Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

Drafts Open for Comment

Feeds:      RSS/Atom      JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

The NIST Cryptographic Module Validation Program (CMVP) is essential for organizations required to use validated cryptography – ensuring that hardware and software cryptographic implementations meet standard security requirements. The NCCoE has published the draft NIST SP 1800-40, Automation of the...

NIST is seeking public comments on the initial public draft (ipd) of Special Publication (SP) 800-230, Additional SLH-DSA Parameter Sets for Limited-Signature Use Cases. This document serves as a technical extension to FIPS 205 by specifying six additional parameter sets for security levels 1, 3,...

This document describes the generation of keys to be managed and used by approved cryptographic algorithms.  Proposed changes in this revision include the following: Asymmetric key-pair generation has been expanded to include methods for deriving randomness during key-pair generation. Key-pair...

NIST Internal Report (IR) 8500A ipd (initial public draft), Blockchain-Based Secure Software Assets Management (BloSS@M), outlines a modernized conceptual approach for transforming how software assets are acquired, tracked, and secured across an interagency ecosystem. The conceptual approach for...

A RESTful API platform is a stateless architectural framework that leverages standard HTTP protocols to manage and exchange data as "resources," serving as the primary bridge for communication between modern web applications. These Web APIs are the most prevalent API type. Their inherent simplicity,...

This profile helps organizations manage risks to systems, networks, and assets that use PNT services, such as Global Positioning Systems (GPS), public NIST and United States Naval Observatory (USNO) Network Time Protocol (NTP) servers, commercial services, and internal systems. Originally developed...

NIST plans to revise Special Publication (SP) 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping (2012), and is soliciting preliminary feedback. The following are the two main goals for the revision: The specification of TKW should be removed because its...