U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Drafts Open for Comment

Comment periods are still open for the draft publications listed below. Select the publication title for more information about draft downloads, information, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Showing 10 matching records.

Digital twin technology is an emerging area of research and standardization. Because of this, there may be a lack of clarity as to what is new with digital twins and what promise this technology holds. This report provides a detailed definition of digital twins, the motivation and vision for their u...

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Data Classification Practices: Facilitating Data-Centric Security. This begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory...

More than ever, organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain. These risks can decrease an en...

Draft NIST IR 8320 replaces the draft cybersecurity white paper, Hardware-Enabled Security for Server Platforms, which was released in April 2020.   The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and...

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Migration to Post-Quantum Cryptography. Publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a la...

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competito...

Summary NIST is planning to update NIST Special Publication (SP) 800-66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST’s cybersecurity resources have evolved since SP 800-66, Revisio...

Many public safety organizations (PSOs) are adopting mobile devices, such as smartphones and tablets, to provide first responders with immediate access to the sensitive information they need from any location. However, authentication requirements meant to safeguard that information, like entering a...

NIST Special Publication 800-63-3 defines identity federation as “a process that allows the conveyance of identity and authentication information across a set of networked systems.” Identity federation technologies can help public safety organizations (PSOs) to share information with each other more...

Not all security vulnerabilities can be found through automated processes or testing. Internal and external reporting of security vulnerabilities in software and information systems owned or utilized by the Federal Government is critical to mitigating risk, establishing a robust security posture, an...