Home
About
Blog
Products
Forum
Support
Contact

Sunbelt Computer Software

PL/B Language Development and Support

Home
About
Blog
Products
Forum
Support
Contact

Drafts Open for Comment | CSRC

body > * { display: block !important; } #antiClickjack { display: none !important; }

You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://csrc.nist.gov.

An official website of the United States government

Here’s how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CSRC MENU

Projects
Publications Expand or Collapse

Drafts for Public Comment

All Public Drafts

Final Pubs

FIPS (standards)

Special Publications (SPs)

IR (interagency/internal reports)

CSWP (cybersecurity white papers)

ITL Bulletins

Project Descriptions

Journal Articles

Conference Papers

Books
Topics Expand or Collapse

Security & Privacy

Applications

Technologies

Sectors

Laws & Regulations

Activities & Products
News & Updates
Events
Glossary
About CSRC Expand or Collapse
Computer Security Division
Applied Cybersecurity Division
Contact Us

Information Technology Laboratory

Computer Security Resource Center

Current Publications

NIST Series Pubs
- Final Pubs
- Drafts Open for Comment
- Drafts (all)
- View By Series
  - FIPS (standards)
  - SP 800 (guidance)
  - SP 1800 (practice guides)
  - SP (all subseries)
  - IR (interagency/internal reports)
  - CSWP (cybersecurity white papers)
  - ITL Bulletins
Other Pubs

Final: Current list of all published NIST cybersecurity documents. Does not include "Withdrawn" documents. Includes FIPS, Special Publications, NISTIRs, ITL Bulletins, and NIST Cybersecurity White Papers.

Public Drafts: Current list of all draft NIST cybersecurity documents--they are typically posted for public comment. "Current" public drafts are the latest draft versions that have not yet been published as "Final." FIPS: Current Federal Information Processing Standard Publications (FIPS). Includes current (Final and Draft) FIPS.

SP 800 Series: Current NIST Special Publication (SP) 800 series publications, which focus on Computer/Information Security. Includes current (Final and Draft) SP 800 pubs.

All SP Series: Current NIST Special Publications (SP), including SP 800 (Computer/Information Security) and SP 1800 (Cybersecurity Practice Guides) pubs. Also includes SP 500 (Computer Systems Technology) pubs related to cybersecurity and privacy. Includes current (Final and Draft) NIST Special Publications.

NISTIRs: Current list of NIST Interagency or Internal Reports (NISTIR) related to cybersecurity and privacy. Includes current (Final and Draft) NISTIRs.

ITL Bulletins: Current list of NIST Information Technology Laboratory (ITL) Bulletins. White Papers: Consists of NIST Cybersecurity White Papers; NCCoE Project Descriptions, Building Blocks and Use Cases; and other NIST-authored papers that are not part of a formal series. Includes current (Final and Draft) papers.

Journal Articles: NIST-authored articles published in external journals and in the NIST Journal of Research (JRES).

Conference Papers: NIST-authored conference papers related to cybersecurity and privacy.

Books: NIST-authored books, book sections, and encyclopedia entries related to cybersecurity and privacy.

Search Search publication record data
(not a full text search)

Sort By

Results View

Items Per Page

Date

Status

Final
Public Draft
Withdrawn

Series

FIPS
SP
IR
CSWP
TN
VTS
AI
GCR
Project Description
ITL Bulletin
Journal Article
Conference Paper
Book
Book Section
Other

Topics

Security and Privacy

cryptography
cybersecurity supply chain risk management
general security & privacy
identity & access management
privacy
- personally identifiable information
- privacy engineering
risk management
security & behavior
security measurement
security programs & operations
systems security engineering
- trustworthiness
zero trust

Technologies

artificial intelligence
big data
biometrics
blockchain
cloud & virtualization
combinatorial testing
complexity
hardware
mobile
networks
quantum information science
servers
smart cards
software & firmware
storage

Applications

communications & wireless
cyber-physical systems
cybersecurity education
cybersecurity framework
cybersecurity workforce
enterprise
forensics
Internet of Things
mathematics
operational technology
positioning navigation & timing
small & medium business
smart grid
telework
voting

