U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NISTIR 8270 (Draft)

Introduction to Cybersecurity for Commercial Satellite Operations (2nd Draft)

Date Published: February 25, 2022
Comments Due: April 8, 2022 (public comment period is CLOSED)
Email Questions to: DraftIR8270Comments@nist.gov


Matthew Scholl (NIST), Theresa Suloway (MITRE)


Space operations are vital to advancing the security, economic prosperity, and scientific knowledge of the Nation. However, cyber-related threats to space assets and their supporting infrastructure pose increasing risks to the economic promise of emerging markets in space. This second draft of NISTIR 8270, Introduction to Cybersecurity for Commercial Satellite Operations, presents a specific method for applying the Cybersecurity Framework (CSF) to commercial space business and describes an abstracted set of cybersecurity outcomes, requirements, and suggested controls.

The draft also:

  • Clarifies scope with an emphasis on the satellite itself,
  • Updates examples for clarity,
  • Adds more detailed steps for developing a current and target profile and risk analysis, and
  • Provides references for relevant regulations around commercial space.

Reviewers are asked to provide feedback on additional threat models that might help in the development of organization profiles, informative references on the application of security controls to satellites, and standards or informative references that might benefit all readers.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



commercial space satellite operations; cybersecurity; cybersecurity risk management; risk management
Control Families

None selected


NISTIR 8270 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
06/29/21: NISTIR 8270 (Draft)
02/25/22: NISTIR 8270 (Draft)


Security and Privacy
risk management

positioning navigation & timing