NIST
Company Details
Linkedin ID:
nist
Website:
Employees number:
4,906
Number of followers:
411,115
NAICS:
5417
Industry Type:
Homepage:
nist.gov
IP Addresses:
0
Company ID:
NAT_3387092
Scan Status:
In-progress
National Institute of Standards and Technology (NIST) Company CyberSecurity Posture
nist.gov
We are the National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce. For more than a century, NIST has helped to keep U.S. technology at the leading edge. Our measurements support the smallest of technologies to the largest and most complex of human-made creations. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. See what innovative work we’re doing to support it: https://www.nist.gov/
National Institute of Standards and Technology (NIST) A.I CyberSecurity Scoring
NIST Risk Score (AI oriented)Between 700 and 749
NIST
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NIST Global Score (TPRM)XXXX
NIST
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NIST Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
National Institute of Standards and Technology (NIST)
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The National Institute of Standards and Technology is facing potential layoffs that may significantly impact its operations, particularly the US AI Safety Institute. The layoffs are part of broader federal spending cuts directed by the Trump administration. If executed, these cuts could affect around 500 employees, including technical experts and directors. The move also signals a shift in policy, deprioritizing AI safety in favor of AI opportunity, which may undermine the institute's capability to ensure the safety and reliability of artificial intelligence technologies.
NIST Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NIST
Incidents vs Research Services Industry Average (This Year)
No incidents recorded for National Institute of Standards and Technology (NIST) in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for National Institute of Standards and Technology (NIST) in 2026.
Incident Types NIST vs Research Services Industry Avg (This Year)
No incidents recorded for National Institute of Standards and Technology (NIST) in 2026.
Incident History — NIST (X = Date, Y = Severity)
NIST cyber incidents detection timeline including parent company and subsidiaries
NIST Company Subsidiaries
We are the National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce. For more than a century, NIST has helped to keep U.S. technology at the leading edge. Our measurements support the smallest of technologies to the largest and most complex of human-made creations. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. See what innovative work we’re doing to support it: https://www.nist.gov/
Loading...
NIST Similar Companies
The University of Edinburgh
Imagine what you could do at a world-leading university that is globally recognised for its teaching, research and innovation. The University of Edinburgh has been providing students with world-class teaching for more than 425 years, unlocking the potential of some of the world's leading thinkers
UCL
UCL (University College London) is London's leading multidisciplinary university, ranked 9th in the QS World University Rankings. Established in 1826 UCL opened up education in England for the first time to students of any race, class or religion and was also the first university to welcome female
CNRS
The French National Centre for Scientific Research is among the world's leading research institutions. Its scientists explore the living world, matter, the Universe, and the functioning of human societies in order to meet the major challenges of today and tomorrow. Internationally recognised for the
Utrecht University
At Utrecht University (UU), we are working towards a better world. We do this by researching complex issues beyond the borders of disciplines. We put thinkers in contact with doers, so new insights can be applied. We give students the space to develop themselves. In so doing, we make substantial con
Politecnico di Milano
Politecnico Milano is a scientific-technological university which trains engineers, architects and designers. The University has always focused on the quality and innovation of its teaching and research, developing a fruitful relationship with business and productive world by means of experimental
University of Amsterdam
The University of Amsterdam is one of the largest comprehensive universities in Europe. With some 44,000 students, 6,000 staff, 3,000 PhD candidates, and an annual budget of more than 850 million euros, it is also one of Amsterdam’s biggest employers. There is an inseparable link between the unive
Chinese Academy of Sciences
The Chinese Academy of Sciences (CAS) is the lead national scientific institution in natural sciences and high technology development in China and the country's supreme scientific advisory body. It incorporates three major parts: a comprehensive research and development network consisting of 104 res
CEA
The CEA is the French Alternative Energies and Atomic Energy Commission ("Commissariat à l'énergie atomique et aux énergies alternatives"). It is a public body established in October 1945 by General de Gaulle. A leader in research, development and innovation, the CEA mission statement has two main
Delft University of Technology
Delft University of Technology (TU Delft) is a leading technical university in the Netherlands, known for our world-class engineering, science and design education. We offer top-ranked education and PhD programmes, and we conduct cutting-edge research that addresses global challenges. TU Delft play
.png)
NIST CyberSecurity News
January 23, 2026 04:16 PM
NIST is rethinking its role in analyzing software vulnerabilities
As the agency's vulnerability database buckles under a flood of submissions, it's planning to shift some responsibilities to other parties.
January 23, 2026 12:51 PM
NIST outlines cybersecurity efforts amid staffing constraints
CyberScoop reports that the National Institute of Standards and Technology's staffing and budget reductions are shaping how the agency...
January 23, 2026 09:35 AM
NIST begins overhaul of SP 800-82 to strengthen OT cybersecurity guidance, align with updated NIST frameworks
The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) has kicked off a revision of SP 800-82 Rev.
January 21, 2026 10:46 PM
Security Breach: Clarifying the Big-Picture Impacts of CMMC
How Cybersecurity Maturity Model Certification will impact manufacturing beyond defense contracts.
