This index provides a full listing of UNCLASSIFIED issuances, as issued by the Committee on National Security Systems (CNSS), as well as a document listing all current, cancelled, and superseded issuances in the Index of National Security Systems, found below. To obtain an issuance not offered below, refer to our Contact List for more information.
- Index of National Security Systems Issuances
- Dated January 2008; includes a complete listing of all current CNSS issuances and historical record of all cancelled or superseded issuances
Policies
- CNSSP-1
- National Policy for Safeguarding and Control of Communications Security Material - dated September 2004; Supersedes NCSC-1, dated 16 January 1981
- CNSSP-3
- National Policy for Granting Access to U.S. Classified Cryptographic Information - dated October 2007
- NCSC-5
- National Policy on Use of Cryptomaterial by Activities Operating in High Risk Environments - dated 6 January 1981
- CNSSP-6
- National Policy on Certification and Accreditation of National Security Telecommunications and Information Systems - dated October 2005; Supersedes NSTISSP-6, dated 8 April 1994
- NSTISSP-11
- Fact Sheet for the National Information Assurance Acquisition Policy - dated July 2003
- CNSSP-12
- National Information Assurance Policy for Space Systems Used to Support National Security Missions - dated 20 March 2007; Supersedes NSTISSP-12, dated January 2001
- CNSSP-14
- National Policy Governing the Release of Information Assurance (IA) Products and Services to Authorized U.S. Persons or Activities that are Not a Part of the Federal Government - dated November 2002
- CNSSP-15
- Fact Sheet No. 1 for the National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information - June 2003
- CNSSP-17
- National Information Assurance (IA) Policy on Wireless Capabilities - dated August 2005
- CNSSP-18
- National Policy on Classified Information Spillage - dated June 2006
- CNSSP-19
- National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products - dated February 2007
- CNSSP-21
- National Information Assurance Policy on Enterprise Architectures for National Security Systems - dated March 2007
- NSTISSP-101
- National Policy on Securing Voice Communications - dated 14 September 1999
- NSTISSP-200
- National Policy on Controlled Access Protection - dated 15 July 1987
Directives
- CNSSD-500
- Information Assurance (IA) Education, Training, and Awareness - dated August 2006; Supersedes NSTISSD-500, dated 25 February 1993
- NSTISSD-501
- National Training Program for Information Systems Security (INFOSEC) Professionals - dated 16 November 1992
- CNSSD-502
- National Directive On Security of National Security Systems - dated 16 December 2004; Supersedes NSTISSD-502, dated 5 February 1993
- CNSSD-900
- Governing Procedures of the Committee on National Security Systems (CNSS), dated 16 December 2004; Supersedes NSTISSD-502, dated April 2000
- CNSSD-901
- National Security Telecommunications and Information Systems Security (CNSS) Issuance System, dated 16 December 2004; Supersedes NSTISSD-502, dated April 2000
Instructions
- NACSI-6002
- National COMSEC Instruction, dated 14 June 1984
- NSTISSI-1000
- National Information Assurance Certification and Accreditation Process (NIACAP), dated April 2000
- CNSSI-1001
- National Instruction On Classified Information Spillage, dated February 2008
- NSTISSI-3028
- Operational Security Doctrine for the FORTEZZA User PCMCIA Card, dated December 2001
- CNSSI-4007
- Communications Security (COMSEC) Utility Program, dated November 2007
- CNSSI-4008
- Program for the Management and Use of National Reserve Information Assurance Security Equipment, dated March 2007
- CNSSI-4009
- National Information Assurance Glossary, dated May 2003; revised June 2006
- NSTISSI-4011
- National Training Standard for Information Systems Security (INFOSEC) Professionals, dated 20 June 1994
- CNSSI-4012
- National Information Assurance Training Standard for Senior Systems Managers, dated June 2004; Supersedes NSTISSI No. 4012, dated August 1997
- CNSSI-4013
- National Information Assurance Training Standard For System Administrators (SA), dated March 2004
- CNSSI-4014
- Information Assurance Training Standard for Information Systems Security Officers, dated April 2004; Supersedes NSTISSI No. 4014, dated August 1997
