{"id":177688,"date":"2026-01-13T16:11:00","date_gmt":"2026-01-13T21:11:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/13\/nist-releases-draft-framework-for-ai-cybersecurity-solicits-public-comment-what-organizations-using-or-deploying-ai-should-know\/"},"modified":"2026-01-13T16:15:13","modified_gmt":"2026-01-13T21:15:13","slug":"nist-releases-draft-framework-for-ai-cybersecurity-solicits-public-comment-what-organizations-using-or-deploying-ai-should-know","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/13\/nist-releases-draft-framework-for-ai-cybersecurity-solicits-public-comment-what-organizations-using-or-deploying-ai-should-know\/","title":{"rendered":"NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying AI Should Know"},"content":{"rendered":"<p><a href=\"https:\/\/www.crowell.com\/en\/insights\/client-alerts\/nist-releases-draft-framework-for-ai-cybersecurity-solicits-public-comment-what-organizations-using-or-deploying-ai-should-know\">NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying AI Should Know<\/a><\/p>\n<p><a href=\"https:\/\/www.crowell.com\/en\/insights\/client-alerts\/nist-releases-draft-framework-for-ai-cybersecurity-solicits-public-comment-what-organizations-using-or-deploying-ai-should-know\">https:\/\/www.crowell.com\/en\/insights\/client-alerts\/nist-releases-draft-framework-for-ai-cybersecurity-solicits-public-comment-what-organizations-using-or-deploying-ai-should-know<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-13 16:11:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.crowell.com\">www.crowell.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. The National Institute of Standards and Technology (\u201cNIST\u201d) recently released draft guidelines for applying NIST\u2019s Cybersecurity Framework to organizations adopting artificial intelligence. NIST requests public comments on its \u201cInitial Preliminary Draft\u201d Cybersecurity Framework Profile for Artificial Intelligence (the \u201cCyber AI Profile\u201d) by midnight on January 30, 2026.\u00a0<br \/>\nAlthough nonbinding, the Cyber AI Profile is significant because it provides organizations with guidelines for managing cybersecurity risks related to AI systems. It represents NIST\u2019s first comprehensive attempt to integrate AI-specific risks and opportunities directly into the NIST Cybersecurity Framework 2.0 (\u201cCSF\u201d), the Institute\u2019s widely-used standard for managing cybersecurity risks. \u00a0Organizations that develop, deploy, procure, or rely on AI systems should view the Cyber AI Profile as an early sign of how regulators, auditors, plaintiffs, and counterparties may evaluate \u201creasonable\u201d cybersecurity and governance practices for AI-enabled systems.<br \/>\nThe Cyber AI Profile addresses three areas where the intersection of AI and cybersecurity will be particularly impactful:<\/p>\n<p>Securing AI System Components, which focuses on identifying cybersecurity challenges when integrating AI into organizational ecosystems and infrastructure;<br \/>\nConducting AI-Enabled Cyber Defense, which focuses on identifying opportunities to use AI to enhance cybersecurity processes and activities; and<br \/>\nThwarting AI-Enabled Cyber Attacks, which focuses on building resilience to protect against new AI-enabled threat vectors.<\/p>\n<p>Key Takeaways<\/p>\n<p>This is an \u201cInitial Preliminary Draft\u201d of the Cyber AI Profile. \u00a0The Draft is intended to convey current thinking regarding the direction of AI governance and the authors seek feedback to inform future iterations. The deadline for public comments is January 30, 2026.<br \/>\nThe Cyber AI Profile does not replace any existing cybersecurity or AI governance frameworks; rather, it layers AI-specific priorities and considerations onto the CSF 2.0.<br \/>\nThe Cyber AI Profile has the potential to become a de facto benchmark for regulators, federal agencies, and plaintiffs assessing cybersecurity diligence involving AI.<\/p>\n<p>What Is the Cyber AI Profile?<br \/>\nThe Cyber AI Profile is a NIST Cybersecurity Framework Community Profile designed to help organizations prioritize cybersecurity outcomes in the context of AI systems.\u00a0 Importantly, NIST deliberately avoids narrowly defining \u201cAI,\u201d instead using the term \u201cAI systems\u201d to refer to any system that is using AI capabilities, whether they are stand-alone AI systems or applications, infrastructure, and organizations that incorporate AI. \u00a0Thus, the Cyber AI Profile is intended to apply broadly across large language models (\u201cLLMs\u201d), generative AI, predictive analytics, recommendation engines, agentic systems, and hybrid approaches.\u00a0<br \/>\nIn general, the Cyber AI Profile:<\/p>\n<p>Uses the CSF 2.0 Functions, Categories, and Subcategories (Govern, Identify, Protect, Detect, Respond, Recover), which group together similar cybersecurity measures that organization can implement;<br \/>\nAdds AI-specific considerations and proposed priorities for each Subcategory, such as incorporating AI audits to address AI-specific needs (like explainability); and<br \/>\nRecognizes that organizations may be at very different stages of AI adoption\u2014from limited machine learning tools to fully agentic or generative AI deployments.<\/p>\n<p>Application and Related Initiatives<br \/>\nThe Cyber AI Profile is intended for a broad array of organizations.\u00a0 These include those developing or using AI technologies, whether they are stand-alone AI systems or AI-enabled capabilities that are integrated into other systems. They also include those that would like to understand and capitalize on the cybersecurity capabilities that AI can provide or to better understand and defend against AI-enabled cyber-attacks.<br \/>\nTo complement the Cyber AI Profile and support the adoption of its separate AI Risk Management Framework, NIST is developing a series of Control Overlays for Securing AI Systems (COSAiS) using the NIST Special Publication (SP) 800-53 controls. \u00a0This effort should allow organizations to tailor their baseline security measures\u2014or \u201ccontrols\u201d\u2014to their specific context and needs. \u00a0COSAiS plans to provide additional implementation guidelines and to assist AI users and developers manage their unique risks across different use cases, such as adapting and using generative AI, using and fine-tuning predictive AI, and using agentic AI.\u00a0 Simultaneously, NIST has announced a Request for Information on how to measure and improve the secure development and deployment of agentic AI systems, laying the groundwork for more in-depth guidance to come.<br \/>\nSeparately, the Fiscal Year 2026 National Defense Authorization Act has directed the Pentagon to create and implement a security assessment framework for the AI technologies that it procures.\u00a0 Given the frequency with which the Pentagon has mandated compliance with NIST cybersecurity standards, it will likely consider NIST\u2019s burgeoning list of AI guidance, including the developing Cyber AI Profile, when crafting this new AI security requirement.<br \/>\nConclusion<br \/>\nNIST\u2019s Cyber AI Profile signals a clear message: AI is a cybersecurity governance issue. Organizations that wait for binding regulation before adapting their programs may find themselves behind emerging expectations.<br \/>\nCrowell &#038; Moring will continue to monitor developments, including the finalization of the Cyber AI Profile and NIST\u2019s Control Overlays for Securing AI Systems. For questions about how this draft may affect your AI deployments, cybersecurity posture, regulatory exposure, or contractual obligations, please contact our team.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying&#8230;<\/p>\n","protected":false},"author":1,"featured_media":177689,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.crowell.com\/a\/web\/gFBL1AQpELadRK9AEXxgv5\/berfNv\/2026-01-13_nist.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24],"class_list":["post-177688","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/177688"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=177688"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/177688\/revisions"}],"predecessor-version":[{"id":177690,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/177688\/revisions\/177690"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/177689"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=177688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=177688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=177688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}