CNSS Index of National Security Systems Issuances

This index provides a full listing of UNCLASSIFIED issuances, as issued by the Committee on National Security Systems (CNSS), as well as a document listing all current, cancelled, and superseded issuances in the Index of National Security Systems, found below. To obtain an issuance not offered below, refer to our Contact List for more information.

Index of National Security Systems Issuances: Dated 1 October 2012; includes a complete listing of all current CNSS issuances and historical record of all cancelled or superseded issuances

Policies

CNSSP-1: National Policy for Safeguarding and Control of Communications Security Material - dated September 2004; Supersedes NCSC-1, dated 16 January 1981
CNSSP-3: National Policy for Granting Access to U.S. Classified Cryptographic Information - dated October 2007
NCSC-5: National Policy on Use of Cryptomaterial by Activities Operating in High Risk Environments - dated 6 January 1981
NSTISSP-11: Fact Sheet for the National Information Assurance Acquisition Policy - dated July 2003
CNSSP-12: National Information Assurance Policy for Space Systems Used to Support National Security Missions - dated 20 March 2007; Supersedes NSTISSP-12, dated January 2001
CNSSP-14: National Policy Governing the Release of Information Assurance (IA) Products and Services to Authorized U.S. Persons or Activities that are Not a Part of the Federal Government - dated November 2002
CNSSP-17: Policy on Wireless Communications: Protecting National Security Information - dated May 2010
CNSSP-18: National Policy on Classified Information Spillage - dated June 2006
CNSSP-19: National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products - dated February 2007
CNSSP-21: National Information Assurance Policy on Enterprise Architectures for National Security Systems - dated March 2007
CNSSP-22: Information Assurance Risk Management Policy for National Security Systems - dated January 2012
CNSSP-24: Policy on Assured Information Sharing (AIS) for National Security Systems (NSS) - dated May 2010
CNSSP-25: National Policy For Public Key Infrastructure in National Security Systems - dated March 2009
CNSSP-26: National Policy on Reducing the Risk of Removable Media - dated November 2010
NSTISSP-101: National Policy on Securing Voice Communications - dated 14 September 1999
NSTISSP-200: National Policy on Controlled Access Protection - dated 15 July 1987

Directives

CNSSD-500: Information Assurance (IA) Education, Training, and Awareness - dated August 2006; Supersedes NSTISSD-500, dated 25 February 1993
NSTISSD-501: National Training Program for Information Systems Security (INFOSEC) Professionals - dated 16 November 1992
CNSSD-502: National Directive On Security of National Security Systems - dated 16 December 2004; Supersedes NSTISSD-502, dated 5 February 1993
CNSSD-900: Governing Procedures of the Committee on National Security Systems (CNSS), dated 16 December 2004; Supersedes NSTISSD-502, dated April 2000
CNSSD-901: National Security Telecommunications and Information Systems Security (CNSS) Issuance System, dated 16 December 2004; Supersedes NSTISSD-502, dated April 2000

Instructions

CNSSI-1001: National Instruction On Classified Information Spillage, dated February 2008
CNSSI-1300: National Instruction On Public Key Infrastructure X.509 Certificate Policy, Under CNSS Policy No. 25, dated June 2011
CNSSI-1253: Security Categorization and Control Selection for National Security Systems, dated March 2012
CNSSI-1253a: Security Overlays Template, dated March 2012
NSTISSI-3028: Operational Security Doctrine for the FORTEZZA User PCMCIA Card, dated December 2001
CNSSI-4007: Communications Security (COMSEC) Utility Program, dated November 2007
CNSSI-4008: Program for the Management and Use of National Reserve Information Assurance Security Equipment, dated March 2007
CNSSI-4009: National Information Assurance Glossary, dated May 2003; revised April 2010
NSTISSI-4011: National Training Standard for Information Systems Security (INFOSEC) Professionals, dated 20 June 1994
CNSSI-4012: National Information Assurance Training Standard for Senior Systems Managers, dated June 2004; Supersedes NSTISSI No. 4012, dated August 1997
CNSSI-4013: National Information Assurance Training Standard For System Administrators (SA), dated March 2004
CNSSI-4014: Information Assurance Training Standard for Information Systems Security Officers, dated April 2004; Supersedes NSTISSI No. 4014, dated August 1997
NSTISSI-4015: National Training Standard for Systems Certifiers, dated December 2000
CNSSI-4016: National Information Assurance Training Standard For Risk Analysts, dated November 2005
CNSSI-4031: Cryptographic High Value Products (CHVP), dated February 2012
CNSSI-5000: Guidelines for Voice Over Internet Protocol (VoIP) Computer Telephony, dated April 2007; Supersedes TSG Standard 2b, dated April 2006
CNSSI-5001: Type-Acceptance Program for Voice Over Internet Protocol (VoIP) Telephones, dated December 2007
CNSSI-5002: National Information Assurance (IA) Instruction for Computerized Telephone Systems, dated February 2012
CNSSI-5006: National Instruction for Approved Telephone Equipment, dated September 2011; Supersedes TSG Standard 6, dated June 2006
NACSI-6002: National COMSEC Instruction, dated 14 June 1984
NSTISSI-7003: Protective Distribution Systems (PDS), dated 13 December 1996

