The National Cybersecurity Center of Excellence (NCCoE) laid out plans Wednesday to study identity and authorization for software agents and improve operational technology (OT) cybersecurity asset management, according to a new planning document.
The initiatives are part of the center’s 2026 priorities, structured around four pillars: data protection, trusted enterprise, artificial intelligence (AI), and resilient embedded systems.
“As AI agents are empowered to take on more tasks, enterprises need reliable ways to verify their identity and authorizations,” NCCoE said about its agentic project. “Based on stakeholder input, the NCCoE is interested in launching a technology demonstration project to demonstrate how identity standards and best practices can be applied to software agents, with a focus on agentic AI applications.”
The NCCoE team working on the agentic AI effort will eventually publish a concept paper and solicit community input on the scope of potential future projects, the center said.
For its OT asset management project, NCCoE said it plans to launch a technology demonstration to develop guidelines for achieving and maintaining OT cybersecurity, starting with asset management.
“Effective asset management – maintaining accurate tracking of devices, systems, and their configurations – is a critical foundation for cybersecurity,” NCCoE said. “Asset management within OT networks can be particularly challenging due to multiple factors: legacy system limitations, geographically distributed assets, diverse communication protocols and architectures, and operational constraints.”
“This complexity makes it more difficult for organizations to assess risk and adopt modern security controls, like zero trust,” the center continued.
The effort aims to help organizations build a stronger foundation for OT-specific risk assessments and implementation of modern security controls, NCCoE said.
In 2026, NCCoE plans to release a project description for public comment and invite collaborators to participate.
The center is also wrapping up several projects this year and expects to publish an initial draft of guidelines to help manufacturers respond to and recover from cyberattacks, a special NIST publication on data classification practices for unstructured data, guidelines on securing genomic data, and information on how to reduce ransomware incidents.