The Cybersecurity Framework (CSF) is a set of cybersecurity best practices and recommendations from the National Institute of Standards and Technology (NIST). The CSF makes it easier to understand cyber risks and improve your defenses. Organizations around the world use it to make better risk-based investment decisions.
Founded in 1901, NIST is an agency of the U.S. Department of Commerce. It advances measurement science, standards, and technology to improve our quality of life. NIST has provided important computer security guidance for many decades.
There are many cyber best practices available, but they are long and difficult to understand. The CSF makes cyber-risk management easier, so that you can take the right action right away. It also simplifies the language of cybersecurity so that everyone can understand--both inside and outside your organization.
The CSF uses a simple structure with just five key functions: Identify, Protect, Detect, Respond, and Recover. Each function uses clear, outcome-based language without extensive technical detail. The CSF also outlines a simple process to help improve your cybersecurity program.
No, the CSF is not a compliance mandate. It is a voluntary, flexible framework available for everyone to use and customize to their unique needs.
The NIST CSF was originally intended for use by critical infrastructure sectors like healthcare, utilities, and manufacturers. That's why its official title is the Framework for Improving Critical Infrastructure Cybersecurity. But organizations of all sizes, all around the world have recognized its value and adopted the framework.
The Identify function helps you to develop an overall risk management approach to cybersecurity. It helps you understand your critical assets, business environment, governance model, and supply chain.
Protect helps you put important defensive controls in place based on your critical assets, risk tolerance, and other input from the Identify function. Protect highlights the importance of managing identities, securing access, protecting data, and training users.
When you are under attack, you may not always know right away. The Detect function shortens the time to discovery by spotting anomalies, investigating events, continuously monitoring, and other detection processes.
When you know you are under attack, you have to act fast. Respond helps you take the right action immediately through incident response planning, analysis, mitigation, communication, and ongoing improvement.
And once you have stopped the attack, you need to get back to normal. The Recover function helps you restore operations through recovery planning, continuous improvement, and communications.