NIST - Safety guidelines
References to the 10 most popular National Institute of Standards and Technology publications and resources.
NIST National Institute of Standards and Technology
NIST is a federal standardisation body in the United States that develops cyber security standards, guidelines and risk management frameworks. The NIST Publication (FIPS) is recognised as a methodological reference for international use and is directly aligned with the scope of the requirements of Article 21 of the NIS2 Directive (EU 2022/2555).
| Code | Name | Subject/application | Year | Source |
|---|---|---|---|---|
| NIST CSF 2.0 | Cybersecurity Framework | Risk management-based cybersecurity management framework in six functions: Government, Identity, Protect, Detect, Reply, Recover. Use as a technical basis for the systematic implementation of the risk management measures of Article 21 of the NIS2. | 2024 | Open |
| SP 800-53 Rev. 5 | Security and Privacy Controls for Information Systems and Organizations | Catalogue of over 1,000 security and privacy controls for information systems and organisations. To be used as detailed reference for formalising security policies under Article 21 (2) (a) of the NIS2. | 2020 | Open |
| SP 800-171 Rev. 3 | Protection Controlled Unclassified Information in Nonfederal Systems | A set of 110 safety requirements for the protection of controlled non-classified information (CUI) in non-federal environments. Directly applicable to the obligations of supply chain partners (Article 21 (2) (d) of the CIS2). | 2024 | Open |
| SP 800-37 Rev. 2 | Risk Management Framework for Information Systems | The seven-tier risk management framework (Prepare, Categorize, Select, Implementation, Assessment, Authentication, Monitor). Structured methodology to meet the risk analysis requirements of Article 21 (2) (a) of the NIS2. | 2018 | Open |
| SP 800-30 Rev.1 | Guide for Conducting Risk Assessments | Risk assessment process - identification of threat sources, analysis of probability of occurrence and consequences, mapping of vulnerabilities. The basic document supporting the risk management measures in Article 21 of the NIS2. | 2012 | Open |
| SP 800-61 Rev. 3 | Incident Responses Recommendations and Consultations | Incident management life cycle: preparation, detection, containment, restoration and post-incident analysis. Supports compliance with the obligations on notification under Article 21 (2) (b) and Article 23 of the NIS2. | 2025 | Open |
| SP 800-63B-4 | Digital Identity Guidelines - Authentication and Authentication Management | Levels of authentication security (AAL1), password policy, multifactor authentication, introduction of FIDO2 and WebAuthn. Reference document for fulfilling the requirements of Article 21 (2) (j) of the NIS2. | 2024 | Open |
| SP 800-207 | Zero Trust Architecture | The basic principles of the Zero Confidence Architecture (ZTA) - continuous verification, policy implementation and decision-making components (PEP/PDP), gradual transition model from perimeter architecture. | 2020 | Open |
| SP 800-115 | Technical Guide to Information Security Testing and Assessment | Technical methodology for security testing - penetration testing, scanning vulnerability, network identification. Supports the compliance assessment requirements of Article 21 (2) (f) of the NIS2. | 2008 | Open |
| SP 800-88 Rev.1 | Guidelines for Media Sanitization | Methods of safe destruction of media (clear, purge, destroy) according to information classification levels. Mandatory end-of-life asset withdrawal control element. | 2014 | Open |