Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

The initial draft of NIST SP 800-57 Part 1 Revision 6 is available for comment through February 5, 2026. Some of the proposed changes from Revision 5 include: Ascon, as specified in SP 800-232, and the new quantum-resistant algorithms specified in FIPS 203, 204, and 205 have been included. The keys...

About SCAP The Security Content Automation Protocol (SCAP) is a suite of interoperable specifications for the standardized expression, exchange, and processing of security configuration and vulnerability information. SCAP enables consistent automation and reporting across products and environments...

About SCAP The Security Content Automation Protocol (SCAP) is a suite of interoperable specifications for the standardized expression, exchange, and processing of security configuration and vulnerability information. SCAP enables consistent automation and reporting across products and environments...

Transit operators face increasing cybersecurity risks that can impact the delivery of safe and reliable services. They must manage IT and OT system risks while meeting strict safety and operating demands. The Transit Cybersecurity Framework (CSF) Community Profile is a voluntary, risk-based guide...

NIST has initiated the process of revising SP 800-82, Guide to Operational Technology (OT) Security, to incorporate lessons learned, align with relevant NIST guidance (e.g., Cybersecurity Framework (CSF) 2.0, NIST IR 8286 Rev. 1, NIST SP 800-53 Rev. 5.2.0) and OT cybersecurity standards and...