Compliance & Frameworks
NIST Cybersecurity Framework
Also known as: NIST CSF, Cybersecurity Framework
Definition
A voluntary risk-based framework published by the U.S. National Institute of Standards and Technology that organizes cybersecurity outcomes into six core functions.
Examples
- A hospital using CSF 2.0 to benchmark its cybersecurity programme against peers.
- A vendor mapping its product capabilities to the Protect and Detect functions.
Related terms
NIST SP 800-53
A NIST publication providing a comprehensive catalog of security and privacy controls for U.S. federal information systems and many private-sector adopters.
NIST Risk Management Framework
NIST Risk Management Framework — definition coming soon.
ISO/IEC 27001
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
CIS Controls
A prioritized set of best-practice cybersecurity safeguards maintained by the Center for Internet Security to defend against the most common cyberattacks.
Security Controls
Safeguards or countermeasures — technical, administrative, or physical — used to prevent, detect, or respond to threats against information assets.
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.