Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.
Also see a complete list of public drafts that includes those whose comment periods have closed.
This NIST report on artificial intelligence (AI) develops a taxonomy of attacks and mitigations and defines terminology in the field of adversarial machine learning (AML). Taken together, the taxonomy and terminology are meant to inform other standards and future practice guides for assessing and... |
Understanding how the elements of diverse sources of cybersecurity and privacy content are related to each other is an ongoing challenge for people in nearly every organization. This document explains NIST’s proposed approach for identifying and documenting relationships between concepts such as... |
The Zero Trust Architecture (ZTA) team at NIST's National Cybersecurity Center of Excellence (NCCoE) has published the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture” and is seeking the public's comments on its contents.This guide... |
Cloud-native applications are made up of multiple loosely coupled components called microservices. This class of applications is generally developed through an agile software development life cycle (SDLC) paradigm called DevSecOps, which uses flow processes called continuous integration/continuous... |
Non-fungible token (NFT) technology provides a mechanism to sell and exchange both virtual and physical assets on a blockchain. While NFTs are most often used for autographing digital assets (associating one’s name with a digital object), they utilize a strong cryptographic foundation that may... |
Cybersecurity awareness and training resources, methodologies, and requirements have evolved since NIST SP 800-50 was introduced in 2003. New guidance from the National Defense Authorization Act (NDAA) for FY2021 and the Cybersecurity Enhancement Act of 2014 have informed this revision. In addition,... |
The Zero Trust Architecture (ZTA) team at NIST's National Cybersecurity Center of Excellence (NCCoE) has released the second version of volume E of a preliminary draft practice guide titled Implementing a Zero Trust Architecture and is seeking the public's comments on the contents. This guide... |
To support implementation of the research cybersecurity effort detailed in Section 10229 of the CHIPS and Science Act, NIST is leading an initiative to disseminate and make publicly available resources to help qualifying institutions of higher education identify, assess, manage, and reduce... |
This is the public draft of the NIST Cybersecurity Framework (CSF or Framework) 2.0.The Framework has been used widely to reduce cybersecurity risks since its initial publication in 2014. Many organizations have told NIST that CSF 1.1 remains an effective framework for addressing cybersecurity... |
This is the discussion draft of Implementation Examples (Examples) for the NIST Cybersecurity Framework (CSF or Framework) 2.0. It complements and is based on the Core from the NIST CSF 2.0 Public Draft, also open for comment. NIST seeks input on: concrete improvements to the Examples;whether the... |
The NIST National Cybersecurity Center of Excellence (NCCoE) has released the second preliminary drafts of volumes A and D of NIST SP 1800-36, Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management. The comment period is open until November 10, 2023.About the... |
In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently... |
In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently... |
In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently... |
In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently... |
NIST requests comments on three draft Federal Information Processing Standards (FIPS):FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism StandardFIPS 204, Module-Lattice-Based Digital Signature Standard FIPS 205, Stateless Hash-Based Digital Signature StandardThese proposed standards specify... |
NIST requests comments on three draft Federal Information Processing Standards (FIPS):FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism StandardFIPS 204, Module-Lattice-Based Digital Signature Standard FIPS 205, Stateless Hash-Based Digital Signature StandardThese proposed standards specify... |
NIST requests comments on three draft Federal Information Processing Standards (FIPS):FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism StandardFIPS 204, Module-Lattice-Based Digital Signature Standard FIPS 205, Stateless Hash-Based Digital Signature StandardThese proposed standards specify... |