NIST
Company Details
Linkedin ID:
nist
Website:
Employees number:
4,906
Number of followers:
411,115
NAICS:
5417
Industry Type:
Homepage:
nist.gov
IP Addresses:
0
Company ID:
NAT_3387092
Scan Status:
In-progress
National Institute of Standards and Technology (NIST) Company CyberSecurity Posture
nist.gov
We are the National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce. For more than a century, NIST has helped to keep U.S. technology at the leading edge. Our measurements support the smallest of technologies to the largest and most complex of human-made creations. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. See what innovative work we’re doing to support it: https://www.nist.gov/
National Institute of Standards and Technology (NIST) A.I CyberSecurity Scoring
NIST Risk Score (AI oriented)Between 700 and 749
NIST
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NIST Global Score (TPRM)XXXX
NIST
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NIST Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
National Institute of Standards and Technology (NIST)
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The National Institute of Standards and Technology is facing potential layoffs that may significantly impact its operations, particularly the US AI Safety Institute. The layoffs are part of broader federal spending cuts directed by the Trump administration. If executed, these cuts could affect around 500 employees, including technical experts and directors. The move also signals a shift in policy, deprioritizing AI safety in favor of AI opportunity, which may undermine the institute's capability to ensure the safety and reliability of artificial intelligence technologies.
National Institute of Standards and Technology (NIST)
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Amidst potential sweeping layoffs initiated by the Trump administration and DOGE, the NIST could face a significant reduction in its workforce, impacting approximately 500 probationary hires. The cuts are expected to reach high-profile technical experts and lab directors, potentially undermining NIST's ability to set benchmarks critical for a range of industries. The US AI Safety Institute (AISI), vital for AI safety collaboration, is under threat after Trump rescinded an executive order on AI. This move may impair AI safety advancements, with doubts cast over the job security of key AI personnel and the future of US leadership in AI safety research.
NIST Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NIST
Incidents vs Research Services Industry Average (This Year)
National Institute of Standards and Technology (NIST) has 284.62% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
National Institute of Standards and Technology (NIST) has 212.5% more incidents than the average of all companies with at least one recorded incident.
Incident Types NIST vs Research Services Industry Avg (This Year)
National Institute of Standards and Technology (NIST) reported 2 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — NIST (X = Date, Y = Severity)
NIST cyber incidents detection timeline including parent company and subsidiaries
NIST Company Subsidiaries
We are the National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce. For more than a century, NIST has helped to keep U.S. technology at the leading edge. Our measurements support the smallest of technologies to the largest and most complex of human-made creations. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. See what innovative work we’re doing to support it: https://www.nist.gov/
Loading...
NIST Similar Companies
King's College London
King’s College London is amongst the top 40 universities in the world and top 10 in Europe (THE World University Rankings 2024), and one of England’s oldest and most prestigious universities. With an outstanding reputation for world-class teaching and cutting-edge research, King’s maintained its si
Delft University of Technology
Delft University of Technology (TU Delft) is a leading technical university in the Netherlands, known for our world-class engineering, science and design education. We offer top-ranked education and PhD programmes, and we conduct cutting-edge research that addresses global challenges. TU Delft play
Chinese Academy of Sciences
The Chinese Academy of Sciences (CAS) is the lead national scientific institution in natural sciences and high technology development in China and the country's supreme scientific advisory body. It incorporates three major parts: a comprehensive research and development network consisting of 104 res
Imperial College London
Consistently rated in the top 10 universities in the world, Imperial College London is the only university in the UK to focus exclusively on science, medicine, engineering and business. At Imperial we bring together people, disciplines, industries and sectors to further our understanding of the n
The University of Edinburgh
Imagine what you could do at a world-leading university that is globally recognised for its teaching, research and innovation. The University of Edinburgh has been providing students with world-class teaching for more than 425 years, unlocking the potential of some of the world's leading thinkers
University of Cambridge
The University of Cambridge is one of the world's foremost research universities. The University is made up of 31 Colleges and over 150 departments, faculties, schools and other institutions. Its mission is 'to contribute to society through the pursuit of education, learning, and research at the hi
The PPD™ clinical research business of Thermo Fisher Scientific, the world leader in serving science, enables customers to accelerate innovation and drug development through patient-centered strategies and data analytics. Our services, which span multiple therapeutic areas, include early development
CNRS
The French National Centre for Scientific Research is among the world's leading research institutions. Its scientists explore the living world, matter, the Universe, and the functioning of human societies in order to meet the major challenges of today and tomorrow. Internationally recognised for the
CEA
The CEA is the French Alternative Energies and Atomic Energy Commission ("Commissariat à l'énergie atomique et aux énergies alternatives"). It is a public body established in October 1945 by General de Gaulle. A leader in research, development and innovation, the CEA mission statement has two main
.png)
NIST CyberSecurity News
November 26, 2025 03:32 PM
NIST releases updated CSF 2.0 Quick-Start Guide to strengthen cyber, ERM, and workforce integration
The U.S. NIST (National Institute of Standards and Technology) released the second public draft of NIST Cybersecurity Framework 2.0:...
