Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8270 (2nd Public Draft)

Introduction to Cybersecurity for Commercial Satellite Operations

Date Published: February 25, 2022
Comments Due: April 8, 2022 (public comment period is CLOSED)
Email Questions to:


Matthew Scholl (NIST), Theresa Suloway (MITRE)


Space operations are vital to advancing the security, economic prosperity, and scientific knowledge of the Nation. However, cyber-related threats to space assets and their supporting infrastructure pose increasing risks to the economic promise of emerging markets in space. This second draft of NISTIR 8270, Introduction to Cybersecurity for Commercial Satellite Operations, presents a specific method for applying the Cybersecurity Framework (CSF) to commercial space business and describes an abstracted set of cybersecurity outcomes, requirements, and suggested controls.

The draft also:

  • Clarifies scope with an emphasis on the satellite itself,
  • Updates examples for clarity,
  • Adds more detailed steps for developing a current and target profile and risk analysis, and
  • Provides references for relevant regulations around commercial space.

Reviewers are asked to provide feedback on additional threat models that might help in the development of organization profiles, informative references on the application of security controls to satellites, and standards or informative references that might benefit all readers.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



commercial space satellite operations; cybersecurity; cybersecurity risk management; risk management
Control Families

None selected


Download URL

Supplemental Material:
None available

Document History:
06/29/21: IR 8270 (Draft)
02/25/22: IR 8270 (Draft)
07/25/23: IR 8270 (Final)


Security and Privacy

risk management


positioning navigation & timing