Laws and Regulations

executive documents
laws
regulations
- Controlled Unclassified Information
- Federal Acquisition Regulation

Activities and Products

annual reports
conferences & workshops
groups
quick-start guides
reference materials
standards development

Sectors

aerospace
energy
financial services
healthcare
hospitality
manufacturing
public safety
retail
telecommunications
transportation

Match ANY: Match ALL:

Control Family (800-53)

Control Families

AC - Access Control
AT - Awareness and Training
AU - Audit and Accountability
CA - Assessment, Authorization and Monitoring
CM - Configuration Management
CP - Contingency Planning
IA - Identification and Authentication
IR - Incident Response
MA - Maintenance
MP - Media Protection
PE - Physical and Environmental Protection
PL - Planning
PM - Program Management
PS - Personnel Security
PT - PII Processing and Transparency
RA - Risk Assessment
SA - System and Services Acquisition
SC - System and Communications Protection
SI - System and Information Integrity
SR - Supply Chain Risk Management

Match ANY: Match ALL:

Please fix the following:

Final: Published documents.

Public Draft: Documents have been posted as Public Drafts, typically with a public comment period.

Withdrawn: Documents that have been withdrawn, and are no longer current. This includes:
- Final publications that have been withdrawn;
- Public drafts that have been obsoleted by a subsequent draft or final publication;
- Public drafts that have been retired—further development was discontinued.

Publications

Drafts Open for Comment

Feeds: RSS/Atom JSON

Many of NIST's cybersecurity and privacy publications are posted as drafts for public comment. Comment periods are still open for the following publications. Select the publication title to access downloads, related content, and instructions for submitting comments. Your thoughtful reviews and comments are greatly appreciated and help us to improve our standards and guidance.

Also see a complete list of public drafts that includes those whose comment periods have closed.

Comments Due	Series	Number	Title Publications
04/24/2026	Other		Comments Due: 04/24/2026 Secure Software Development, Security, and Operations (DevSecOps) Practices Other Secure Software Development, Security, and Operations (DevSecOps) Practices Secure Software Development, Security, and Operations (DevSecOps) Practices The NIST National Cybersecurity Center of Excellence (NCCoE) is releasing this live document as part of its Secure Software Development, Security, and Operations (DevSecOps) project. This project demonstrates how organizations can implement the security practices and tasks recommended in the NIST...
05/06/2026	SP	1347	Comments Due: 05/06/2026 NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide SP 1347 NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide The Initial Public Draft of SP 1347, NIST Cybersecurity Framework 2.0: Informative References Quick‑Start Guide, explains what informative references are and how they support achieving the outcomes of the NIST Cybersecurity Framework (CSF) 2.0. The guide also introduces readers to NIST tools...
05/08/2026	SP	1800-42	Comments Due: 05/08/2026 Digital Identities – Mobile Driver’s License (mDL): Accelerating Development and Adoption of Digital Identity for Financial Institutions SP 1800-42 Digital Identities – Mobile Driver’s License (mDL): Accelerating Development and Adoption of Digital Identity for Financial Institutions Today, the NCCoE published technical resources to help financial institutions use mobile driver’s licenses (mDLs) for customer identification. NIST Special Publication 1800-42 ipd provides an updated reference architecture, implementation details, and key findings from the project. Compared to...
05/14/2026	CSWP	50	Comments Due: 05/14/2026 Small Business Cybersecurity: Non-Employer Firms CSWP 50 Small Business Cybersecurity: Non-Employer Firms According to the U.S. Small Business Administration Office of Advocacy, there are 34.8 million small businesses in the United States. Of those, 81.9% have no paid employees other than the owner or owners—termed “non-employer firms.” These include sole proprietors, freelancers, single-member limited...
06/01/2026	SP	1800-40	Comments Due: 06/01/2026 Automation of the NIST Cryptographic Module Validation Program SP 1800-40 Automation of the NIST Cryptographic Module Validation Program The NIST Cryptographic Module Validation Program (CMVP) is essential for organizations required to use validated cryptography – ensuring that hardware and software cryptographic implementations meet standard security requirements. The NCCoE has published the draft NIST SP 1800-40, Automation of the...
06/12/2026	SP	800-230	Comments Due: 06/12/2026 Additional SLH-DSA Parameter Sets for Limited Signature Use Cases SP 800-230 Additional SLH-DSA Parameter Sets for Limited Signature Use Cases NIST is seeking public comments on the initial public draft (ipd) of Special Publication (SP) 800-230, Additional SLH-DSA Parameter Sets for Limited-Signature Use Cases. This document serves as a technical extension to FIPS 205 by specifying six additional parameter sets for security levels 1, 3,...
06/16/2026	SP	800-133 Rev. 3	Comments Due: 06/16/2026 Recommendation for Cryptographic Key Generation SP 800-133 Rev. 3 Recommendation for Cryptographic Key Generation This document describes the generation of keys to be managed and used by approved cryptographic algorithms. Proposed changes in this revision include the following: Asymmetric key-pair generation has been expanded to include methods for deriving randomness during key-pair generation. Key-pair...

