Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8472 (Initial Public Draft)

Non-Fungible Token Security

Date Published: August 31, 2023
Comments Due: October 16, 2023 (public comment period is CLOSED)
Email Questions to:


Peter Mell (NIST), Dylan Yaga (NIST)


Non-fungible token (NFT) technology provides a mechanism to sell and exchange both virtual and physical assets on a blockchain. While NFTs are most often used for autographing digital assets (associating one’s name with a digital object), they utilize a strong cryptographic foundation that may enable them to regularly support ownership-transferring sales of digital and physical objects. For this, NFT implementations need to address potential security concerns to reduce the risk to purchasers.

This publication:

  • Describes NFT technology
  • Identifies 11 properties that should be provided by most correctly functioning and secured NFT implementations
  • Discusses 27 potential security issues

NIST requests feedback on the technical description, the properties for NFT implementations, the security analysis of those properties, and the enumeration of the potential security issues.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.



blockchain; definition; ERC-721; non-fungible token; properties; security; smart contract
Control Families

None selected


Download URL

Supplemental Material:
None available

Document History:
08/31/23: IR 8472 (Draft)
03/01/24: IR 8472 (Final)


Security and Privacy

general security & privacy