NIST — National Institute of Standards and Technology
NIST (National Institute of Standards and Technology) is the U.S. federal agency responsible for technology standards, housed within the Department of Commerce. In AI security, NIST is the primary author of the AI Risk Management Framework (AI RMF 1.0, 2023) and its GenAI companion NIST AI 600-1 (July 2024).
AI Security Role
NIST occupies a unique position: its voluntary frameworks carry de facto authority because federal agency compliance is expected and state-level regulations increasingly reference NIST AI RMF. However, NIST publishes “what” rather than “how” — descriptive guidance rather than implementation prescriptions.
Q1 2026 Activity
- CAISI AI Agent Standards Initiative (February 17, 2026) — first U.S. government program explicitly targeting agentic AI interoperability and security standards
- IR 8605A (January 8, 2026) — COSAiS annotated outline for predictive AI control overlays
- NIST AI 800-4 (March 6, 2026) — post-deployment AI monitoring gap analysis
- NISTIR 8596 (Cyber AI Profile) — completed public comment period January 30, 2026
- RFI on AI agent security (January 8) with comments closing March 9
- ITL AI Agent Identity and Authorization Concept Paper (comments due April 2, 2026)
Key Publications
| Publication | Date | Description |
|---|---|---|
| AI RMF 1.0 | January 2023 | Core risk management framework |
| NIST AI 600-1 | July 2024 | Generative AI profile |
| IR 8605A | January 2026 | COSAiS predictive AI control overlays |
| NIST AI 800-4 | March 2026 | Post-deployment monitoring gaps |
Frameworks Published
- NIST AI RMF — de facto voluntary U.S. AI security standard
- NIST AI 600-1 — GenAI profile of the AI RMF
- NIST SSDF (SP 800-218 v1.1) — Secure Software Development Framework (Feb 2022); federal regulatory anchor under EO 14028 and OMB M-22-18
- NIST SP 800-218A — SSDF Community Profile for Generative AI and Dual-Use Foundation Models (July 2024); federal AI-specific extension of SSDF authorized by EO 14110 § 4.1.a
- NIST SP 800-162 — Guide to Attribute Based Access Control (ABAC); the wiki’s preferred living-standard citation for the four-role (PEP / PDP / PIP / PAP) vocabulary
Personnel surfaced on the wiki
- Apostol Vassilev — Computer Security Division; co-author of SP 800-218A and lead author of NIST AI 100-2e2023 (Adversarial ML Taxonomy)