikisource)
2021 - Executive Order 14034: Protecting Americans' Sensitive Data From Foreign Adversaries (Federal Regsiter, GovInfo)
2021 - Emergency Directive 21-02 (CISA)
2021 - Emergency Directive 21-03 (CISA)
2021 - Emergency Directive 21-04 (CISA)
2021 - Binding Operational Directive 22-01 (CISA)
2021 - Emergency Directive 22-02 (CISA)
2021 - K-12 Cybersecurity Act of 2021 (Congress)
2022 - Office of Management and Budget Memoranda (White House [2022], Federal Privacy Council, IT Law Wiki)

M-22-01: Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response
M-22-05: Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management Requirements

2022 - Infrastructure Investment and Jobs Act (Congress)

2022 - Cyber Response and Recovery Act
2022 - State and Local Cybersecurity Improvement Act

2022 - Strengthening American Cybersecurity Act of 2022 (Congress)