What is the NIST Cybersecurity Framework

  • By Greg Brown
  • Published: Jul 17, 2023
  • Last Updated: Jul 28, 2023

NIST Cybersecurity Framework

Created in 1901, the National Institute of Standards and Technology (NIST) was established to remove several challenges to US Industrial competitiveness. At the time of the NIST creation, the United States was considered a second-rate measurement infrastructure, lagging behind the United Kingdom, Germany, and other countries.

The NIST has evolved into a comprehensive framework of guidelines and best practices for businesses to manage their security in a cyber-attack world. Similar to other powerful cyber frameworks, the NIST is a federal agency within the US Department of Commerce

What is the NIST Cybersecurity Framework?

The Framework is designed to foster cybersecurity risk management and communications from internal and external organizational stakeholders. The structure is based on existing guidelines and standards to mitigate risk and is designed for companies and organizations that are part of the US Infrastructure. 

NIST Framework is voluntary and is not a regulatory agency of the US Government. However, in May of 2017, Executive Order 138000 required federal agencies and some state organizations to adopt the Framework. A few organizations may require their customers to implement the NIST Framework.

Organizations use the current Framework in a variety of ways. 1) Some use the structure to raise awareness for communicating within their organization, which may include executive-level leadership. 2) Organizations map the Framework to current cybersecurity management approaches. 3) Companies and agencies are learning how they match up with each separate guideline. 4) A few agencies use the Framework to reconcile internal policy with current regulations and industry best practices. 5) The Framework is also used as a strategic planning tool to assess risk and current practice.

What are the Elements of the NIST Framework?

nist cybersecurity framework core

Five functions of the Core are the backbone of the NIST Framework. All other elements in the NIST structure are organized around these five elements. Each function was selected because they represent the five foundations for a successful and holistic cybersecurity program. Core elements aid organizations in cyber security risk management. 

  1. Identity helps organizations better understand and manage cybersecurity risk to their systems, people, assets, data, and capabilities. Understanding cybersecurity risks enables organizations to prioritize and focus its efforts in a consistent manner equal to the risk management strategy and needs.

    Categories Within This Function:

    • Identify physical and software assets
    • Identify the business environment and the organization’s role in the supply chain
    • Define and identify cybersecurity policies
    • Supply Chain risk management
  2. The Protect function outlines appropriate safeguards ensuring critical infrastructure delivery. It supports or limits an organization’s ability to contain potential cybersecurity threats.


    • Identity management and access control protections
    • Empowering staff through awareness and training. Role-based and user-privileged training.
    • Establish data protection security policies
    • Information protection processes implementation
    • Managing protective technology
  3. Detect appropriate activities identifying the occurrence of a cybersecurity event and enables timely discovery.


    • Ensuring anomalies and cyber events are detected and the potential impact is understood. 
    •  Continuous security monitoring is implemented to monitor cybersecurity events. Verify the effectiveness of protective measures.
    • Maintain protection policies to provide staff awareness. 
  4. Respond with appropriate activities and take action regarding a cybersecurity incident. Respond and support the organization’s ability to impact a potential threat.


    • Ensure response planning processes are executed during and after a cyber-attack. Managing communications with law enforcement and external stakeholders.
    • Conducting proper analysis to ensure adequate support and response includes forensic analysis and impact. 
    • Mitigation activities are performed to ensure no further expansion of the threat. 
    • The organization begins to analyze and incorporate lessons learned. 
  5. Recover identifies activities to maintain plans for resiliency and restoration of services and capabilities impacted by the event. Supports timely recovery to normal operations and reduces impact.


    • Implement recovery planning processes to restore systems and assets.
    • Implement improvements based on lessons learned and review existing strategies. 
    • Internal and external communications are coordinated following recovery.

What are the Objectives of Framework?

Since the turn of the century, governments have been combating global cyber security attacks from every angle. The NIST Framework is described as a living, breathing entity, constantly evolving and updating to meet the current cyber challenges of the day. Version 1.1 is the current iteration of the Framework, and its Core, and Version 2.0 is on the way. 

NIST’s website is a comprehensive compilation of FAQs, versions, and varying degrees of resources to make it possible for businesses of all sizes to have the tools necessary to fight cybercrime. The Framework attempts to start a cyber crime initiative or add to an existing section.

One of the most valuable documents is NISTIR 8286, a resource to help the enterprise combat cybercrime. The entry page offers several schemas and other resources to help. A comprehensive computer resource center is available to anyone wanting to guard their business against the latest attack vectors. White papers, journal articles, conference papers, books, and much more are available for download.

Why The NIST Framework Matters?

Cyber attacks and threats continue to skyrocket around the globe with no apparent letup. However, private enterprises, governments, and many more are finally banding together to bring the best the world offers to confront and defeat the scourge. 

Ransomware, malware code, phishing, and smishing are never-ending. The single biggest threat to an enterprise is the unwitting nature of its employees. No matter how many times they are told, and the amount of training never stops, email attachments and links are still clicked on with haphazard abandonment. Some of the most extensive network intrusions in history happened because a single employee wanted to take a peek at one of their attachments. Only after the unwitting employee is controlled will there be a significant drop in cybercrime.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone&rs ... Read More

Latest Articles

What to Do if Your Credit Card is Lost or Stolen

What to Do if Your Credit Card is Lost or Stolen

Credit and debit cards have become the most prominent form of wealth access in the last decade. Once consumers pulled out thick wallets of cash—they now pull out thin clips of cards—if they bother using a card, not a watch or cellphone.

Credit Card CVV Number: Meaning and Security

Credit Card CVV Number: Meaning and Security

Inspect your credit card, and you'll likely find interesting—and crucial—elements of the plastic rectangle. The front might display the provider's name, a chip, some digits, or an entire card number; the back might hold much the same, along with a signature, when necessary, and a "valid thru [sic]" date.

The Meaning of Two-Factor Authentication (2FA): How to Turn On and Turn Off

The Meaning of Two-Factor Authentication (2FA): How to Turn On and Turn Off

Cyber attacks are a growing threat to all industries, nations, and people. They occur with increasing frequency, with the last year reporting 3,205 data compromises and over $12.5 billion in projected losses, according to the Federal Bureau of Investigation (FBI).

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address