NIST Seeks Input on AI Agent Identity Standards

NIST Seeks Input on AI Agent Identity Standards

https://www.executivegov.com/articles/nist-nccoe-concept-paper-ai-agent-access-controls

Publish Date: 2026-02-06 16:16:00

Source Domain: www.executivegov.com

• NIST’s Interest in AI Agent Identity and Authorization: The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is seeking public input for a concept paper focused on how to apply identity standards and access control practices to software and artificial intelligence agents to ensure secure identification and authorization.

• Focus of the Proposed NCCoE Project: The concept paper “Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization” aims to demonstrate how organizations can securely identify and authorize AI agents used in automating tasks across systems and data environments.

• Broad System Privileges and Risks: AI agents can autonomously perform tasks, which while beneficial for productivity, also introduce risks. NIST is emphasizing the need for stronger identity and authorization controls to mitigate these risks.

• Technical Scope and Areas of Interest: The potential project will focus on applying existing identity and access management standards to agentic architectures. Areas of interest include use cases, technical challenges, AI agent auditing, non-repudiation, and controls to mitigate prompt injection attacks.

• Standards for AI Identity Controls: The concept paper highlights existing standards and frameworks such as OAuth, OpenID Connect, System for Cross-domain Identity Management, SPIFFE Runtime Environment, and governance guidance like the Zero Trust Architecture and Digital Identity Guidelines.

• New Additions to Department of War’s STIB: Milan “Mitch” Nikolich and James Gosler from Johns Hopkins Applied Physics Laboratory have joined the Department of War’s Science, Technology and Innovation Board (STIB) — Nikolich as chair and Gosler as a board member to support technology research and partnerships.

• CISA Directive on Unsupported Edge Devices: The Cybersecurity and Infrastructure Security Agency (CISA) is requiring federal agencies to remove unsupported hardware and software from federal networks to address security risks from end-of-support edge devices.

• DOD Vendor Threat Mitigation Guidance: The Department of War has introduced guidance to identify, assess, and mitigate threats posed by vendors supporting U.S. military operations, focusing on risks from foreign adversaries, criminal networks, and extremist organizations.