U.S. flag   An official website of the United States government

Drafts Open for Comment

Comment periods are still open for the draft publications listed below. Select the publication title for more information about draft downloads, information, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Showing 10 matching records.

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Automation of the Cryptographic Module Validation Program (CMVP). Publication of this project description begins a process to further identify project requirements, scope, and hardware and software...

To help secure our elections, NIST has released Draft NISTIR 8310, Cybersecurity Framework Election Infrastructure Profile. This Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to election infrastructure. The Profile is meant to supplem...

Many organizations now support their employees' use of personal mobile devices to remotely perform work-related activities. This increasingly common practice, known as BYOD (Bring Your Own Device), provides employees with increased flexibility to telework and access organizational information resour...

NIST’s National Cybersecurity Center of Excellence (NCCoE) has posted for comment a Preliminary Draft of SP 1800-32 (Volumes A and B) on Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources. The use of small-scale distributed energy resources (DERs), such as wi...

Since NIST Special Publication (SP) 800-82 Rev. 2, Guide to Industrial Control Systems (ICS) Security, was published in 2015, many of the tools, technologies, standards, and recommended practices encompassing control system cybersecurity have changed. NIST has initiated an update of SP 800-82 to in...

Increasingly, healthcare delivery organizations (HDOs) incorporate telehealth and remote patient monitoring (RPM) as part of a patient’s care regimen. RPM systems may offer convenience and may be cost effective for patients and HDOs, which promotes increased adoption rates. Without adequate privacy...

The protection of controlled unclassified information (CUI) in nonfederal systems and organizations—especially CUI associated with a critical program or high value asset—is important to federal agencies and can directly impact the ability of the Federal Government to successfully carry out its assig...

More than ever, organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain. These risks can decrease an en...

Summary NIST is planning to update NIST Special Publication (SP) 800-66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST’s cybersecurity resources have evolved since SP 800-66, Revisio...

Digital twin technology is an emerging area of research and standardization. Because of this, there may be a lack of clarity as to what is new with digital twins and what promise this technology holds. This report provides a detailed definition of digital twins, the motivation and vision for their u...