{"id":221003,"date":"2026-05-27T09:01:00","date_gmt":"2026-05-27T13:01:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/27\/nist-fy2025-report-highlights-cybersecurity-and-privacy-initiatives-spanning-ai-5g-iot-critical-infrastructure-resilience\/"},"modified":"2026-05-27T09:30:12","modified_gmt":"2026-05-27T13:30:12","slug":"nist-fy2025-report-highlights-cybersecurity-and-privacy-initiatives-spanning-ai-5g-iot-critical-infrastructure-resilience","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/27\/nist-fy2025-report-highlights-cybersecurity-and-privacy-initiatives-spanning-ai-5g-iot-critical-infrastructure-resilience\/","title":{"rendered":"NIST FY2025 report highlights cybersecurity and privacy initiatives spanning AI, 5G, IoT, critical infrastructure resilience"},"content":{"rendered":"

NIST FY2025 report highlights cybersecurity and privacy initiatives spanning AI, 5G, IoT, critical infrastructure resilience<\/a><\/p>\n

https:\/\/industrialcyber.co\/nist\/nist-fy2025-report-highlights-cybersecurity-and-privacy-initiatives-spanning-ai-5g-iot-critical-infrastructure-resilience\/<\/a><\/p>\n

Publish Date: 2026-05-27 09:01:00<\/a><\/p>\n

Source Domain: industrialcyber.co<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

The U.S. National Institute of Standards and Technology (NIST) released Special Publication 800-238, the FY 2025 Annual Report for its Cybersecurity and Privacy Program, outlining emerging security and privacy challenges during fiscal year 2025, spanning Oct. 1, 2024, through Sept. 30, 2025. The publication highlights research, standards development, and practical cybersecurity initiatives across several priority areas, including cryptography, cybersecurity and AI, education and workforce development, hardware and software security, infrastructure security, and risk management.\u00a0<\/p>\n

The agency also details ongoing efforts to strengthen software and supply chain cybersecurity, advance IoT cybersecurity guidelines, support projects led by the National Cybersecurity Center of Excellence (NCCoE), launch a new comment site for NIST\u2019s Risk Management Framework, introduce a Phish Scale, and expand work in identity and access management.<\/p>\n

\u201cAmid evolving threats, rapid technological advancements, and an increasingly intricate global ecosystem, our cybersecurity and privacy NIST colleagues and external partners, including collaborations at the NIST National Cybersecurity Center of Excellence (NCCoE), accomplished so much this year,\u201d Julie Chua, NIST\u2019s chief of the applied cybersecurity division and Jon Boyens, acting chief for the computer security division, wrote in the Fiscal Year 2025 Annual Report. \u201cThey delivered important publications and guidelines, hosted events, fostered critical collaborations, and advanced innovative research that strengthens global cybersecurity, standards, and privacy.\u201d\u00a0<\/p>\n

\u201cOur work cut across disciplines at NIST, including our work in standards, risk management, supply chain, small business, and privacy,\u201d according to Chua and Boyens. \u201cThese accomplishments are a testament to the unwavering dedication and resilience of our talented teams, partners, and stakeholders.\u201d\u00a0<\/p>\n

They added, \u201cAs we look to the future, we are filled with profound optimism. The foundation we have built positions us not only to address today\u2019s challenges, but to anticipate and shape tomorrow\u2019s opportunities in cybersecurity and privacy.\u201d\u00a0<\/p>\n

On cryptography, NIST fostered development of trustworthy cryptographic techniques and technologies for more than 50 years through open, collaborative processes incorporating expertise from industry, government, and academia. Its cryptographic standards, guidelines, and test methods help secure global e-commerce and protect the nation\u2019s federal information.<\/p>\n

Major accomplishments included advancing post-quantum cryptography (PQC) standards by announcing a fifth PQC algorithm for standardization, Hamming Quasi-Cyclic (HQC), and working with industry and standards development organizations to support PQC adoption in critical security technologies. NIST also released a migration timeline that calls for the deprecation of quantum-vulnerable algorithms after 2030 and the required use of quantum-resistant algorithms by 2035.<\/p>\n

