Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
New NIST Cybersecurity Resource for Transit Operators
The NIST National Cybersecurity Center of Excellence has released a draft of NIST Internal Report 8576, Transit Cybersecurity Framework Community Profile. This Profile is now available for public comment until February 23, 2026.
Transit agencies operate a complex network of business and operational systems to fulfill their mission. With the increasing reliance on digital, network-based communication, including extensive use of wireless connectivity, cybersecurity risks have grown. Systematically managing these risks while also meeting safety and operational requirements is critical for transit operators.
Based on engagement with the transit community, NIST developed this Community Profile as a voluntary, risk-based approach for strengthening preparedness and resilience against evolving cybersecurity threats facing transit agencies.
This Profile is intended to help transit agencies focus resources on cybersecurity activities aligned with their mission needs by mapping them to relevant NIST Cybersecurity Framework (CSF) 2.0 outcomes and existing industry-specific considerations and guidelines.
We Need Your Input!
The public comment period for this Community Profile is open through February 23, 2026. Your feedback is essential to refining this publication and ensuring it meets the needs of the transit community. Comments can be submitted by visiting the NCCoE project page.
If you have any questions or need further information, please don’t hesitate to contact the team at transit-nccoe [at] nist.gov (transit-nccoe[at]nist[dot]gov).