Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

NIST intends to develop a new block cipher mode of operation that is a tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP). NIST introduces the term accordion cipher mode — or simply accordion mode — for the proposed mode because it would act as a cipher on a range of sizes...

The National Cybersecurity Center of Excellence (NCCoE) has undertaken a project to identify common cybersecurity challenges among Water and Wastewater Systems (WWS) sector participants, develop reference cybersecurity architectures, and propose the utilization of existing commercially available...

About the ProjectProvisioning network credentials to IoT devices in an untrusted manner leaves networks vulnerable to having unauthorized IoT devices connect to them. It also leaves IoT devices vulnerable to being taken over by unauthorized networks. Instead, trusted, scalable, and automatic...

There is an incorrect and widespread assumption that hardware is inherently secure. However, this report documents numerous potential security failures that can occur in hardware. It also demonstrates the diverse ways in which hardware can be vulnerable.The authors leveraged existing work on...

Informed by engagement with the election community throughout 2020 and 2023, the Voter Registration Profile provides a voluntary, risk-based approach to managing cybersecurity activities and reducing cyber risks to voter registration processes and the systems that support voter registration. It is...