{
  "title": "NIST Draft Publications Open for Comment",
  "subtitle": "Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Visit the links for downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.",
  "updated": "2021-11-17T01:00:17.3160267-05:00",
  "id": "https://csrc.nist.rip/csrc/media/feeds/pubs/drafts-open-for-comment.xml",
  "link": "https://csrc.nist.rip/publications/drafts-open-for-comment",
  "entries": [
    {
      "id": "https://csrc.nist.rip/publications/detail/sp/800-161/rev-1/draft",
      "title": "SP 800-161 Rev. 1 (Draft) - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (2nd Draft)",
      "summary": "NIST has just released the second public draft of Special Publication (SP) 800-161 Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, for public comment. We listened to your comments from earlier this year about the first version, we’ve made new changes,...",
      "published": "2021-10-28T00:00:00",
      "updated": "2021-10-28T00:00:00",
      "link": "https://csrc.nist.rip/publications/detail/sp/800-161/rev-1/draft",
      "content": "Comments Due 12/03/2021"
    },
    {
      "id": "https://csrc.nist.rip/publications/detail/nistir/8320b/draft",
      "title": "NISTIR 8320B (Draft) - Hardware-Enabled Security: Policy Based Governance in Trusted Container Platforms",
      "summary": "The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment. The foundation of any cloud data center or edge computing security strategy should be securing the platform on which data and workloads will...",
      "published": "2021-10-27T00:00:00",
      "updated": "2021-10-27T00:00:00",
      "link": "https://csrc.nist.rip/publications/detail/nistir/8320b/draft",
      "content": "Comments Due 12/06/2021"
    },
    {
      "id": "https://csrc.nist.rip/publications/detail/sp/1800-19/draft",
      "title": "SP 1800-19 (Draft) - Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments",
      "summary": "The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment. The foundation of any cloud data center or edge computing security strategy should be securing the platform on which data and workloads will...",
      "published": "2021-10-27T00:00:00",
      "updated": "2021-10-27T00:00:00",
      "link": "https://csrc.nist.rip/publications/detail/sp/1800-19/draft",
      "content": "Comments Due 12/06/2021"
    },
    {
      "id": "https://csrc.nist.rip/publications/detail/nistir/8320/draft",
      "title": "NISTIR 8320 (Draft) - Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases (2nd Draft)",
      "summary": "The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment. The foundation of any cloud data center or edge computing security strategy should be securing the platform on which data and workloads will...",
      "published": "2021-10-27T00:00:00",
      "updated": "2021-10-27T00:00:00",
      "link": "https://csrc.nist.rip/publications/detail/nistir/8320/draft",
      "content": "Comments Due 12/06/2021"
    },
    {
      "id": "https://csrc.nist.rip/publications/detail/white-paper/2021/11/01/baseline-criteria-for-consumer-software-cybersecurity-labeling/draft",
      "title": "White Paper (Draft) - Baseline Criteria for Consumer Software Cybersecurity Labeling",
      "summary": "This draft document advances assignments to NIST in Sec. 4 (s) of Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity” related to cybersecurity labeling for consumer software. It complements a similar document addressing cybersecurity-related consumer labeling for Internet of Things (I...",
      "published": "2021-11-01T00:00:00",
      "updated": "2021-11-01T00:00:00",
      "link": "https://csrc.nist.rip/publications/detail/white-paper/2021/11/01/baseline-criteria-for-consumer-software-cybersecurity-labeling/draft",
      "content": "Comments Due 12/16/2021"
    },
    {
      "id": "https://csrc.nist.rip/publications/detail/sp/800-108/rev-1/draft",
      "title": "SP 800-108 Rev. 1 (Draft) - Recommendation for Key Derivation Using Pseudorandom Functions",
      "summary": "This document specifies families of key derivation functions for deriving additional keys from existing cryptographic keys.\n\nThis revision specifies key derivation functions using Keccak-based message authentication codes (KMAC) in addition to key derivation functions using keyed-hash message authen...",
      "published": "2021-10-18T00:00:00",
      "updated": "2021-10-18T00:00:00",
      "link": "https://csrc.nist.rip/publications/detail/sp/800-108/rev-1/draft",
      "content": "Comments Due 01/18/2022"
    }
  ]
}