NIST Cybersecurity Framework (CSF)

The NIST Cybersecurity Framework (CSF) 2.0 offers a common language to assess and improve an organization's cybersecurity posture. It is widely adopted in the United States and serves as a reference for many sectors, including healthcare (NIST 800-66) and critical infrastructure.

The five functions

Identify: understand assets, risks and context.

Protect: implement safeguards.

Detect: monitor and detect security events.

Respond: act on detected incidents.

Recover: restore capabilities and learn lessons.

Common NIST complements

NIST SP 800-53 for detailed controls; NIST SP 800-171 for CUI protection at contractors; NIST SP 800-172 for enhanced requirements. The CSF often serves as a governance layer above these technical publications.

Request a free assessment ← All standards