Date Published: January 22, 2026
Comments Due:
Email Comments to:
Author(s)
CheeYee Tang (NIST), Alex Alshtein (MITRE), Eileen Division (MITRE), Matt Hardison (MITRE), Emma Holt (MITRE), Christina Sames (MITRE), Hillary Tran (MITRE)
Announcement
Transit operators face increasing cybersecurity risks that can impact the delivery of safe and reliable services. They must manage IT and OT system risks while meeting strict safety and operating demands. The Transit Cybersecurity Framework (CSF) Community Profile is a voluntary, risk-based guide designed to help U.S. transit agencies enhance cybersecurity while maintaining safe and efficient transit services. Built on CSF 2.0, it translates transit mission needs into a cybersecurity outcomes baseline that transit agencies can adopt and tailor to their unique operational environments.
As a non-regulatory and neutral entity, NIST developed the Transit Profile in collaboration with the transit community to provide cybersecurity considerations and guidelines tailored to the sector’s unique challenges. By working closely with transit operators, federal agencies, and other stakeholders, NIST ensures the Profile reflects industry needs while supporting voluntary adoption of cybersecurity best practices.
We encourage you to review this document and provide comments to [email protected] by February 23, 2026. If you have any questions, please email the team at [email protected].
This document is a Cybersecurity Framework (CSF) Community Profile developed to support United States-based transit agencies. This “Transit Profile” is aligned with transit sector priorities and best practices and can be used as a guide for prioritizing cybersecurity activities and outcomes or as a starting point for building a new program. The Transit Profile was developed to complement, not replace, any existing cybersecurity programs, guidelines, or policies that transit agencies may rely on or have in place.
This document is a Cybersecurity Framework (CSF) Community Profile developed to support United States-based transit agencies. This “Transit Profile” is aligned with transit sector priorities and best practices and can be used as a guide for prioritizing cybersecurity activities and outcomes or as a...
See full abstract
This document is a Cybersecurity Framework (CSF) Community Profile developed to support United States-based transit agencies. This “Transit Profile” is aligned with transit sector priorities and best practices and can be used as a guide for prioritizing cybersecurity activities and outcomes or as a starting point for building a new program. The Transit Profile was developed to complement, not replace, any existing cybersecurity programs, guidelines, or policies that transit agencies may rely on or have in place.
Hide full abstract
Keywords
bus; commuter rail; Cybersecurity Framework (CSF); operational technology (OT); public transportation; rail; risk management; subway; transit
Control Families
None selected
