U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Showing 8 matching records.

The national and economic security of the United States (US) is dependent upon the reliable functioning of the nation’s critical infrastructure. Positioning, Navigation, and Timing (PNT) services are widely deployed throughout this infrastructure. In a government-wide effort to mitigate the potentia...

The NCCoE has released this draft Project Description, which begins a process to solicit public comments for the project requirements, scope, and hardware and software components for use in a laboratory environment. The project will focus initially on developing and documenting an applied risk-ba...

NIST is posting two draft Special Publications (SP) on the Enterprise Impact of Information and Communications Technology (ICT) Risk, with a public comment period open through September 6, 2022. The increasing dependency on ICT means that all enterprises must ensure ICT risks receive the appropri...

NIST is posting two draft Special Publications (SP) on the Enterprise Impact of Information and Communications Technology (ICT) Risk, with a public comment period open through September 6, 2022. The increasing dependency on ICT means that all enterprises must ensure ICT risks receive the appropri...

The Zero Trust Architecture (ZTA) team at NIST's National Cybersecurity Center of Excellence (NCCoE) has published volumes C and D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" and is seeking the public's comments on its contents. This guide summarizes how...

NIST plans to update the Controlled Unclassified Information (CUI) series of publications, starting with Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. To support this planned update, NIST is issuing this Pre-Draft Call for C...

The enterprise network landscape has undergone a significant transformation in the last decade. The drivers for this transformation are enterprise access to multiple cloud services, the geographic spread of enterprise-owned (on-premises) IT resources (e.g., in a central office, multiple branch offic...

The HIPAA Security Rule specifically focuses on protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI), as defined by the Security Rule. All HIPAA-regulated entities must comply with the requirements of the Security Rule. This draft update:...