November 24, 2025 10:08 PM
Updates to NIST Cybersecurity Guidance May Impact Government Contractors
November 2025 has been a busy month for cybersecurity rules affecting government contractors. The long-awaited Cybersecurity Maturity Model...
November 24, 2025 08:41 PM
NIST says critical vulnerability found in 7-Zip archiving software
A critical vulnerability has been identified in 7-Zip, a free software program used for archiving data, according to the National Institute...
October 03, 2025 07:00 AM
NIST publication warns that USB devices pose serious cybersecurity threats to ICS, offers guidance for mitigation
The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE),...
October 01, 2025 07:00 AM
The NIST Cybersecurity Framework
An overview of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), including its development,...
September 30, 2025 07:00 AM
NIST publishes Cybersecurity Framework 2.0 manufacturing profile to help strengthen risk management
The U.S. National Institute of Standards and Technology (NIST) has published Internal Report (IR) 8183 Revision 2, the Cybersecurity...
September 23, 2025 07:00 AM
NCCoE white paper maps migration to quantum-resistant cryptography against NIST CSF, SP 800-53 controls
The U.S. National Institute of Standards and Technology (NIST), through the National Cybersecurity Center of Excellence (NCCoE),...
September 21, 2025 07:00 AM
Nist CSF 2.0: Everything you need to know about
The National Institute of Standards and Technology (NIST) recently updated its popular Cybersecurity Framework (CSF) to version 2.0 to help...
September 19, 2025 07:00 AM
NIST Cybersecurity Center Outlines Roadmap for Secure Migration
NIST's National Cybersecurity Center of Excellence released a preliminary draft guide warning that migration to post-quantum cryptography.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NIST CyberSecurity History Information
Official Website of National Institute of Standards and Technology (NIST)
The official website of National Institute of Standards and Technology (NIST) is http://www.nist.gov.
National Institute of Standards and Technology (NIST)’s AI-Generated Cybersecurity Score
According to Rankiteo, National Institute of Standards and Technology (NIST)’s AI-generated cybersecurity score is 717, reflecting their Moderate security posture.
How many security badges does National Institute of Standards and Technology (NIST)’ have ?
According to Rankiteo, National Institute of Standards and Technology (NIST) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does National Institute of Standards and Technology (NIST) have SOC 2 Type 1 certification ?
According to Rankiteo, National Institute of Standards and Technology (NIST) is not certified under SOC 2 Type 1.
Does National Institute of Standards and Technology (NIST) have SOC 2 Type 2 certification ?
According to Rankiteo, National Institute of Standards and Technology (NIST) does not hold a SOC 2 Type 2 certification.
Does National Institute of Standards and Technology (NIST) comply with GDPR ?
According to Rankiteo, National Institute of Standards and Technology (NIST) is not listed as GDPR compliant.
Does National Institute of Standards and Technology (NIST) have PCI DSS certification ?