The agency published the lightweight cryptography standard Ascon in SP 800-232 following a five-year global competition, providing strong, efficient, and side-channel-resistant protection for billions of Internet of Things devices and other constrained systems where traditional cryptography is too resource-intensive. NIST also strengthened trust in commercial cryptographic products through testing under the Cryptographic Module Validation Program, improving workflows and processes to reduce validation times for the 262 products tested during FY 2025.<\/p>\n

In addition, NIST expanded collaboration on its Migration to PQC Project, with more than 50 organizations working to demonstrate practices designed to ease migration to NIST PQC standards. The effort included demonstrations of discovery and inventory tools that can help organizations prioritize migration decisions, as well as interoperability testing of PQC algorithms for future use in products and services through the NCCoE.<\/p>\n

The agency also expanded automated cryptographic algorithm testing, delivering nearly 1 million test vectors and validating 1,598 implementations. As part of its PQC migration efforts, NIST completed 170 validations for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA) from FIPS 204 and the Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM) from FIPS 203.<\/p>\n

In addressing cybersecurity and AI, the NIST FY2025 Annual Report noted that AI systems are increasingly being deployed to process and analyze large volumes of data, creating both new opportunities and emerging security concerns. The focus area examines how to manage risks affecting individuals and organizations that use AI systems.<\/p>\n

Major accomplishments in this area included publishing a concept paper and gathering critical input for the Cybersecurity Framework Profile for AI through workshops and working meetings involving thousands of participants. NIST also released \u2018Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations,\u2019 a publication that has been widely cited and discussed.<\/p>\n

The agency collected real-world experimental data from a \u2018smart road\u2019 project to support developing next-generation benchmark datasets aimed at improving the robustness of AI models used in self-driving vehicles. Through the NCCoE, NIST also launched the Control Overlays for Securing AI Systems (COSAiS) project to develop overlays for securing AI systems using SP 800-53 controls, SP 800-218A, Draft AI 800-1, and AI 100-2e2025 to support responsible and secure adoption of AI technologies.<\/p>\n

Additional accomplishments included publishing an Institute of Electrical and Electronics Engineers Computer article describing a unified measurement and visualization framework designed to quantitatively assess the strength, weakness, transferability, and explainability of machine-learning training and testing datasets. NIST also published findings on a model-agnostic dataset reduction method using Combinatorial Frequency Differencing at a peer-reviewed conference, along with a paper on threat modeling for machine learning security analysis at the Association for Computing Machinery Workshop on Computer Security.<\/p>\n

The NIST FY2025 report further published a paper on detecting hallucinations in conference proceedings for Data and Applications Security and Privacy, earning a Best Paper Award, as well as a paper on automated program repair in IEEE Computer. NIST also continued development of Dioptra, a software testing platform used to assess multiple characteristics of AI systems.<\/p>\n

NIST\u2019s Education and Workforce focus area coordinated programs across sectors to grow and sustain a skilled cybersecurity workforce. The work included increasing public awareness of cybersecurity, cybersafety, and cyberethics, and disseminating cybersecurity technical standards and best practices for individuals and enterprises.<\/p>\n

The NIST FY2025 report identified that the NICE Community Coordinating Council released three new resources supporting the NICE Strategic Plan, including a white paper on retaining skilled cybersecurity talent for long-term success, guidance on pathways into the cybersecurity workforce, and information on how National Centers of Academic Excellence are addressing the growing demand for cybersecurity educators.<\/p>\n

NIST also released additional resources focused on skills-based approaches to cybersecurity talent management, the role of apprenticeships in expanding the cybersecurity workforce, and the impact of artificial intelligence on cybersecurity jobs and workforce development.<\/p>\n

