Review the Draft Transit Cybersecurity Framework Community Profile

APTA hosted a webinar with speakers from the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) and MITRE, Feb. 5, to present a draft Transit Cybersecurity Framework (CSF) Community Profile. The document is the product of a structured, community-driven process convened through the NCCoE and informed by federal agencies, industry organizations, and a broad cross-section of small, medium, and large transit agencies across the United States.

The document also facilitates the implementation of NIST CSF 2.0 to address the growing cybersecurity challenges faced by public transit agencies. It aligns with sector priorities and industry best practices, and serves as a resource to prioritize cybersecurity activities and outcomes.

In his introduction, CheeYee Tang with NIST NCCoE explained, “The Profile is risk-based and its use is voluntary. It is intended to complement, not replace, any existing cybersecurity programs, standards, or regulatory obligations that transit agencies already follow.”

Eileen Division of MITRE emphasized, “The Profile is designed to help navigate the CSF in a transit context: what cybersecurity outcomes should be prioritized, why it matters to transit, how you might implement it, and where to go for more detailed guidance.”

The draft Community Profile is open for review and comments through Feb. 23.