NIST Cybersecurity Framework (CSF)
The NIST Cybersecurity Framework (CSF) 2.0 offers a common language to assess and improve an organization's cybersecurity posture. It is widely adopted in the United States and serves as a reference for many sectors, including healthcare (NIST 800-66) and critical infrastructure.
The five functions
Identify: understand assets, risks and context.
Protect: implement safeguards.
Detect: monitor and detect security events.
Respond: act on detected incidents.
Recover: restore capabilities and learn lessons.
Common NIST complements
NIST SP 800-53 for detailed controls; NIST SP 800-171 for CUI protection at contractors; NIST SP 800-172 for enhanced requirements. The CSF often serves as a governance layer above these technical publications.