January 13, 2026 09:11 PM
NIST Releases Draft Framework for AI Cybersecurity, Solicits Public Comment: What Organizations Using or Deploying AI Should Know
The National Institute of Standards and Technology (“NIST”) recently released draft guidelines for applying NIST's Cybersecurity Framework to organizations...
January 07, 2026 08:00 AM
NIST asks public for help securing AI agents
The National Institute of Standards and Technology is asking the public for suggested approaches to managing the security risks of AI agents...
January 06, 2026 06:11 PM
NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment
On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity...
January 05, 2026 08:00 AM
Lawmakers boost funding for NIST after proposed cuts
Congressional appropriators are looking to maintain, and in some cases increase, the National Institute of Standards and Technology's work...
December 30, 2025 08:00 AM
Cybersecurity and Credit Union System Resilience Annual Report to Congress
MESSAGE FROM THE CHAIRMAN On behalf of the National Credit Union Administration (NCUA), I am submitting our annual, statutorily required...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NIST CyberSecurity History Information
Official Website of National Institute of Standards and Technology (NIST)
The official website of National Institute of Standards and Technology (NIST) is http://www.nist.gov.
National Institute of Standards and Technology (NIST)’s AI-Generated Cybersecurity Score
According to Rankiteo, National Institute of Standards and Technology (NIST)’s AI-generated cybersecurity score is 733, reflecting their Moderate security posture.
How many security badges does National Institute of Standards and Technology (NIST)’ have ?
According to Rankiteo, National Institute of Standards and Technology (NIST) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has National Institute of Standards and Technology (NIST) been affected by any supply chain cyber incidents ?
According to Rankiteo, National Institute of Standards and Technology (NIST) has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does National Institute of Standards and Technology (NIST) have SOC 2 Type 1 certification ?
According to Rankiteo, National Institute of Standards and Technology (NIST) is not certified under SOC 2 Type 1.
Does National Institute of Standards and Technology (NIST) have SOC 2 Type 2 certification ?
According to Rankiteo, National Institute of Standards and Technology (NIST) does not hold a SOC 2 Type 2 certification.
Does National Institute of Standards and Technology (NIST) comply with GDPR ?
According to Rankiteo, National Institute of Standards and Technology (NIST) is not listed as GDPR compliant.
Does National Institute of Standards and Technology (NIST) have PCI DSS certification ?
According to Rankiteo, National Institute of Standards and Technology (NIST) does not currently maintain PCI DSS compliance.
Does National Institute of Standards and Technology (NIST) comply with HIPAA ?
According to Rankiteo, National Institute of Standards and Technology (NIST) is not compliant with HIPAA regulations.
Does National Institute of Standards and Technology (NIST) have ISO 27001 certification ?
According to Rankiteo,National Institute of Standards and Technology (NIST) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST) operates primarily in the Research Services industry.
Number of Employees at National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST) employs approximately 4,906 people worldwide.
Subsidiaries Owned by National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST) presently has no subsidiaries across any sectors.
National Institute of Standards and Technology (NIST)’s LinkedIn Followers
National Institute of Standards and Technology (NIST)’s official LinkedIn profile has approximately 411,115 followers.
NAICS Classification of National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST) is classified under the NAICS code 5417, which corresponds to Scientific Research and Development Services.
National Institute of Standards and Technology (NIST)’s Presence on Crunchbase
No, National Institute of Standards and Technology (NIST) does not have a profile on Crunchbase.
National Institute of Standards and Technology (NIST)’s Presence on LinkedIn
Yes, National Institute of Standards and Technology (NIST) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/nist.
Cybersecurity Incidents Involving National Institute of Standards and Technology (NIST)
As of January 24, 2026, Rankiteo reports that National Institute of Standards and Technology (NIST) has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
National Institute of Standards and Technology (NIST) has an estimated 5,292 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at National Institute of Standards and Technology (NIST) ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Potential Layoffs at NIST Impacting US AI Safety Institute
Description: The National Institute of Standards and Technology (NIST) is facing potential layoffs that may significantly impact its operations, particularly the US AI Safety Institute. The layoffs are part of broader federal spending cuts directed by the Trump administration. If executed, these cuts could affect around 500 employees, including technical experts and directors. The move also signals a shift in policy, deprioritizing AI safety in favor of AI opportunity, which may undermine the institute's capability to ensure the safety and reliability of artificial intelligence technologies.
Type: Policy and Budget Cut Impact
Threat Actor: Trump Administration
Motivation: Deprioritizing AI safety in favor of AI opportunity
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Policy and Budget Cut Impact NIS000022125
Operational Impact: Significant impact on operations
Which entities were affected by each incident ?
Incident : Policy and Budget Cut Impact NIS000022125
Entity Name: National Institute of Standards and Technology
Entity Type: Government Agency
Industry: Technology and Standards
Location: United States
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Trump Administration.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=nist' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
