CyberSecurity FAQ - What is the NIST cybersecurity framework?

The NIST Framework for Improving Critical Infrastructure, commonly referred to as the NIST cybersecurity framework, is a cybersecurity process framework first published by National Institute of Standards and Technology (NIST) in February 2014.

The NIST cybersecurity framework was created through collaboration between U.S. government and industry, and is voluntary guidance for a broad range of organizations to better manage and reduce their cybersecurity risks. The framework consists of industry standards, practical guidelines, and best practices for managing and reducing cybersecurity risks, and can be applied to diverse organizations—both government and commercial, ranging from small to large in size. The NIST cybersecurity framework is also designed to foster communications among internal and external organization stakeholders, so they can better collaborate to manage and reduce cybersecurity risks.

Since the NIST cybersecurity framework is voluntary guidance, rather than mandated regulations, organizations in different economic sectors are expected to customize the framework to address their specific cyber risks and cybersecurity needs. For more information about the NIST cybersecurity framework, see the NIST Cybersecurity Framework FAQ.