The Regional Alliances and Multistakeholder Partnerships to Stimulate Cybersecurity Education and Workforce Development Program awarded 17 new cooperative agreements totaling more than $3 million to help build the workforce needed to protect enterprises from cybersecurity risks. As of September 2025, NIST had funded 47 RAMPS communities across 25 states.<\/p>\n

Several events were held throughout FY 2025, including the NICE Conference and Expo, the NICE K-12 Cybersecurity Education Conference, the Regional Initiative for Cybersecurity Education and Training, Cybersecurity Career Week, NICE webinars, and the U.S. Cyber Team Draft Day. NIST also continued supporting engagement through the Federal Information Security Educators initiative, including winter, spring, and fall forums.<\/p>\n

Computing hardware and software are the building blocks of modern electronics and information systems. The Hardware Security and Software Security programs at NIST are dedicated to developing the standards, guidelines, and best practices that underpin the security and trustworthiness of these systems. Their work focuses on ensuring the integrity of hardware components and the security of software systems, components, and services throughout the development life cycle.\u00a0<\/p>\n

In this area, NIST established a Hardware Security Laboratory to strengthen semiconductor security through measurements and metrics. The facility includes an electrical probing station, electromagnetic side-channel analysis equipment, test artifacts, and ongoing experiment development.<\/p>\n

NIST also held a workshop involving industry, government, and academic stakeholders to identify priorities, challenges, and solutions related to semiconductor supply chain trust and provenance. Discussions examined security concerns, verification requirements, collaboration barriers, and potential actions for a shared industry roadmap.<\/p>\n

The agency gathered feedback during a workshop for the Semiconductor Manufacturing Profile and released Draft IR 8546 to establish Cybersecurity Framework 2.0-aligned guidelines to improve security in semiconductor manufacturing environments.<\/p>\n

Additional work included leading the development of advanced security measurement techniques and analytical frameworks to evaluate hardware security failure scenarios, quantify vulnerabilities, assess collusion-based supply chain threats, and measure the effectiveness of benchmark mitigation strategies for semiconductor devices.\u00a0<\/p>\n

Through the NCCoE, NIST launched the Secure Software Development, Security, and Operations Practices Project, formed an industry consortium focused on improving secure software development and published a preliminary draft of SP 1800-44A. The National Checklist Program also added approximately 216 new and updated automated checklists for securely configuring and patching widely used applications and operating systems, supporting the protection of millions of computer systems used by organizations.<\/p>\n

NIST\u2019s infrastructure security portfolio delivers relevant guidelines, standards, and technical leadership to strengthen the security of resources and platforms that underpin information technology systems. Through coordinated research, industry collaboration, and contributions to global standards bodies, the program identifies emerging risks, develops practical and risk-based cybersecurity approaches, and supports secure technology adoption across critical sectors.\u00a0<\/p>\n

For infrastructure security, the NIST FY2025 report said that it published \u2018Guidelines for API Protection for Cloud-Native Systems\u2019 and \u2018Service Mesh Proxy Models for Cloud-Native Applications,\u2019 both of which recommend practical security controls and risk-based approaches to API protection. The agency published the Cybersecurity Framework 2.0 Manufacturing Profile through the NCCoE, providing manufacturers with a voluntary, risk-based framework to manage activities and reduce cyber risk.<\/p>\n

NIST\u2019s 5G Cybersecurity project released several white papers, including CSWP 36C, CSWP 36D, and CSWP 36E, addressing potential security concerns and mitigation strategies for 5G systems. The High-Performance Computing Security Working Group also released SP 800-223 and Draft SP 800-234 to improve communication around HPC security, support security compliance efforts, and enable guided system designs globally. Additional work included updating Draft IR 8259 Revision 1, which recommends cybersecurity activities for manufacturers, while the Cybersecurity for the Manufacturing Sector Consortium project remained under review through the NCCoE.<\/p>\n

