The NIST Framework for Improving Critical Infrastructure Cybersecurity159 (NIST Cybersecurity Framework) is an overarching risk management framework that leverages other frameworks, standards, guidelines, and best practices to address an organization’s information (cybersecurity) risk.
Essentially, the NIST Cybersecurity Framework helps organizations:
- Ensure people, process and technology elements completely and comprehensively address information and cybersecurity risks consistent with their business objectives, including legislative, regulatory, and best practice requirements;
- Identify risks from the use of information by the organization’s business units and facilitate the avoidance, transfer, reduction, or acceptance of risk; and
- Support policy definition, enforcement, measurement, monitoring, and reporting for each component of the security program and ensure these components are adequately addressed.
159 NIST (2018, 16 Apr).