NIST Cybersecurity Framework

Developed by the U.S. National Institute of Standards and Technology (NIST), the framework was initially published in 2014 for critical infrastructure sectors but has since been widely adopted across various industries, including government and private enterprises globally.

The framework integrates existing standards, guidelines, and best practices to provide a structured approach to cybersecurity risk management.

The Core outlines five key cybersecurity functions—Identify, Protect, Detect, Respond, and Recover—each of which is further divided into specific categories and subcategories.

The most recent update, Version 2.0, was published in 2024, expanding the framework’s applicability and adding new guidance on cybersecurity governance and continuous improvement practices.

[4][5] According to a 2016 survey, 70% of organizations view the NIST Cybersecurity Framework as a best practice for computer security, though some have noted that implementation can require significant investment.

[6] The framework is designed to be flexible and adaptable, providing high-level guidance that allows individual organizations to determine the specifics of implementation based on their unique needs and risk profiles.

Version 1.1 retained compatibility with the original framework while introducing additional guidance on areas such as supply chain risk management.

[9] Organizations typically start by developing a "Current Profile" to describe their existing cybersecurity practices and outcomes.

Special Publications (SP) aside, most of the informative references requires a paid membership or purchase to access their respective guides.

"Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident."