Drafts Open for Comment

Comment periods are still open for the draft publications listed below. Select the publication title for more information about draft downloads, information, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Showing 6 matching records.

This report provides a more in-depth discussion of the concepts introduced in the NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). It specifically highlights that cybersecurity risk management (CSRM) is an integral part of ERM—both taking its direction from ERM and inform...

NIST’s National Cybersecurity Center of Excellence (NCCoE) has posted for comment a preliminary draft—the first of three volumes of an upcoming practice guide on 5G cybersecurity. This practice guide can benefit organizations operating or using 5G networks, as well as network operators and equipment...

Organizations frequently share information through various information exchange channels based on mission and business needs. In order to protect the confidentiality, integrity, and availability of exchanged information commensurate with risk, the information being exchanged requires protection at t...

Privacy-enhancing cryptography (PEC) refers to cryptography used to enhance privacy, beyond the traditional sense of data confidentiality. For example, it enables sophisticated interactions that obtain a useful output of the combined information of multiple entities, although without them sharing th...

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Addressing Visibility Challenges with TLS 1.3. Publication of this draft project description begins a process to solicit feedback about the project scope, demonstration scenarios, and high-level arc...

This draft document is the result of an effort to define authentication by examining mechanisms used to prove position or membership; analyzing existing methods, tools, and techniques; and developing an abstract representation of authentication features and services. Basic mechanisms used to accompl...