The National Institute of Standards and Technology (NIST), established in 1901, serves as a non-regulatory federal agency within the U.S. Department of Commerce. For grant professionals and nonprofit leaders, NIST's work has become increasingly relevant—particularly as artificial intelligence (AI) governance, cybersecurity, and data management standards reshape how organizations operate and how they report to funders. Understanding how NIST develops standards and learning how to contribute your nonprofit's perspective to these processes can give your organization a competitive advantage and position you as a thought leader in your field.
NIST's significance lies not merely in U.S. domestic policy but in its global influence. NIST standards often become de facto international benchmarks. When you contribute to NIST standards development, you're influencing frameworks that international funders, corporate partners, and regulators will reference for years to come. For nonprofits, this means your voice in the standards-setting process today shapes the compliance landscape your organization will navigate tomorrow.
NIST's formal mandate is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life." This mission translates into four core responsibilities: advancing measurement science, facilitating standards development, conducting research, and providing technical assistance to industry and government.
For nonprofit professionals, NIST functions as both a technical resource and a democratic forum. NIST publishes guidance documents, special publications, and frameworks that organizations use to understand regulatory requirements and implement best practices. Crucially, NIST operates through a consensus-based process where stakeholders—including nonprofit representatives—can formally contribute to standards development. This distinguishes NIST from purely regulatory bodies that impose rules unilaterally.
NIST is a non-regulatory standards body that develops frameworks through democratic, stakeholder-inclusive processes. Nonprofit professionals can influence these frameworks by participating in public comment periods, joining working groups, and submitting research or expertise to inform NIST guidance.
Released in January 2023, the NIST AI Risk Management Framework (AI RMF) represents one of the most significant recent initiatives affecting nonprofit organizations. Unlike strict regulations, the framework provides a flexible, consensus-based approach to managing AI risks across the lifecycle of AI systems—from design and development through deployment and monitoring.
The AI RMF addresses four core functions: Govern (establish organizational policies and accountability for AI), Map (understand risks and impacts), Measure (assess and monitor AI performance), and Manage (implement risk mitigation strategies). For nonprofits deploying AI—whether in grant management systems, donor analytics, or program evaluation—the framework provides a structured methodology for risk assessment and mitigation.
What's particularly important for grant professionals is that major funders increasingly reference the AI RMF in their grant requirements and funding announcements. Foundations and government agencies expect nonprofits to demonstrate responsible AI practices aligned with frameworks like NIST's. Understanding the framework positions your organization to respond effectively to funder requirements and demonstrates governance maturity.
The NIST Cybersecurity Framework (CSF), first released in 2014 and updated in 2022, provides a structured approach to managing cybersecurity risks. The framework organizes cybersecurity functions into five core categories: Identify, Protect, Detect, Respond, and Recover. Each category contains multiple functions and specific outcomes that organizations should target.
As AI becomes integrated into nonprofit operations—from donor relationship management systems to program evaluation tools—the CSF helps organizations ensure their AI systems are secure. NIST's guidance on cybersecurity in AI systems addresses unique challenges like model poisoning, adversarial attacks, and data privacy risks inherent in AI systems. For nonprofits responsible for sensitive beneficiary data or donor information, understanding how to apply the CSF to AI systems is no longer optional—it's a fundamental governance responsibility.
NIST follows a rigorous, transparent process for developing standards and frameworks. Understanding this process is essential if you want to contribute meaningfully. The typical NIST standards development process involves several phases:
When NIST announces a public comment period on a framework relevant to your nonprofit's work, designate a staff member or volunteer to review the draft and submit formal comments. Include specific examples from your nonprofit's context, highlighting gaps or challenges the framework should address. NIST explicitly values input from nonprofit and mission-driven organizations.
Public comment periods are the most accessible entry point for nonprofits to influence NIST standards. When NIST opens a comment period, anyone can submit written comments addressing specific aspects of the draft standard. These comments become part of the public record and directly inform NIST's revision process.
To participate effectively in public comment periods: (1) Review the draft standard thoroughly, noting specific sections relevant to your organization; (2) Identify gaps, inconsistencies, or challenges from your nonprofit's perspective; (3) Write clear, evidence-based comments that reference specific sections and propose concrete revisions; (4) Submit comments before the deadline through NIST's comment portal; (5) Consider coordinating with peer organizations to submit coordinated comments from your sector.
