National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Commerce Department. NIST security publications (Special Publications in the 800 series) may be used by organizations to provide a structured, yet flexible framework for selecting, specifying, employing, and evaluating the security controls in information systems.
The documents, available in both draft and published forms, offer guidelines and recommendations on subjects as varied as setting up a security awareness program to recommendation of a specific block cipher.
One of the most comprehensive guides, very helpful to companies that are developing a control framework is NIST SP 800-53, “Recommended Security Controls for Federal Information Systems”. This document describes fundamental concepts and defines the process of selecting and specifying controls for information systems with different risk profiles. It also maps the controls to other frameworks and baseline documents, including ISO 17799.
NIST SP 800-66,"An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule", (draft document as of March 2005) identifies NIST guidance documents that can help organizations with HIPAA security standards compliance, including FIPS publications.