The NIST Cybersecurity Framework provides a policy framework of computer security guidance. Learn about its five core functions.
NIST Cybersecurity Framework
The NIST (National Institute of Standards and Technology) Cybersecurity Framework is a voluntary framework that provides standards, guidelines, and best practices to manage cybersecurity risk.
Five Core Functions
1. Identify
- Develop organizational understanding of cybersecurity risk
- Asset management
- Business environment
- Governance and risk assessment
2. Protect
- Develop and implement safeguards
- Access control
- Data security
- Protective technology
3. Detect
- Define activities to identify cybersecurity events
- Anomalies and events detection
- Security continuous monitoring
4. Respond
- Develop response planning
- Communications
- Analysis and mitigation
- Improvements
5. Recover
- Develop recovery planning
- Improvements based on lessons learned
- Communications during recovery
Benefits
The framework is flexible, cost-effective, and can be used by organizations of any size or sector.