U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafts Open for Comment

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Showing 9 matching records.

Organizations throughout the world face the challenge of identifying trustworthy computing devices to function daily. Cyber supply chains are constantly at risk of compromise, whether intentional or unintentional. Once a supply chain has been compromised, the security of that device may no longer be...

Control assessments are not about checklists, simple pass/fail results, or generating paperwork to pass inspections or audits. The testing and evaluation of controls in a system or organization to determine the extent to which the controls are implemented correctly, operating as intended, and produc...

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description for Mitigating Cybersecurity Risk in Telehealth Smart Home Integration. The publication of this project description begins a process to further identify project requirements, scope, and hardware and...

This revised draft addresses the public comments provided for the preliminary draft released in June 2021. Ransomware is a type of malware that encrypts an organization’s data and demands payment as a condition of restoring access to that data. In some instances, ransomware may also steal an orga...

Space operations are vital to advancing the security, economic prosperity, and scientific knowledge of the Nation. However, cyber-related threats to space assets and supporting infrastructure pose increasing risks to the economic promise of emerging markets in space. This draft report describes c...

This report continues an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), with a focus on the use of enterprise objectives to prioritize, optimize, and respond to cybersecurity risks. The NISTIR 8286 series of documents...

The use of small-scale distributed energy resources (DERs) is growing rapidly and transforming the power grid. In fact, a distribution utility may need to remotely communicate with thousands of DERs and other grid-edge devices—many of which are not owned by them.  Any attack that can deny, disr...

Cybersecurity awareness and training resources, methodologies, and requirements have evolved since NIST Special Publication (SP) 800-50, Building an Information Technology Security Awareness and Training Program, was published in 2003 and companion document NIST SP 800-16, Information Technology Sec...

Draft NIST SP 1800-10 provides a practical example solution to help manufacturers protect their Industrial Control Systems (ICS) from data integrity attacks. Manufacturers are increasingly relying on ICS to monitor and control physical processes to produce goods for public consumption. ICS has also...