A voluntary US framework that organizes cybersecurity activities into a set of high-level functions to help organizations manage risk.
The NIST Cybersecurity Framework provides a common language for managing cybersecurity risk. Version 2.0 organizes activities into six functions: Govern, Identify, Protect, Detect, Respond, and Recover.
It is voluntary and outcome-focused rather than prescriptive, which lets organizations map their existing controls and standards onto it. It is widely used in the United States and increasingly as a reference internationally.
Related frameworks
KaitoSec