Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-33 (Initial Preliminary Draft)

5G Cybersecurity

Date Published: April 25, 2022
Comments Due: June 27, 2022 (public comment period is CLOSED)
Email Questions to:

Planning Note (04/25/2022): The comment period for Volume B: Approach, Architecture, and Security Characteristics, is open through 6/27/22. This preliminary draft is stable but has some gaps in its content that will be addressed in the next draft.


Michael Bartock (NIST), Jeffrey Cichonski (NIST), Murugiah Souppaya (NIST), Surajit Dey (MITRE), Parisa Grayeli (MITRE), Blaine Mulugeta (MITRE), Sanjeev Sharma (MITRE), Chuck Teague (MITRE), Karen Scarfone (Scarfone Cybersecurity), Stefano Righi (AMI), Muthukkumaran Ramalingam (AMI), Paul Rhea (AMI), Madhan Santharam (AMI), Rich Mosley (AT&T), Bogdan Ungureanu (AT&T), Jitendra Patel (AT&T), Tao Wan (CableLabs), Peter Romness (Cisco), Matthew Hyatt (Cisco), Leo Lebel (Cisco), Dan Carroll (Dell Technologies), Steve Orrin (Intel), Leland Brown (Intel), Yong Zhou (Keysight Technologies), Corey Piggott (Keysight Technologies), Michael Jones (Keysight Technologies), Michael Yeh (MiTAC Computing), Gary Atkinson (Nokia/Nokia Bell Labs), Dan Eustace (Nokia/Nokia Bell Labs), Bryan Wenger (Palo Alto Networks), Sean Morgan (Palo Alto Networks), Marouane Balmakhtar (T-Mobile), Gregory Schumacher (T-Mobile)


NIST’s National Cybersecurity Center of Excellence (NCCoE) has published portions of a preliminary draft practice guide, “5G Cybersecurity,” and is seeking the public's comments on the contents. Our proposed solution contains approaches that organizations can use to better secure 5G networks through a combination of 5G security features and third-party security controls. We also demonstrate how commercial tools can build a 5G standalone network that operates on—and uses—a trusted, secure, cloud-native hosting infrastructure. We also demonstrate how to strengthen a 5G network’s supporting IT infrastructure to make it more resistant to cyber attacks.



5G; cybersecurity; cloud security; hardware root of trust (HRoT); network function containerization; network function virtualization); privacy; secure boot; Service Based Architecture (SBA); trusted compute
Control Families

None selected


SP 1800-33B (Prelim. Draft) (pdf)

Supplemental Material:
Project homepage
SP 1800-33A (Prelim. Draft) (pdf)

Document History:
04/25/22: SP 1800-33 (Draft)