Back to glossary

NIST Cybersecurity Framework

A set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology.

AbbreviationNIST CSF
Categorysecurity

Overview

The NIST Cybersecurity Framework (CSF) is a voluntary framework consisting of standards, guidelines, and best practices to manage cybersecurity-related risk. It is designed to be flexible and cost-effective, helping organizations of all sizes.

The Five Core Functions

  1. Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
  2. Protect: Develop and implement appropriate safeguards to ensure delivery of critical services.
  3. Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
  4. Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
  5. Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.

Implementation Tiers

Help organizations communicate their current and desired cybersecurity risk management maturity.

Related Terms

Risk AssessmentIncident Response