NIST (National Institute of Standards and Technology)

NIST provides authoritative guidance on cybersecurity that forms the foundation for many organizational security programs and compliance frameworks.

Why it matters

• NIST frameworks are often required for U.S. federal contractors.
• Many compliance frameworks (FedRAMP, CMMC, StateRAMP) build on NIST standards.
• NIST guidelines represent security best practices recognized worldwide.
• Following NIST demonstrates due diligence for legal and regulatory purposes.

Key NIST publications

• NIST Cybersecurity Framework (CSF): Risk-based approach organized into Identify, Protect, Detect, Respond, Recover functions.
• NIST SP 800-53: Comprehensive catalog of security controls for federal systems.
• NIST SP 800-171: Protecting Controlled Unclassified Information (CUI) in non-federal systems.
• NIST SP 800-63: Digital identity guidelines covering authentication assurance levels.
• NIST SP 800-37: Risk Management Framework (RMF) for information systems.

NIST CSF 2.0 functions

1. Govern: Establish cybersecurity risk management strategy and oversight.
2. Identify: Understand assets, risks, and vulnerabilities.
3. Protect: Implement safeguards to limit impact.
4. Detect: Discover cybersecurity events quickly.
5. Respond: Take action during incidents.
6. Recover: Restore capabilities after incidents.

Getting started

• Assess current state against the CSF framework.
• Identify gaps and prioritize based on risk.
• Develop target profiles for desired security posture.
• Create action plans with measurable milestones.
• Regularly review and update as threats evolve.