- NSTISSI-4015
- National Training Standard for Systems Certifiers, dated December 2000
- CNSSI-4016
- National Information Assurance Training Standard For Risk Analysts, dated November 2005
- CNSSI-5000
- Guidelines for Voice Over Internet Protocol (VoIP) Computer Telephony, dated April 2007; Supersedes TSG Standard 2b, dated April 2006
- CNSSI-5001
- Type-Acceptance Program for Voice Over Internet Protocol (VoIP) Telephones, dated December 2007
- NSTISSI-7003
- Protective Distribution Systems (PDS), dated 13 December 1996
Advisory Memoranda
- NSTISSAM INFOSEC 1-99
- The Insider Threat to U.S. Government Information Systems, dated July 1999
- NSTISSAM INFOSEC 1-00
- Advisory Memorandum for the Use of the Federal Information Processing Standards (FIPS) 140-1 Validated Cryptographic Modules in Protecting Unclassified National Security Systems - dated 8 February 2000
- NSTISSAM INFOSEC 2-00
- Advisory Memorandum for the Strategy for Using the National Information Assurance Partnership (NIAP) for the Evaluation of Commercial Off-The-Shelf (COTS) Security Enabled Information Technology Products, dated 8 February 2000
- NSTISSAM INFOSEC 3-00
- Advisory Memorandum on WebBrowser Security Vulnerabilities, dated August 2000
- NSTISSAM COMSEC 1-85
- Advisory Memorandum on Release of Communications Security Equipment, Material or Information to Foreign Enterprises - dated 29 October 1985
- NSTISSAM COMSEC 1-98
- AN/CYZ-10/10A Data Transfer Device Training - dated August 1998
- NSTISSAM COMPUSEC 1-87
- Advisory Memorandum on Office Automation Security Guideline - dated 16 January 1987
- NSTISSAM COMPUSEC 1-98
- The Role of Firewalls and Guards in Enclave Boundary Protection - dated December 1998
- NSTISSAM COMPUSEC 1-99
- Advisory Memorandum on the Transition From the Trusted Computer System Evaluation Criteria to the International Common Criteria for Information Technology Security Evaluation, dated 11 March 1999
- NSTISSAM TEMPEST 1-00
- Maintenance and Disposition of TEMPEST Equipment, dated December 2000
- CNSSAM IA 1-04
- Advisory Memorandum for Information Assurance (IA) - Security Through Product Diversity - dated July 2004
- CNSSAM IA 2-04
-
Advisory Memorandum for Information Assurance (IA) - Retirement of Data Encryption Standard (DES) Based Cryptography to Protect National Security Systems - dated November 2004; revised March 2005
TSG Standards
- TSG STANDARD 1
- Introduction to Telephone Security, dated March 1990
- TSG STANDARD 2
- TSG Guidelines for Computerized Telephone Systems, dated March 1990
- NTSWG STANDARD 2a
- NTSWG Guidelines for Computerized Telephone Systems Supplemental, dated March 2001
- NTSWG STANDARD 2b (Superseded by CNSSI-5000)
- NTSWG Guidelines for Voice Over Internet Protocol (VoIP) Computer Telephony, dated April 2006
- TSG STANDARD 3
- Type-Acceptance Program for Telephones used with the Conventional Central Office Interface, dated March 1990
- TSG STANDARD 4
- Type-Acceptance Program for Electronic Telephones used in Computerized Telephone Systems, dated March 1990
- TSG STANDARD 5
- On-Hook Telephone Audio Security Performance Specification, dated March 1990
- TSG STANDARD 6
- Telephone Security Group Approved Equipment, dated March 1990; updated June 2006
- TSG STANDARD 7
- TSG Guidelines for Cellular Telephones, dated September 1994
- TSG STANDARD 8
- Microphonic Response Criteria for Non-communications Devices, dated October 1994
TSG Information Series
- Computerized Telephone Systems (CTSs): A Review of CTS Deficiencies, Threats and Risks
- Dated December 1994
- Executive Overview
- Dated January 1996
- Central Office (CO) Interfaces
- Dated November 1997
- Everything You Always Wanted to Know About Telephone Security (but were afraid to ask)
- Dated December 1998
CNSS Report
- CNSS Report
- 2007/2008 Committee on National Security Systems (CNSS) Report: An Agenda for Safeguarding National Security Systems, dated Mar 2008
Other
- CNSS-048-07
- National Information Assurance (IA) Approach to Incident Management, dated May 2007
- CNSS-079-07
- Frequently Asked Questions (FAQ) on Incidents and Spills, dated August 2007
To obtain an issuance not offered in the CNSS Library, refer to our Contact List for more information.