® 
NIST CSF (Cybersecurity Framework)
Definition
The NIST Cybersecurity Framework is a voluntary framework from the US National Institute of Standards and Technology that helps organizations manage cybersecurity risks.
The NIST Cybersecurity Framework (NIST CSF) is a voluntary framework from the US National Institute of Standards and Technology helping organisations worldwide manage cybersecurity risks. NIST CSF 2.0, published February 2024, contains six core functions and is used by over 50% of Fortune 500 companies.
How does NIST CSF work?
The framework comprises six core functions: Govern (new in 2.0) addresses cybersecurity governance and risk management. Identify inventories assets, risks and vulnerabilities. Protect implements security measures. Detect identifies security incidents. Respond handles detected incidents. Recover restores after an incident. Each function contains categories and subcategories describing specific activities.
NIST CSF as reference framework
Although voluntary, many regulations reference it. NIS2 conceptually aligns with NIST CSF functions. ISO 27001 has significant overlap. NIST provides mapping documents describing relationships between frameworks.
Impact on organisations
NIST CSF provides a structured approach suitable for organisations of any size. It is technology-neutral and sector-independent.
Protection
Use NIST CSF to assess current maturity level. Define a target profile based on risk tolerance. Identify gaps and prioritise improvements.
How DEFION helps
DEFION uses NIST CSF as reference in Cyber Security Assessments.