Search Search publication record data
(not a full text search)

Sort By

Results View

Items Per Page

Advanced Search

Date

Status

Final
Public Draft
Withdrawn

Series

FIPS
SP
IR
CSWP
TN
VTS
AI
GCR
Project Description
ITL Bulletin
Journal Article
Conference Paper
Book
Book Section
Other

Topics

Security and Privacy

cryptography
cybersecurity supply chain risk management
general security & privacy
identity & access management
privacy
- personally identifiable information
- privacy engineering
risk management
security & behavior
security measurement
security programs & operations
systems security engineering
- trustworthiness
zero trust

Technologies

artificial intelligence
big data
biometrics
blockchain
cloud & virtualization
combinatorial testing
complexity
hardware
mobile
networks
quantum information science
servers
smart cards
software & firmware
storage

Applications

communications & wireless
cyber-physical systems
cybersecurity education
cybersecurity framework
cybersecurity workforce
enterprise
forensics
Internet of Things
mathematics
operational technology
positioning navigation & timing
small & medium business
smart grid
telework
voting

Laws and Regulations

executive documents
laws
regulations
- Controlled Unclassified Information
- Federal Acquisition Regulation

Activities and Products

annual reports
conferences & workshops
groups
quick-start guides
reference materials
standards development

Sectors

aerospace
energy
financial services
healthcare
hospitality
manufacturing
public safety
retail
telecommunications
transportation

Match ANY: Match ALL:

Control Family (800-53)

Control Families

AC - Access Control
AT - Awareness and Training
AU - Audit and Accountability
CA - Assessment, Authorization and Monitoring
CM - Configuration Management
CP - Contingency Planning
IA - Identification and Authentication
IR - Incident Response
MA - Maintenance
MP - Media Protection
PE - Physical and Environmental Protection
PL - Planning
PM - Program Management
PS - Personnel Security
PT - PII Processing and Transparency
RA - Risk Assessment
SA - System and Services Acquisition
SC - System and Communications Protection
SI - System and Information Integrity
SR - Supply Chain Risk Management

Match ANY: Match ALL:

Please fix the following:

Final: Published documents.

Public Draft: Documents have been posted as Public Drafts, typically with a public comment period.

Current Publications

NIST Series Pubs
- Final Pubs
- Drafts Open for Comment
- Drafts (all)
- View By Series
  - FIPS (standards)
  - SP 800 (guidance)
  - SP 1800 (practice guides)
  - SP (all subseries)
  - IR (interagency/internal reports)
  - CSWP (cybersecurity white papers)
  - ITL Bulletins
Other Pubs

HEADQUARTERS
100 Bureau Drive
Gaithersburg, MD 20899

(link is external)
(link is external)
(link is external)
(link is external)
(link is external)
(link is external)

Want updates about CSRC and our publications? Subscribe

Send inquiries to [email protected]

Site Privacy
Accessibility
Privacy Program
Copyrights
Vulnerability Disclosure
No Fear Act Policy
FOIA
Environmental Policy
Scientific Integrity
Information Quality Standards
Commerce.gov
Science.gov
USA.gov
Vote.gov