U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Showing 9 matching records.

This preliminary draft of Volume C of SP 1800-34, Validating the Integrity of Computing Devices, includes specific product installation, configuration, and integration instructions for building the example implementation. By releasing each volume of the practice guide as a preliminary draft, we can...

This document specifies families of key derivation functions for deriving additional keys from existing cryptographic keys. This revision specifies key derivation functions using Keccak-based message authentication codes (KMAC) in addition to key derivation functions using keyed-hash message auth...

Publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory demonstration environment. The National Cybersecurity Center of Excellence (NCCoE) will solicit participation from industry to dev...

The National Initiative for Cybersecurity Education (NICE) has released a second draft of NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work. This supplemental content to the Workforce Framework for Cybersecurity (NICE Framework) elaborates on Competencies, whic...

Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control mechanisms that support decentralization, scalability, and trust–all major challenges for traditional mechanisms–h...

Combinatorial coverage measures have been defined and applied to a wide range of problems, including fault location and evaluating the adequacy of test inputs and input space models. More recently, methods applying coverage measures have been used in applications of artificial intelligence and machi...

The National Cybersecurity Center of Excellence (NCCoE) has prepared Draft NISTIR 8349 for public comment. Securing a network is a complex task made more challenging when Internet of Things (IoT) devices are connected to it. NISTIR 8349 demonstrates how to use device characterization techniques a...

NIST is releasing the draft of a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems. This publication is intended to serve as a reference and educational resource for engineers and engineering specialties, architects, designers, and personnel involved...

“Open banking” (OB) refers to a new financial ecosystem that provides more choices to individuals and small and mid-size businesses concerning the movement of their money, as well as information between financial institutions. Open banking is already being used in several countries around the world,...