Estimated reading: 2 minutes 1552 views

The NIST Cybersecurity Framework is a set of guidelines published by the US National Institute of Standards and Technology (NIST) for mitigating organizational cybersecurity risks.

INIST is divided into five (5) domains:

  1. The Identify domain assists in developing an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.
  2. The Protect Function outlines appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.
  3. The Detect Function defines the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events.
  4. The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.
  5. The Recover Function identifies appropriate activities to maintain plans for resilience and restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact of a cybersecurity incident.

These five NIST functions all work concurrently and continuously to form the foundation on which other essential elements can be built for successful, high-profile cybersecurity risk management.

 These five NIST functions all work concurrently and continuously to form the foundation where other essential elements can be built for successful high-profile cybersecurity risk management.

Simply, no. 

NIST does not offer certifications or endorsements of Cybersecurity Framework implementations or Cybersecurity Framework-related products or services. CSF is intended to provide guidance only! The main goal is to encourage organizations to make cybersecurity risks a priority.

NIST CSF is a subset of NIST 800-53 and is a common choice for smaller organizations that need a set of “industry-recognized” best practices.

NIST 800-53 on the other hand, is mostly applicable to any organization and even private businesses dealing with the US federal government.

NIST SP 800-53 has over 800 controls and has helped spur the development of information security frameworks, including the NIST CSF.

Join the conversation

You might also be interested in

Defining roles and responsibilities effectively

In today’s dynamic business landscape, clearly defined roles and responsibilities are the cornerstones of...

Corrective Control – Building a resilient security posture

By implementing these three types of controls in a balanced manner, organizations can not...

Who is a third-party vendor, a subprocessor and a third-party supplier?

These three terms are often used interchangeably, but, are so very different. Highlighting the...

Define your SOC 2 audit scope

Define your SOC 2 Audit Scope - The scope sets the boundaries of the...

The role of Board of Directors in SOC 2 compliance: necessity or strategic advantage?

The SOC 2 COSO Principle 2 addresses the roles and expectations of the BoD...

Use TrustCloud to accelerate NIST 800-171 readiness and self-attest

Use TrustCloud to accelerate NIST 800-171 readiness and self-attest as it comes with built-in...

SOC 2 Program Checklist

Checklist for a successful SOC 2 Type 2 Preparation...

Are the terms of service the same as the master service agreement?

Master Service Agreement (MSA) and Terms of Service (ToS) are two distinct legal documents...