National Institute of Standards and Technology (NIST) said its Computer Security Division is going to withdraw 11 SP 800 publications it said are outdated.
NIST’s 800 series Special Publications (SP) focus on cybersecurity and include guidelines, technical specifications, recommendations, and annual reports. These publications are meant to address and support the security and privacy needs of government agencies, but they are often used and referenced by private sector companies.
After they are withdrawn, their details pages, Digital Object Identifiers (DOIs) and fulltext PDF links will remain available for historical reference under CSRC publications, with their status changing from “Final” to “Withdrawn.”
NIST’s website currently lists over 180 SP 800 publications, including drafts and final versions. Eleven of them, which are now considered out of date, will be withdrawn August 1, and will not be revised or superseded.
The following SP 800 publications will be withdrawn, with the reason for withdrawal listed for each document:
1. SP 800-13 (October 1995): Telecommunications Security Guidelines for Telecommunications Management Network —describes outdated technologies
2. SP 800-17 (February 1998): Modes of Operation Validation System (MOVS): Requirements and Procedures — validation system is for deprecated algorithms, such as DES and Skipjack
3. SP 800-19 (October 1999): Mobile Agent Security — environments and technologies far less complex than what is used today
4. SP 800-23 (August 2000): Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products — based on outdated laws, regulations and executive directives
5. SP 800-24 (April 2001): PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else Does — does not address newer technologies, such as VOIP
6. SP 800-33 (December 2001): Underlying Technical Models for Information Technology Security — describes a model that pre-dates the Risk Management Framework and Cybersecurity Framework
7. SP 800-36 (October 2003): Guide to Selecting Information Technology Security Products — outdated references and it does not reflect current types of security products
8. SP 800-43 (November 2002): Systems Administration Guidance for Securing Windows 2000 Professional System — Windows 2000 no longer supported
9. SP 800-65 (January 2005): Integrating IT Security into the Capital Planning and Investment Control Process — pre-dates the Cybersecurity Framework and other important SP 800 guidance
10. SP 800-68 Rev. 1 (October 2008): Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist — Windows XP no longer supported
11. SP 800-69 (September 2006): Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist — Windows XP no longer supported