Advisory Memoranda

NSTISSAM INFOSEC 1-99: The Insider Threat to U.S. Government Information Systems, dated July 1999
NSTISSAM INFOSEC 1-00: Advisory Memorandum for the Use of the Federal Information Processing Standards (FIPS) 140-1 Validated Cryptographic Modules in Protecting Unclassified National Security Systems - dated 8 February 2000
NSTISSAM INFOSEC 2-00: Advisory Memorandum for the Strategy for Using the National Information Assurance Partnership (NIAP) for the Evaluation of Commercial Off-The-Shelf (COTS) Security Enabled Information Technology Products, dated 8 February 2000
NSTISSAM INFOSEC 3-00: Advisory Memorandum on WebBrowser Security Vulnerabilities, dated August 2000
NSTISSAM COMSEC 1-85: Advisory Memorandum on Release of Communications Security Equipment, Material or Information to Foreign Enterprises - dated 29 October 1985
NSTISSAM COMSEC 1-98: AN/CYZ-10/10A Data Transfer Device Training - dated August 1998
NSTISSAM COMPUSEC 1-87: Advisory Memorandum on Office Automation Security Guideline - dated 16 January 1987
NSTISSAM COMPUSEC 1-98: The Role of Firewalls and Guards in Enclave Boundary Protection - dated December 1998
NSTISSAM COMPUSEC 1-99: Advisory Memorandum on the Transition From the Trusted Computer System Evaluation Criteria to the International Common Criteria for Information Technology Security Evaluation, dated 11 March 1999
NSTISSAM TEMPEST 1-00: Maintenance and Disposition of TEMPEST Equipment, dated December 2000
CNSSAM IA 1-04: Advisory Memorandum for Information Assurance (IA) - Security Through Product Diversity - dated July 2004
CNSSAM IA 2-04: Advisory Memorandum for Information Assurance (IA) - Retirement of Data Encryption Standard (DES) Based Cryptography to Protect National Security Systems - dated November 2004; revised March 2005
CNSSAM IA 1-10: Advisory Memorandum for Information Assurance (IA) - Reducing the Risk of Removable Media in National Security Systems - dated December 2010
CNSSAM IA 1-12: Advisory Memorandum for Information Assurance (IA) - NSA-Approved Commercial Solution Guidance - dated June 2012

TSG Standards

TSG STANDARD 1: Introduction to Telephone Security, dated March 1990
TSG STANDARD 2: TSG Guidelines for Computerized Telephone Systems, dated March 1990
NTSWG STANDARD 2a: NTSWG Guidelines for Computerized Telephone Systems Supplemental, dated March 2001
NTSWG STANDARD 2b (Superseded by CNSSI-5000): NTSWG Guidelines for Voice Over Internet Protocol (VoIP) Computer Telephony, dated April 2006
TSG STANDARD 3: Type-Acceptance Program for Telephones used with the Conventional Central Office Interface, dated March 1990
TSG STANDARD 4: Type-Acceptance Program for Electronic Telephones used in Computerized Telephone Systems, dated March 1990
TSG STANDARD 5: On-Hook Telephone Audio Security Performance Specification, dated March 1990
TSG STANDARD 6 (Superseded by CNSSI-5006): Telephone Security Group Approved Equipment, dated March 1990; updated June 2006
TSG STANDARD 7: TSG Guidelines for Cellular Telephones, dated September 1994
TSG STANDARD 8: Microphonic Response Criteria for Non-communications Devices, dated October 1994

TSG Information Series

Computerized Telephone Systems (CTSs): A Review of CTS Deficiencies, Threats and Risks: Dated December 1994
Executive Overview: Dated January 1996
Central Office (CO) Interfaces: Dated November 1997
Everything You Always Wanted to Know About Telephone Security (but were afraid to ask): Dated December 1998

CNSS Report

CNSS Report: Progress Against 2008 Priorities: Committee on National Security Systems (CNSS) Report: Progress Against 2008 Priorities, dtd April 2009

CNSS Report: An Agenda for Safeguarding National Security Systems: 2007/2008 Committee on National Security Systems (CNSS) Report: An Agenda for Safeguarding National Security Systems, dated Mar 2008

Other

CNSS-002-11: Vendors Equipment Approval Memo CNSS 01-11 2010, dated January 2011
CNSS-009-10: Vendors Equipment Approval Memo CNSS 06 through 08, dated March 2010
CNSS-094-09: Vendors Equipment Approval Memo CNSS 01 through 05, dated November 2009
CNSS-048-07: National Information Assurance (IA) Approach to Incident Management, dated May 2007
CNSS-079-07: Frequently Asked Questions (FAQ) on Incidents and Spills, dated August 2007

To obtain an issuance not offered in the CNSS Library, refer to our Contact List for more information.

The Committee on National Security Systems