The NIST National Cybersecurity Center of Excellence (NCCoE) has released a draft of NIST Interagency Report (IR) 8576, Transit Cybersecurity Framework (CSF) Community Profile. This Profile is now available for public comment through February 23, 2026.
Transit operators face increasing cybersecurity risks that can impact the delivery of safe and reliable services. They must manage IT and OT system risks while meeting strict safety and operating demands. The Transit Cybersecurity Framework (CSF) Community Profile is a voluntary, risk-based guide designed to help U.S. transit agencies enhance cybersecurity while maintaining safe and efficient transit services. Built on CSF 2.0, it translates transit mission needs into a baseline of cybersecurity outcomes that transit agencies can adopt and tailor to their unique operational environments.
As a non-regulatory and neutral entity, NIST developed the Transit Profile in collaboration with the transit community to provide cybersecurity considerations and guidelines tailored to the sector’s unique challenges. By working closely with transit operators, federal agencies, and other stakeholders, NIST ensures the Profile reflects industry needs while supporting voluntary adoption of cybersecurity best practices.
We encourage you to review this document and provide comments to [email protected] by February 23, 2026. Send inquiries to that same email.
