Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

SummaryNIST seeks to update and improve the guidance in Special Publication (SP) 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. Specifically, NIST seeks feedback on the document’s current use, proposed updates in the initial working draft and...

The initial public drafts (ipd) of NIST Special Publication (SP) 800-55, Measurement Guide for Information Security, Volume 1 – Identifying and Selecting Measures and Volume 2 – Developing an Information Security Measurement Program are available for comment after extensive research, development,...

The initial public drafts (ipd) of NIST Special Publication (SP) 800-55, Measurement Guide for Information Security, Volume 1 – Identifying and Selecting Measures and Volume 2 – Developing an Information Security Measurement Program are available for comment after extensive research, development,...

The Addressing Visibility Challenges with TLS 1.3 project builds on the NCCoE's earlier work, TLS Server Certificate Management, which showed organizations how to centrally monitor and manage their TLS certificates. We are now focusing on protocol enhancements such as TLS 1.3 which have helped...

Quick-start guides are supplemental resources for the NIST Cybersecurity Framework (CSF) 2.0. See more information on CSF 2.0 quick-start guides. NIST seeks comments on this initial public draft by May 3, 2024. Submit comments to cyberframework@nist.gov.

Quick-start guides are supplemental resources for the NIST Cybersecurity Framework (CSF) 2.0. See more information on CSF 2.0 quick-start guides. NIST seeks comments on this initial public draft by May 3, 2024. Submit comments to cyberframework@nist.gov.

Quick-start guides are supplemental resources for the NIST Cybersecurity Framework (CSF) 2.0. See more information on CSF 2.0 quick-start guides. NIST seeks comments on this initial public draft by May 3, 2024. Submit comments to cyberframework@nist.gov.

Since the NIST Cybersecurity Framework (CSF) was first released in 2014, the CSF has been used by communities with shared interests in cybersecurity risk management. These communities developed what are now called “Community Profiles” to outline shared interests, goals, and outcomes within a...

SummaryNIST plans to update NIST IR 7621 Rev. 1, Small Business Information Security: The Fundamentals and is issuing this Pre-Draft Call for Comments to solicit feedback. The public is invited to provide input by 12 p.m. ET on May 16, 2024. DetailsSince NIST IR 7621 Revision 1 was published in...