Computer Security Resource Center

Computer Security Resource Center

    Publications

Drafts Open for Comment

Draft publications listed below have comment periods that are still open. Select the publication title for more information about the draft and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our publications.
For a complete list of public drafts that have not been obsoleted (either retired or followed by a new draft or final publication) see the list of all public drafts.

Showing 8 matching records.

This paper provides background information on trusted IoT device network-layer onboarding and lifecycle management. It defines a taxonomy of onboarding characteristics that will enable stakeholders to have a common language to describe and express their onboarding capabilities and fully capture the...

Volume A of the preliminary draft practice guide, Improving Enterprise Patching for General IT Systems, is available for public comment. The National Cybersecurity Center of Excellence (NCCoE) is following an experimental agile process for this practice guide. Instead of posting all volumes at the s...

The National Cybersecurity Center of Excellence (NCCoE) has released the final public draft of the NIST Cybersecurity Practice Guide, SP 1800-15, “Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD),” and is s...

Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. NIST's National Cybersecurity Center of Excellence (NCCoE)...

Summary NIST requests review and comments on Special Publication (SP) 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. This documents presents recommendations for safeguarding the technologies used for telework and remote access. The public...

NIST’s objective is to deliver a PNT Cybersecurity Profile (hereafter, the Profile) that can be adapted to the needs of PNT service users in the public and private sectors. Furthermore, through the Profile, NIST seeks to increase organizational awareness of the extent to which they use and rely on P...

The National Cybersecurity Center of Excellence (NCCoE) is seeking comments from industry on the challenges of identification, authentication, and authorization for devices in the Internet of Things (IoT) space; specifically requirements for authentication and authorization of autonomous non-person...

The NIST Cloud Computing Security Working Group (NCC-SWG) issued Draft SP 500-299, NIST Cloud Computing Security Reference Architecture, in May 2013. See the NCC-SWG homepage for additional details.