NIST – National Institute of Standards and Technology

NIST – National Institute of Standards and Technology,  is a unit of the U.S. Commerce Department. It promotes and maintains measurement standards for Information Technology.

NIST published “An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (SP 800-66 Revision 1)” in October 2008 to assist covered entities in understanding and properly using the set of federal information security requirements adopted by the Secretary of Health and Human Services (HHS) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Public Law 104-191). HIPAA required the Secretary to adopt, among other standards, security standards for certain health information. These standards, known as the HIPAA Security Rule, were published on February 20, 2003.  In the preamble to the Security Rule, several NIST publications were cited as potentially valuable resources for readers with specific questions and concerns about IT security.


NIST publications, many of which are required for federal agencies, can serve as voluntary guidelines and best practices for state, local, and tribal governments and the private sector, and may provide enough depth and breadth to help organizations of many sizes select the type of implementation that best fits their unique circumstances. NIST security standards and guidelines (Federal Information Processing Standards [FIPS], Special Publications in the 800 series), which can be used to support the requirements of both HIPAA and FISMA, may be used by organizations to help provide a structured, yet flexible framework for selecting, specifying, employing, and evaluating the security controls in information systems.

NIST Publications

NIST 800-12 Handbook – Introduction to Computer Security

SP-800-66-Revision1 – An introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule

800-14 – Generally Accepted Principles and Practices for Securing Information Technology Systems

800-34 – Contingency Planning Guide

800-53 – Recommended Security Controls

800-118 – Guide to Password Management

800-144 – Public Cloud Computing

800-30 – Guide to Risk Management

800-66 – Guide to Implementing the HIPAA Security Rule