U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Showing 10 matching records.

Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. They are accessed by a userbase from different locations through different devices. This scenario calls for establishing trust in all ent...

The National Cybersecurity Center of Excellence (NCCoE) has published for comment Preliminary Draft NIST SP 1800-38A, Migration to Post-Quantum Cryptography.  The public comment period for this draft is open through June 8, 2023. We value and welcome your input and look forward to your co...

The National Cybersecurity Center of Excellence (NCCoE) has published for comment Preliminary Draft NIST SP 1800-39A, Implementing Data Classification Practices.  About the Project Organizations are managing an increasing volume of data while maintaining compliance with policies for prote...

The National Cybersecurity Center of Excellence (NCCoE) has published a preliminary public drafts of NIST SP 1800-36B-E: Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management. The comment period is open until June 20, 2023. About the Project Provisioning net...

Access control based on attribute encryption addresses an issue with traditional public-key encryption (PKE) wherein keys need to dynamically change whenever access policies and/or attributes change, which could cause inefficient system performance. Access control based on attribute encryption su...

The Addressing Visibility Challenges with TLS 1.3 project builds on the NCCoE's earlier work, TLS Server Certificate Management, which showed organizations how to centrally monitor and manage their TLS certificates. We are now focusing on protocol enhancements such as TLS 1.3 which have helped...

This update to NIST SP 800-171 represents over one year of data collection, technical analyses, customer interaction, redesign, and development of the security requirements and supporting information for the protection of Controlled Unclassified Information (CUI). Many trade-offs have been made to e...

Most applications on the internet are run by centralized service providers that are a single point of failure: if the provider crashes or is malicious, users may lose access to the application, or it may return erroneous or inconsistent results. Consensus algorithms and state machine replication ena...

This NIST report on artificial intelligence (AI) develops a taxonomy of attacks and mitigations and defines terminology in the field of adversarial machine learning (AML). Taken together, the taxonomy and terminology are meant to inform other standards and future practice guides for assessing and ma...

This discussion draft identifies the potential Functions, Categories, and Subcategories (also called cybersecurity outcomes) of the NIST Cybersecurity Framework (CSF) 2.0 Core. NIST is releasing this document for discussion to inform the development of the complete NIST CSF 2.0 Draft. This early...