NIST Framework

TECHNICAL DEFINITION

The NIST Cybersecurity Framework (CSF) is a risk management framework developed by the U.S. National Institute of Standards and Technology (NIST) providing standards and guidelines for private and public sector organizations to manage cybersecurity risk. The framework's core comprises five functions—Identify, Protect, Detect, Respond, and Recover—which are used to organize and prioritize actions for improving cybersecurity posture and resilience.

BACKGROUND

The NIST Cybersecurity Framework, is a set of guidelines designed to help organizations assess and improve their preparedness against cybersecurity threats. Developed in 2014 by the U.S. National Institute of Standards and Technology, the framework has been adopted by cyber security professionals and organizations around the world. The NIST framework has provided a basis for communication and understanding of cybersecurity principles between organizations, both in the private sector and public, such as governments. The framework, which is publicly available online for free, provides recommendations of existing cybersecurity standards and actions that organizations can take to mitigate cybersecurity risk.

SYNONYMS & ALIASES

• NIST Cybersecurity Framework
• NIST CSF
• Cybersecurity Framework
• The Framework
• NIST Guidelines
• Framework for Improving Critical Infrastructure Cybersecurity

USAGE NOTE

It is widely used as a benchmark for assessing an organization's cybersecurity maturity, even though its adoption is voluntary for most private companies.

DEVELOPERS

Organizations developing technology related to NIST Framework.

• National Institute of Standards and Technology (NIST)

  A U.S. government agency that created and maintains the Cybersecurity Framework (CSF). NIST develops the standards, guidelines, and best practices that form the core of the framework used by organizations to manage cybersecurity risk.

• Tenable

  Develops vulnerability management and cyber exposure platforms like Tenable.io and Nessus. Their solutions help organizations assess, manage, and measure their cyber risk by mapping vulnerabilities and security configurations directly to the controls within the NIST Cybersecurity Framework.

• Palo Alto Networks

  Provides a comprehensive security platform, including next-generation firewalls and the Cortex XDR solution, that helps organizations implement the technical controls outlined in the NIST CSF's 'Protect', 'Detect', and 'Respond' functions.

• CrowdStrike

  Offers a cloud-native endpoint protection platform, Falcon, which provides endpoint detection and response (EDR), threat intelligence, and managed threat hunting. These services are critical for organizations seeking to align with the 'Detect' and 'Respond' capabilities of the NIST CSF.

• Splunk

  A data platform provider whose Security Information and Event Management (SIEM) solutions are widely used for security monitoring and analytics. Splunk enables organizations to collect and analyze machine data to detect and respond to threats in alignment with the NIST CSF.

• ServiceNow

  Provides a cloud-based platform for workflow automation, including a specific Governance, Risk, and Compliance (GRC) module. This technology helps organizations manage, monitor, and report on their compliance with the NIST Cybersecurity Framework by automating control testing and risk assessment processes.

• Rapid7

  Offers security solutions through its Insight platform, including vulnerability management (InsightVM) and SIEM (InsightIDR). These tools are used to operationalize the NIST CSF by identifying assets, detecting threats, and enabling rapid response to security incidents.

• Microsoft

  Develops a suite of security and compliance tools, such as Microsoft Purview and Microsoft Sentinel. These products help organizations using Azure and Microsoft 365 assess and manage their adherence to the NIST CSF through compliance templates, automated assessments, and integrated security controls.