Skip to main content
Back to Blog
Policy

NIST Just Validated the Gap OSSA Was Built to Fill

Thomas Scola
6 min read

NIST Just Validated the Gap OSSA Was Built to Fill

In February 2026, the National Institute of Standards and Technology did something unprecedented. They launched not one, not two, but three parallel initiatives targeting AI agent standards:

  1. CAISI RFI (Docket NIST-2025-0035) — a formal Request for Information on AI agent safety and security, with a March 9, 2026 response deadline
  2. NCCoE AI Agent Identity Program — a National Cybersecurity Center of Excellence effort focused on agent identity and authentication, with responses due April 2, 2026
  3. AI Agent Standards Initiative — a broader coordination effort to harmonize agent-related standards across federal agencies

This is not exploratory research. This is the US government declaring that AI agent standards are a matter of national priority — and mobilizing its most respected standards body to address it.

And the gap they identified? It's the exact gap OSSA was built to fill.

The Four-Layer Stack

To understand the gap, you need to understand the stack. The agentic AI ecosystem is converging on four layers, each with a distinct purpose:

LayerStandardWhat It DoesWhat It Doesn't Do
ContractOSSADefines what an agent IS — identity, capabilities, trust boundaries, governanceDoes not handle tool-level communication or agent-to-agent messaging
Agent-to-AgentA2A (Google)Enables agents to discover and communicate with each otherDoes not define agent identity, trust policies, or governance constraints
Tool IntegrationMCP (Anthropic)Connects agents to tools, data sources, and external servicesDoes not define who the agent is or what it's allowed to do
RepositoryAGENTS.md (OpenAI)Declares agent capabilities in code repositoriesDoes not provide machine-readable contracts, cryptographic identity, or policy enforcement

Every layer below the contract layer is a communication mechanism. MCP tells agents how to use tools. A2A tells agents how to talk to each other. AGENTS.md tells IDEs what agents exist in a repo.

But none of them answer the fundamental questions: Who is this agent? What is it allowed to do? Who is accountable when it acts? How do I verify its claims?

That's the contract layer. That's OSSA.

What NIST Identified

The CAISI RFI asks precisely the questions that expose the contract layer gap:

  • "What are the most critical AI safety and security challenges?" — Agent identity is unsolved. Research documents 16 distinct threat scenarios in MCP alone and 6,487 malicious tools targeting agent ecosystems.

  • "What standards or frameworks should be developed?" — A vendor-neutral agent contract specification. Like OpenAPI for REST APIs, but for agents.

  • "How should AI agent identity be established?" — W3C DID-based Global Agent IDs, cryptographic attestation, verifiable discovery endpoints.

  • "What authentication and authorization mechanisms?" — Pre-authorization policies evaluated before execution. Not just "can this agent authenticate?" but "should this agent be allowed to perform this specific action?"

  • "How should AI systems be monitored?" — OpenTelemetry semantic conventions for agent tracing, security event logging, full execution traceability.

  • "How to secure the AI supply chain?" — SBOM integration, signed manifests, OSCAL component mapping to NIST SP 800-53 controls.

Every single question maps to a capability that OSSA already implements.

How OSSA Fills the Gap

Agent Identity (GAID)

OSSA defines the Global Agent ID (GAID) — a W3C DID Core 1.0 compliant identifier that gives every agent a verifiable, globally unique identity. Combined with cryptographic x-signature attestation (Ed25519, ECDSA, JWT, or Verifiable Credentials), GAIDs provide the identity foundation that NIST's NCCoE program is specifically investigating.

# OSSA Manifest — Identity
ossa_version: "0.4.2"
agent_id: "urn:ossa:agent:acme:document-processor:1.0"
x-signature:
  type: ed25519
  public_key: "MCowBQYDK2VwAyEA..."
  signature: "base64-encoded-signature"

Pre-Authorization (Cedar)

OSSA embeds Cedar authorization policies directly in the agent manifest. These Attribute-Based Access Control (ABAC) policies are evaluated at the transport layer — before the LLM ever receives context or attempts to execute a tool. This is the zero-trust architecture NIST calls for.

