United States of America: National Institute of Standards and Technology released control overlays for securing AI systems (SP 800-53)

On 14 August 2025, the National Institute of Standards and Technology (NIST) released the SP 800-53 Control Overlays for Securing AI Systems, presenting implementation-focused guidelines for organisations and developers to manage cybersecurity risks in artificial intelligence (AI) technologies by tailoring and applying the established SP 800-53 security and privacy controls to AI use cases. The document identifies five initial categories, including adapting and using generative AI through large language models, using and fine-tuning predictive AI, deploying AI agent systems in single-agent and multi-agent configurations, and applying security controls for AI developers. Each category focuses on protecting the confidentiality, integrity, and availability of model artefacts, training and test data, configuration settings, and outputs within enterprise infrastructures. The guidance draws on related NIST resources such as SP 800-218A on secure software development for generative AI, AI 100-2e2025 on adversarial machine learning, and Draft AI 800-1 on managing misuse risk for dual-use foundation models. The development of the overlays will proceed iteratively, starting with a public draft in early FY26.