Search Icon White
digital transformation

From Cannabis to Nucleic Acid Synthesis, Standardization Supports Security and Risk Management Across Industries


New NIST public-private partnership, recently-published standards, and long-standing guidelines all contribute to safety and security

NIST Partnership for Screening and Safety Tools in Synthetic Biology and AI

The National Institute of Standards and Technology (NIST) has announced a two-year cooperative research agreement with the Engineering Biology Research Consortium (EBRC) to develop screening and safety tools that defend against potential misuse of artificial intelligence (AI) related to nucleic acid synthesis.

The collaboration was initiated by NIST as part of the implementation of the recent Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence.

“This agreement is the first step toward promoting safe research in engineering biology as tasked to NIST under the recent AI executive order,” said Under Secretary of Commerce for Standards and Technology and NIST director Laurie E. Locascio. “The promise of this technology is immense, but clearly safeguards are needed to protect the public, and this is an important first step toward creating them.”

Nucleic acid synthesis is a growing field of synthetic biology. Researchers have used synthetic nucleic acids to achieve groundbreaking biotechnology innovations, including new drugs and therapies. However, the growing availability and ease of synthesizing nucleic acids has raised safety concerns. particularly given advances in AI, that could pose risks to the public, environment, and national security.

NIST will work with EBRC to develop best practices and policies, and the necessary infrastructure, for public safety in the synthesis of nucleic acids. To accomplish this, the organizations will solicit input from industry, universities, government agencies, and other relevant stakeholders.

Improved Security, Thanks to Standards

Standards promote security and facilitate risk management across a wide range of industries. As just a few examples:


A recent American National Standard (ANS) published by ASIS International guides cannabis security, providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. ASIS-CAN 2024 is aligned with the enterprise security risk management (ESRM) approach, taking a holistic perspective and offering comprehensive security program guidance; Physical Protection Systems (PPS) requirements; exceeded jurisdictional compliance (in some instances); and mitigation strategies.

Medical Devices

The Association for the Advancement of Medical Instrumentation (AAMI) offers a number of standards on guidance methods to perform information security risk management for medical devices, as well as methods to perform post-market security risk management for medical devices. They include ANS ANSI/AAMI SW96, Standard for medical device security - Security risk management for device manufacturers, as well as AAMI TIR57, Principles For Medical Device Security - Risk Management, and AAMI TIR97, Principles For Medical Device Security - Postmarket Risk Management For Device Manufacturers.

Industrial Gas Facilities

Published by the Compressed Gas Association (CGA), CGA P-50, Standard for Site Security, provides instruction to the industrial gas industry for assessing security risks and identifying and implementing preventive security measures at fixed sites. This resource, now in its fourth edition, helps managers at individual facilities make security decisions based on risk.

Sensitive Data

ISO/IEC 27001 / ISO/IEC 27005, Information Security Management and Risk Set, is a set of standards that provides guidance on establishing, implementing, maintaining, and continually improving an information security management system to protect an organization’s data. The standards in this package also offer guidance on managing information security risks. They were developed by the International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) Joint Technical Committee (JTC) 1Subcommittee (SC) 27Information security, cybersecurity and privacy protection. ANSI holds the secretariat to JTC 1.

Find more standards that mitigate risk in the ANSI webstore.


Jana Zabinski

Senior Director, Communications & Public Relations


[email protected]

Beth Goodbaum

Journalist/Communications Specialist


[email protected]