Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In April, I had the amazing opportunity to participate in a unique AI security event put on by the National Cybersecurity Center of Excellence (NCCoE). The April event was all about getting the community together to discuss what a Cyber AI Profile should look like as an overlay to the NIST Cybersecurity Framework (CSF) 2.0.

In this article If your cloud platform is already compliant with NIST SP 800-53, you’ve laid important groundwork for security and risk management. But when the goal shifts to serving U.S. federal agencies, the bar is raised significantly. That’s where FedRAMP enters the picture. While FedRAMP is built on NIST 800-53, the two are not interchangeable. FedRAMP adds a layer of rigor, documentation, and oversight specifically tailored to the requirements of the federal government.

The National Institute of Standards and Technology (NIST) has unveiled a new metric that promises to revolutionize the way vulnerability management is prioritized. Likely Exploited Vulnerabilities (LEV) is a ranking designed to help organizations focus their efforts on the flaws that cybercriminals are actively using to perpetrate real-world attacks. Thousands of vulnerabilities are reported every year but only a small fraction is exploited in the wild.

As artificial intelligence continues to reshape industries, responsible governance has emerged as a business necessity. Organizations deploying AI face the challenge of maintaining innovation while mitigating risks related to bias, data privacy, security, and transparency. Two major frameworks – ISO 42001 and NIST AI Risk Management Framework (AI RMF)—have been developed to help businesses navigate this balance.

NIST Special Publication 800-53 is a cybersecurity and privacy framework developed by the National Institute of Standards and Technology (NIST). It provides a standardized set of security controls for federal information systems, covering everything from access control and incident response to system monitoring and supply chain risk management.

NIST compliance refers to adherence to the cybersecurity standards and guidelines developed by the National Institute of Standards and Technology (NIST), which are designed to help organizations manage and reduce cybersecurity risk.

For decades, the United States National Institute of Standards and Technology (NIST) has been guiding industry efforts through the many publications in its Computer Security Resource Center. NIST has played an especially important role in the adoption of Zero Trust architecture, through its series of publications that began with NIST SP 800-207: Zero Trust Architecture, released in 2020.

According to the Wallarm Q1 2025 ThreatStats report, 70% of all application attacks target APIs. The industry can no longer treat API security as a sidenote; it’s time to treat it as the main event. NIST seems to be on board with this view, releasing the initial public draft of NIST SP 800-228, a set of recommendations for securing APIs.

While NIST frameworks are typically not mandatory for most organizations, they are still being called on to do some heavy lifting to bolster the nation’s cybersecurity defenses. Under the January 2025 Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, the National Institute of Standards and Technology (NIST) was charged, along with several other agencies, with the following tasks.