# OSSA Manifest — Trust Boundaries
trust_boundaries:
  autonomy_mode: supervised
  allowed_actions:
    - document.read
    - document.summarize
  blocked_actions:
    - system.execute
    - network.external
  network_constraints:
    allowed_domains:
      - "*.internal.acme.com"
    blocked_domains:
      - "*"

Observability (OpenTelemetry)

OSSA mandates OpenTelemetry semantic conventions for agent tracing. Every agent action — attempted, completed, blocked, or failed — is captured with structured telemetry including session IDs, interaction IDs, cost tracking, and token usage. Security events like prompt_injection.detected and action.blocked enable the monitoring NIST describes.

Supply Chain (SBOM + OSCAL)

OSSA integrates CycloneDX/SPDX SBOMs and OSCAL component definitions directly into the agent manifest. The sbom_pointer field links to CI-generated and validated software bills of materials, while OSCAL mappings connect agent capabilities to specific NIST SP 800-53 controls.

# OSSA Manifest — Supply Chain
compliance:
  sbom_pointer: "./sbom.cyclonedx.json"
  oscal_component: "./oscal-component.json"
  frameworks:
    - nist-sp-800-53-rev5
    - fedramp-moderate

The Agentic AI Foundation Validates the Need

In January 2026, OpenAI, Anthropic, and Block co-founded the Agentic AI Foundation (AAIF) under the Linux Foundation. Supporting members include Google, Microsoft, AWS, Bloomberg, and Cloudflare.

AAIF hosts three projects: MCP (tool integration), AGENTS.md (repository declarations), and Goose (open-source agent framework). All three address important problems. None of them address the contract layer.

This is not a criticism — it's a structural observation. MCP is to agents what HTTP is to the web: essential infrastructure for moving data. But HTTP didn't make the web useful on its own. You needed HTML (content structure), DNS (discovery), and TLS (trust). The agent stack has the same layering needs:

  • MCP = transport (how agents talk to tools)
  • A2A = routing (how agents find each other)
  • OSSA = contract (what agents are and what they're allowed to do)
  • DUADP = discovery (where agents are registered and verified)

AAIF's existence validates the market need. OSSA provides the layer AAIF's projects don't cover.

The Timeline

Two critical deadlines are approaching:

March 9, 2026 — CAISI RFI Response Deadline

The formal response window for Docket NIST-2025-0035 closes at 11:59 PM Eastern. We have submitted our formal comment addressing all four CAISI priority areas with production-ready implementations.

April 2, 2026 — NCCoE AI Agent Identity

The NCCoE program specifically focused on agent identity and authentication opens for formal engagement. This aligns directly with DUADP — our Universal Agent Discovery Protocol — which provides federated agent registration, GAID-based identity, and trust verification.

NIST is building reference architectures. The organizations that contribute implementations — not just position papers — will shape the standards that emerge.

Why This Matters

The agent market is growing at 46% CAGR, projected to reach $52B by 2030 (from $7.8B in 2026). Gartner reports a 1,445% surge in multi-agent system inquiries. 65% of organizations have already launched agent pilots.

Every month without a contract layer means:

  • More proprietary lock-in — agents built on one vendor's stack can't interoperate with another's
  • More security incidents — agents without verifiable identity and pre-authorization are attack surfaces
  • More compliance risk — enterprises deploying agents without governance frameworks are accumulating regulatory debt
  • More technical debt — architectures built without standards will be painful to retrofit

NIST's involvement changes the calculus. Agent standards are not a "nice to have" — they are becoming a prerequisite for enterprise and government deployment. The organizations and projects that contribute to shaping those standards now will have structural advantages for years to come.

What You Can Do

  1. Read our NIST alignment page — detailed mapping of OSSA to every CAISI priority area
  2. Explore the OSSA specification — the full contract specification with schema explorer
  3. Try DUADP discovery — live federated agent discovery with 65+ registered resources
  4. Review our research — peer-reviewed evidence underpinning our approach
  5. Contribute — OSSA is open source. The standard is shaped by those who show up.

The US government just validated the gap. We built the bridge. Now we need the community to help us make it the standard.

NISTCAISIStandardsOSSAMCPA2AAGENTS.mdNCCoECedarDUADP
Back to All Posts