NIST Cybersecurity Framework
What is NIST Cybersecurity Framework?
NIST Cybersecurity FrameworkA voluntary risk-based framework published by the U.S. National Institute of Standards and Technology that organizes cybersecurity outcomes into six core functions.
The NIST Cybersecurity Framework (NIST CSF) is a widely adopted, voluntary set of guidelines first issued in 2014 and substantially updated to version 2.0 in 2024. It organizes cybersecurity outcomes into six core functions — Govern, Identify, Protect, Detect, Respond, and Recover — each broken into categories and subcategories that reference established controls (NIST SP 800-53, ISO/IEC 27001, CIS Controls). The framework is sector-neutral and intended for organizations of any size to assess current state, define a target profile, and prioritize improvements. Although developed in the United States, it is used globally and frequently mapped against regional regulations.
● Examples
- 01
A hospital using CSF 2.0 to benchmark its cybersecurity programme against peers.
- 02
A vendor mapping its product capabilities to the Protect and Detect functions.
● Frequently asked questions
What is NIST Cybersecurity Framework?
A voluntary risk-based framework published by the U.S. National Institute of Standards and Technology that organizes cybersecurity outcomes into six core functions. It belongs to the Compliance & Frameworks category of cybersecurity.
What does NIST Cybersecurity Framework mean?
A voluntary risk-based framework published by the U.S. National Institute of Standards and Technology that organizes cybersecurity outcomes into six core functions.
How do you defend against NIST Cybersecurity Framework?
Defences for NIST Cybersecurity Framework typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for NIST Cybersecurity Framework?
Common alternative names include: NIST CSF, Cybersecurity Framework.