The U.S. National Institute of Standards and Technology (NIST) released Special Publication 800-238, the FY 2025 Annual Report for its Cybersecurity and Privacy Program, outlining emerging security and privacy challenges during fiscal year 2025, spanning Oct. 1, 2024, through Sept. 30, 2025. The publication highlights research, standards development, and practical cybersecurity initiatives across several priority areas, including cryptography, cybersecurity and AI, education and workforce development, hardware and software security, infrastructure security, and risk management.
The agency also details ongoing efforts to strengthen software and supply chain cybersecurity, advance IoT cybersecurity guidelines, support projects led by the National Cybersecurity Center of Excellence (NCCoE), launch a new comment site for NIST’s Risk Management Framework, introduce a Phish Scale, and expand work in identity and access management.
“Amid evolving threats, rapid technological advancements, and an increasingly intricate global ecosystem, our cybersecurity and privacy NIST colleagues and external partners, including collaborations at the NIST National Cybersecurity…
