U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Showing 9 matching records.

The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment. The foundation of any cloud data center or edge computing security strategy should be securing the platform on which data and workloads will...

The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment. The foundation of any cloud data center or edge computing security strategy should be securing the platform on which data and workloads will...

The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment. The foundation of any cloud data center or edge computing security strategy should be securing the platform on which data and workloads will...

NIST has just released the second public draft of Special Publication (SP) 800-161 Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, for public comment. We listened to your comments from earlier this year about the first version, we’ve made new changes,...

This draft document advances assignments to NIST in Sec. 4 (s) of Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity” related to cybersecurity labeling for consumer software. It complements a similar document addressing cybersecurity-related consumer labeling for Internet of Things (I...

The National Cybersecurity Center of Excellence (NCCoE) has released two draft publications on enterprise patch management for public comment. Patching is a critical component of preventive maintenance for computing technologies—a cost of doing business, and a necessary part of what organizations ne...

The National Cybersecurity Center of Excellence (NCCoE) has released two draft publications on enterprise patch management for public comment. Patching is a critical component of preventive maintenance for computing technologies—a cost of doing business, and a necessary part of what organizations ne...

This preliminary draft of Volume C of SP 1800-34, Validating the Integrity of Computing Devices, includes specific product installation, configuration, and integration instructions for building the example implementation. By releasing each volume of the practice guide as a preliminary draft, we can...

This document specifies families of key derivation functions for deriving additional keys from existing cryptographic keys. This revision specifies key derivation functions using Keccak-based message authentication codes (KMAC) in addition to key derivation functions using keyed-hash message auth...