Draft NIST Guidelines Rethink Cybersecurity for the AI Era
NIST's Cyber AI Profile will likely shape how Australian agencies think about AI-cybersecurity intersections - especially given NIST CSF 2.0's existing uptake across the APS.
Key points
- NIST has released a preliminary draft Cyber AI Profile (NISTIR 8596) for 45-day public comment, closing 30 January 2026.
- The profile maps cybersecurity guidance across three areas: securing AI systems, AI-enabled defence, and AI-enabled attack resilience.
- Still in preliminary draft stage; a refined initial public draft is planned for 2026, limiting immediate applicability for Australian agencies.
Implications for Australian agencies
- Monitor Agencies and ACSC-aligned security teams may want to monitor NISTIR 8596's development, given the likely influence of NIST frameworks on Australian cybersecurity and AI governance guidance.
- Consider APS AI and cybersecurity policy practitioners could consider whether submitting comment or attending the 14 January workshop aligns with their agency's engagement priorities before the 30 January deadline.
Implications are AI-generated. Starting points, not advice — see methodology for how they're framed.
View original source
Copied.
Appeared in:
Weekly digest, 15 December 2025
"Draft NIST Guidelines Rethink Cybersecurity for the AI Era"
Source: NIST Information Technology RSS
Published: 16 December 2025
URL: https://www.nist.gov/news-events/news/2025/12/draft-nist-guidelines-rethink-cybersecurity-ai-era
NIST has published a preliminary draft of its Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596), designed to help organisations apply CSF 2.0 to AI-related cybersecurity risks and opportunities. The profile covers three focus areas: securing AI systems, using AI for cyber defence, and building resilience against AI-enabled threats. It was developed over a year with input from more than 6,500 stakeholders and is now open for public comment until 30 January 2026, with a workshop planned for 14 January 2026. A refined initial public draft is expected in 2026, after which it will include mappings to NIST's AI Risk Management Framework.
Implications for Australian agencies:
- [Monitor] Agencies and ACSC-aligned security teams may want to monitor NISTIR 8596's development, given the likely influence of NIST frameworks on Australian cybersecurity and AI governance guidance.
- [Consider] APS AI and cybersecurity policy practitioners could consider whether submitting comment or attending the 14 January workshop aligns with their agency's engagement priorities before the 30 January deadline.
Retrieved from SIMS, 18 July 2026.