The NIST Cybersecurity Framework (also known as NIST CSF), is a set of guidelines designed to help organizations assess and improve their preparedness against cybersecurity threats. Developed in 2014 by the U.S. National Institute of Standards and Technology, the framework has been adopted by cyber security professionals and organizations around the world. The NIST framework has provided a basis for communication and understanding of cybersecurity principles between organizations, both in the private sector and public, such as governments. The framework, which is publicly available online for free, provides recommendations of existing cybersecurity standards and actions that organizations can take to mitigate cybersecurity risk.
The NIST CSF is made up of three overarching components: the CSF Core, CSF Organizational Profiles, and CSF Tiers. The CSF Core is divided into six functions, each focused on maximizing cybersecurity preparedness, improving communication, and mitigating risk. The six CSF Core functions include: Govern, Identify, Protect, Detect, Respond, and Recover. These six core functions are then further broken down into subcategories. The CSF Organizational Profiles provide guidance on how organizations can assess themselves in terms of the CSF Core and where their cybersecurity practices can be improved and implemented. The CSF Tiers characterize and evaluate an organization's cybersecurity readiness and ability to mitigate risks. The CSF Tiers are helpful for organizations to know what level of cybersecurity protection they have in place and the processes behind the protection.
After its publishment in 2014, the NIST CSF has been updated to reflect the most current cybersecurity practices. Among these updates is version 1.1, which was released in 2018. In version 1.1, changes were made to the framework to include supply chain risk management and new self-assessment processes. The current version of the NIST CSF is version 2.0, which was released in 2024. This current version introduced a new function to the CSF Core: Govern. Version 2.0 also increased the scope of the NIST CSF framework and its applicability to smaller organizations. Improvements to the framework language were also made, increasing its readability for non-technical audiences.
The NIST Cybersecurity Framework is used internationally by organizations of varying sizes and sectors. Available for free to implement, NIST CSF sets cybersecurity guidelines and best practices for organizations to increase their defense against cyber threats and prepare for future risks.
View More On Wikipedia.org