Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.
Also see a complete list of public drafts that includes those whose comment periods have closed.
The National Cybersecurity Center of Excellence (NCCoE) has released two draft publications on enterprise patch management for public comment. Patching is a critical component of preventive maintenance for computing technologies—a cost of doing business, and a necessary part of what organizations ne... |
The National Cybersecurity Center of Excellence (NCCoE) has released two draft publications on enterprise patch management for public comment. Patching is a critical component of preventive maintenance for computing technologies—a cost of doing business, and a necessary part of what organizations ne... |
This preliminary draft of Volume C of SP 1800-34, Validating the Integrity of Computing Devices, includes specific product installation, configuration, and integration instructions for building the example implementation. By releasing each volume of the practice guide as a preliminary draft, we can... |
This document specifies families of key derivation functions for deriving additional keys from existing cryptographic keys. This revision specifies key derivation functions using Keccak-based message authentication codes (KMAC) in addition to key derivation functions using keyed-hash message auth... |
Publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory demonstration environment. The National Cybersecurity Center of Excellence (NCCoE) will solicit participation from industry to dev... |
The National Initiative for Cybersecurity Education (NICE) has released a second draft of NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work. This supplemental content to the Workforce Framework for Cybersecurity (NICE Framework) elaborates on Competencies, whic... |
Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control mechanisms that support decentralization, scalability, and trust–all major challenges for traditional mechanisms–h... |
Combinatorial coverage measures have been defined and applied to a wide range of problems, including fault location and evaluating the adequacy of test inputs and input space models. More recently, methods applying coverage measures have been used in applications of artificial intelligence and machi... |