NIST is expanding its AI governance ecosystem with two major developments in 2026. On April 7, NIST released a concept note for an AI RMF Profile on Trustworthy AI in Critical Infrastructure, targeting operators of energy, healthcare, transportation, and other essential systems deploying AI. Separately, NISTIR 8596 — the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) — has advanced through its public comment period with over 6,500 contributors and is moving toward its initial public draft. Together, these publications create the most comprehensive federal framework for managing AI risks at the intersection of cybersecurity and operational technology.
What the Critical Infrastructure Profile Covers
The new concept note addresses a specific gap: how should organizations operating critical infrastructure assess and manage risks when they integrate AI into systems that society depends on? This is not about AI chatbots or marketing automation. It is about AI controlling power grid load balancing, AI assisting medical diagnostics, AI managing water treatment plant operations, and AI monitoring transportation networks.
The profile will guide critical infrastructure operators toward specific risk management practices when engaging AI-enabled capabilities across Information Technology (IT), Operational Technology (OT), and Industrial Control Systems (ICS). The scope deliberately spans all three technology domains because modern critical infrastructure increasingly blurs the boundaries between them.
NIST is creating a Trustworthy AI in Critical Infrastructure Profile Community of Interest to provide feedback. This approach mirrors NIST’s successful community-driven development model used for the Cybersecurity Framework itself.
NISTIR 8596: The Cyber AI Profile
While the critical infrastructure profile addresses AI deployment in essential services, NISTIR 8596 addresses a broader challenge: how organizations secure AI systems, use AI for cyber defense, and defend against AI-powered attacks. The Cyber AI Profile maps these concerns onto the NIST Cybersecurity Framework 2.0 structure.
The three domains of NISTIR 8596 are:
Securing AI systems. Protecting AI models, training data, inference pipelines, and deployment infrastructure from adversarial manipulation, data poisoning, model extraction, and supply chain attacks. This includes securing the entire AI lifecycle from data collection through production deployment.
AI for cybersecurity. Using AI capabilities to enhance threat detection, vulnerability management, incident response, and security operations. This domain provides guidance on where AI augments human defenders and where its limitations create new risks.
Defending against AI-powered threats. Addressing the use of AI by adversaries for automated vulnerability discovery, deepfake social engineering, polymorphic malware, and adaptive attack techniques. This forward-looking domain acknowledges that AI empowers attackers just as much as defenders.
Advertisement
Why This Matters Beyond the United States
NIST frameworks carry influence far beyond U.S. federal agencies. The original Cybersecurity Framework became a de facto international standard adopted by organizations in over 50 countries. The AI RMF is following the same trajectory. Several factors drive global adoption:
Regulatory reference. Countries developing AI governance frameworks frequently reference NIST publications as technical foundations. The EU AI Act’s risk categorization, while independently developed, maps closely to NIST AI RMF concepts. Organizations that align with NIST frameworks find it easier to demonstrate compliance with multiple regulatory regimes.
Supply chain pressure. Organizations in the supply chain of U.S. critical infrastructure operators — including international vendors and service providers — will face expectations to demonstrate alignment with these profiles. This creates indirect compliance pressure on non-U.S. entities.
Technical depth. NIST’s community-driven development process, involving over 6,500 contributors for NISTIR 8596 alone, produces technically detailed guidance that individual organizations could not develop independently. The frameworks become shared infrastructure that reduces the governance burden for every organization that adopts them.
Implementation Considerations
The profiles are designed to be adaptable rather than prescriptive. Organizations select profile elements based on their specific risk context, technology stack, and regulatory environment. Key implementation considerations include:
Risk tiering. Not all AI deployments carry the same risk. An AI system managing social media content moderation requires different controls than an AI system controlling nuclear plant cooling systems. The profiles provide a vocabulary and structure for differentiating risk levels.
Governance integration. AI risk management does not operate in isolation. The profiles are designed to integrate with existing enterprise risk management, cybersecurity governance, and compliance programs. Organizations that already use the NIST Cybersecurity Framework can extend their existing processes rather than building parallel structures.
Continuous assessment. AI systems evolve — through retraining, data drift, model updates, and changing deployment contexts. The profiles emphasize continuous risk assessment rather than one-time compliance checks. This aligns with the reality that AI risk is dynamic.
Third-party AI. Many organizations consume AI through third-party APIs, cloud services, and embedded systems rather than developing AI internally. The profiles address supply chain risk management for AI components, including requirements for transparency about training data, model architecture, and known limitations.
Frequently Asked Questions
How does the new critical infrastructure profile differ from NISTIR 8596?
NISTIR 8596 (the Cyber AI Profile) addresses general cybersecurity concerns for AI across all sectors — securing AI systems, using AI for defense, and defending against AI-powered attacks. The critical infrastructure profile specifically targets operators of essential services (energy, healthcare, transportation) and addresses the unique risks of deploying AI in OT and ICS environments where failures can affect public safety.
Do organizations outside the United States need to comply with NIST AI frameworks?
NIST frameworks are voluntary, not regulatory mandates — even for U.S. organizations. However, they function as de facto international standards because regulators reference them, customers expect alignment with them, and supply chain partners require them. Organizations that align with NIST frameworks typically find it easier to demonstrate compliance with other regulatory regimes, including the EU AI Act.
When will the final versions of these frameworks be available?
NISTIR 8596 completed its comment period in January 2026 and is moving toward an initial public draft, expected in mid-2026. The critical infrastructure profile concept note was released April 7, 2026, and will go through NIST’s standard development process including community feedback, drafting, and public comment. A final version is unlikely before early 2027.
Sources & Further Reading
- Concept Note: AI RMF Profile on Trustworthy AI in Critical Infrastructure — NIST
- NISTIR 8596 Draft: Cybersecurity Framework Profile for Artificial Intelligence — NIST CSRC
- Draft NIST Guidelines Rethink Cybersecurity for the AI Era — NIST News
- NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for AI — Global Policy Watch
- NIST AI Risk Management Framework — NIST