NIST also participated in the third-generation partnership project SA3 to contribute to cybersecurity standards for cellular technologies, including integrating NIST cryptographic algorithm standards into 5G and emerging 6G cellular networks.<\/p>\n

The Trusted Internet of Things Device Network-Layer Onboarding and Lifecycle Management project hosted an open house for collaborating organizations to demonstrate their solutions through the NCCoE. In parallel, NIST convened bi-monthly Cooperative Research and Development Agreement partner meetings focused on engaging water sector stakeholders, presenting findings at conferences and industry meetings, and reinforcing the agency\u2019s role in promoting cybersecurity best practices across the water sector.<\/p>\n

The NIST FY2025 report states that the Cybersecurity and Privacy Risk Management portfolio encompasses research, standards, and frameworks designed to support the understanding, assessment, measurement, management, and communication of risk from the component level to the enterprise level. These efforts form the foundation of National Institute of Standards and Technology\u2019s broader cybersecurity and privacy program.<\/p>\n

In risk management, NIST advanced adoption of the Cybersecurity Framework 2.0 by releasing quick-start guides, adding informative references to the CSF 2.0 Tool through the Online Informative References platform, launching a webinar series, publishing translated resources, and updating the NIST IR 8286 series.<\/p>\n

The agency also published seven community profiles and related resources across multiple sectors through the NCCoE. NIST further released SP 800-55 Volumes 1 and 2, which focus on identifying and selecting security measures and developing information security measurement programs.<\/p>\n

Additional efforts included updating enhanced security requirements and assessment procedures for protecting controlled unclassified information while also issuing a primer tailored for small businesses. In response to Executive Order 14306, NIST updated the Security and Privacy Control Catalog, SP 800-53 Release 5.2.0, and the associated assessment procedures in SP 800-53A Release 5.2.0 to strengthen guidance around secure and reliable software updates and patch management.<\/p>\n

NIST also promoted adoption of cybersecurity supply chain risk management best practices by leading the Software and Supply Chain Assurance Forum and supporting the Federal Acquisition Security Council. The agency published Draft Privacy Framework 1.1, which received more than 250 comments from 31 stakeholders and was downloaded more than 25,000 times.<\/p>\n

The Open Security Controls Assessment Language initiative continued advancing security program automation. NIST released the CAPORDINO tool, which converts reference datasets managed through the Cybersecurity and Privacy Reference Tool into OSCAL formats.<\/p>\n

In digital identity and authentication, NIST released Revision 4 of the Digital Identity Guidelines, delivered resources on mobile driver\u2019s licenses for account opening and high-risk transactions, contributed to ISO\/IEC TS 18013-7:2025, an international protocol for securely presenting identity documents, and developed a reference implementation of an International Organization for Standardization standard through the NCCoE.<\/p>\n

NIST also issued NICE Workforce Framework Version 2.2.0, which introduced a new Operational Technology Cybersecurity Engineering work role.<\/p>\n

Earlier this month, NIST released initial public draft of SP 1800-41, a cybersecurity practice guide designed to help manufacturers respond to and recover from cyberattacks targeting ICS (industrial control systems) and OT (operational technology) environments. Developed through the NCCoE, the guidance comes as manufacturers face growing risks from ransomware, destructive malware, and attacks on connected industrial systems that support production and supply chain operations.<\/p>\n

\t\t\t\t\tAnna Ribeiro\t\t\t\t<\/p>\n

\t\t\t\t\tIndustrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.\t\t\t\t<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

NIST FY2025 report highlights cybersecurity and privacy initiatives spanning AI, 5G, IoT, critical infrastructure resilience…<\/p>\n","protected":false},"author":1,"featured_media":221004,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/industrialcyber.co\/wp-content\/uploads\/2026\/01\/NIST-updates.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,33,24,32],"class_list":["post-221003","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-computer-security","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221003"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=221003"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221003\/revisions"}],"predecessor-version":[{"id":221005,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221003\/revisions\/221005"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/221004"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=221003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=221003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=221003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}