According to Rankiteo, National Institute of Standards and Technology (NIST) does not currently maintain PCI DSS compliance.
Does National Institute of Standards and Technology (NIST) comply with HIPAA ?
According to Rankiteo, National Institute of Standards and Technology (NIST) is not compliant with HIPAA regulations.
Does National Institute of Standards and Technology (NIST) have ISO 27001 certification ?
According to Rankiteo,National Institute of Standards and Technology (NIST) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST) operates primarily in the Research Services industry.
Number of Employees at National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST) employs approximately 4,906 people worldwide.
Subsidiaries Owned by National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST) presently has no subsidiaries across any sectors.
National Institute of Standards and Technology (NIST)’s LinkedIn Followers
National Institute of Standards and Technology (NIST)’s official LinkedIn profile has approximately 411,115 followers.
NAICS Classification of National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST) is classified under the NAICS code 5417, which corresponds to Scientific Research and Development Services.
National Institute of Standards and Technology (NIST)’s Presence on Crunchbase
No, National Institute of Standards and Technology (NIST) does not have a profile on Crunchbase.
National Institute of Standards and Technology (NIST)’s Presence on LinkedIn
Yes, National Institute of Standards and Technology (NIST) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/nist.
Cybersecurity Incidents Involving National Institute of Standards and Technology (NIST)
As of December 01, 2025, Rankiteo reports that National Institute of Standards and Technology (NIST) has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
National Institute of Standards and Technology (NIST) has an estimated 4,803 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at National Institute of Standards and Technology (NIST) ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
Incident Details
Can you provide details on each incident ?
Title: Potential Layoffs at NIST Impacting US AI Safety Institute
Description: The National Institute of Standards and Technology (NIST) is facing potential layoffs that may significantly impact its operations, particularly the US AI Safety Institute. The layoffs are part of broader federal spending cuts directed by the Trump administration. If executed, these cuts could affect around 500 employees, including technical experts and directors. The move also signals a shift in policy, deprioritizing AI safety in favor of AI opportunity, which may undermine the institute's capability to ensure the safety and reliability of artificial intelligence technologies.
Type: Policy and Budget Cut Impact
Threat Actor: Trump Administration
Motivation: Deprioritizing AI safety in favor of AI opportunity
Title: Potential Layoffs at NIST and US AI Safety Institute
Description: Amidst potential sweeping layoffs initiated by the Trump administration and DOGE, the NIST could face a significant reduction in its workforce, impacting approximately 500 probationary hires. The cuts are expected to reach high-profile technical experts and lab directors, potentially undermining NIST's ability to set benchmarks critical for a range of industries. The US AI Safety Institute (AISI), vital for AI safety collaboration, is under threat after Trump rescinded an executive order on AI. This move may impair AI safety advancements, with doubts cast over the job security of key AI personnel and the future of US leadership in AI safety research.
Type: Operational Impact
Motivation: Reduction in workforce and rescinding of executive order
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Policy and Budget Cut Impact NIS000022125
Operational Impact: Significant impact on operations
Incident : Operational Impact NIS001022325
Operational Impact: Significant reduction in workforce, undermining NIST's ability to set benchmarks, impairing AI safety advancements
Which entities were affected by each incident ?
Incident : Policy and Budget Cut Impact NIS000022125
Entity Name: National Institute of Standards and Technology
Entity Type: Government Agency
Industry: Technology and Standards
Location: United States
Incident : Operational Impact NIS001022325
Entity Name: NIST
Entity Type: Government Agency
Industry: Technology and Standards
Location: United States
Incident : Operational Impact NIS001022325
Entity Name: US AI Safety Institute (AISI)
Entity Type: Research Institute
Industry: Artificial Intelligence
Location: United States
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Trump Administration.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 3.3
Severity: LOW
AV:N/AC:L/Au:M/C:N/I:P/A:N
cvss3
Base: 2.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There is no attempt to sanitize these arguments in the default configuration of this MCP server at the affected version (as of commit 2f3a5512 in September of 2025).
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Qualitor 8.20/8.24. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=nist' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