Established in 2023, the NIST AI Safety Institute works to advance safe, secure, and trustworthy AI through research, standards development, and guidance. The institute focuses on AI safety evaluation, measurement science for AI, and governance frameworks. For nonprofits, the institute's work on AI safety in mission-critical applications—including nonprofit program evaluation and beneficiary services—offers valuable resources.
NIST also operates centers of excellence in various technology domains, bringing together researchers, industry partners, and practitioners to advance standards and best practices. Nonprofits can partner with these centers through research collaborations, case studies, or participation in pilot programs testing new standards and guidance.
Beyond public comments, professionals can join NIST working groups and technical committees. These groups typically meet regularly (monthly or quarterly) to discuss draft standards, review research, and develop guidance. Participation in these groups requires more commitment than submitting comments but offers deeper influence over standards development.
Working groups are typically open to anyone with relevant expertise, though NIST may require participants to attend meetings regularly and contribute substantively to discussions. For grant professionals, working groups focused on AI governance, evaluation frameworks, and nonprofit compliance standards offer particularly valuable opportunities.
NIST actively seeks research contributions from external researchers, practitioners, and organizations. If your nonprofit conducts research relevant to NIST's mission—such as studies on AI fairness in nonprofit program evaluation or cybersecurity approaches in resource-constrained environments—you can propose research partnerships or contribute research findings to inform NIST standards development.
Additionally, NIST publishes case studies highlighting how organizations implement NIST standards and frameworks. Offering your nonprofit as a case study demonstrates thought leadership while contributing to NIST's body of implementation evidence. This visibility also enhances your organization's reputation with funders and peers.
NIST publishes several types of documents that nonprofits should monitor: (1) Standards (FIPS—Federal Information Processing Standards)—mandatory for federal systems, often adopted voluntarily by nonprofits; (2) Special Publications (SP 800 series)—detailed technical guidance; (3) Technical Notes—preliminary research and guidance; (4) Interagency or Interorganizational Reports (NISTIR)—collaborative research findings; (5) Framework and Roadmap documents—high-level guidance on emerging technology areas.
Subscribing to NIST's mailing lists for topics relevant to your organization ensures you stay informed about new publications and comment period announcements. NIST's website also provides RSS feeds for specific topic areas.
NIST standards have direct and indirect impacts on nonprofit operations. Directly, if your nonprofit contracts with the federal government or serves as a federal grantee, you may be required to implement specific NIST standards for cybersecurity, data management, or AI governance. Indirectly, major corporate partners, foundations, and international organizations increasingly align their requirements with NIST frameworks, making these standards de facto expectations across the sector.
Understanding NIST standards positions your nonprofit to respond proactively to these requirements, reducing compliance costs and demonstrating governance maturity to funders and partners. Organizations that understand and have implemented NIST guidance before it becomes mandatory enjoy competitive advantages in grant applications and partnership negotiations.
Don't assume NIST standards apply only if your nonprofit is federally funded. Many foundations and corporate partners now reference NIST frameworks in their grant requirements. Review your funder base and partnership agreements to identify which NIST standards are already relevant to your organization.
To stay current with NIST's work: (1) Subscribe to NIST newsletters and mailing lists for your areas of interest; (2) Follow NIST's social media accounts and official announcements; (3) Attend webinars and public meetings NIST hosts on standards development; (4) Join professional associations (covered in the next lesson) that track NIST developments and alert members to significant developments; (5) Regularly review NIST.gov for new publications and guidance.
NIST publishes an annual roadmap for upcoming standards development initiatives. Reviewing this roadmap annually helps you anticipate which standards will become relevant to your organization in the coming years, allowing you to prepare proactively.
For grant professionals and nonprofit leaders, participating in NIST standards development is no longer a nice-to-have activity for large organizations with dedicated compliance teams. As AI, cybersecurity, and data governance become central to nonprofit operations and funder expectations, understanding how standards are developed and contributing your sector's voice to these processes becomes a strategic imperative.
Your nonprofit's participation signals to NIST that nonprofit perspectives matter in standards development. It also positions your organization as a thought leader in your field, enhancing your credibility with funders, partners, and peers. Even small nonprofits can make meaningful contributions by participating in public comment periods on standards relevant to their work.
In your role as a grant professional, you're uniquely positioned to understand both the technical requirements of AI systems and the mission-driven constraints and opportunities of nonprofit work. This dual perspective is precisely what NIST needs to develop standards that work for the diverse organizations that adopt them.
Continue building your expertise in AI governance, standards, and nonprofit leadership with the CAGP Level 5 certification program.
Explore the Program