Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

The Advanced Encryption Standard (AES) specifies a subset of the Rijndael block cipher family with 128-bit blocks that was submitted to the NIST AES development effort. While this block size remains sufficient for many applications, the increasing demand for processing large volumes of data...

According to the U.S. Small Business Administration Office of Advocacy, there are 34.8 million small businesses in the United States, comprising 99% of all U.S. businesses. Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though...

High-performance computing (HPC) systems provide fundamental computing infrastructure for large-scale artificial intelligence (AI) and machine learning (ML) model training, big data analysis, and complex simulations at exceptional speeds. Securing HPC systems is essential for safeguarding AI models,...

NIST is releasing the draft revision of NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, in keeping with the requirement in the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 to revisit NIST’s IoT cybersecurity guidelines every five years. This...

The system security plan, system privacy plan, and cybersecurity supply chain risk management plan–collectively referred to as system plans– consolidate information about the assets and individuals being protected within an authorization boundary and its interconnected systems. System plans serve as...

This draft CSF 2.0 Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cybersecurity risk to semiconductor manufacturing. The semiconductor manufacturing environment is a complex ecosystem of device makers, equipment OEMs, suppliers and solution...

SummaryA cryptographic accordion is a tweakable block cipher mode that is itself a cipher on variable-length input. NIST proposes to develop three general-purpose accordions:Acc128 to support typical usage (birthday bounds) with the Advanced Encryption Standard (AES)Acc256 to support typical usage...