The NIST Cybersecurity Framework (NIST CSF) provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks. This voluntary framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Cybersecurity Framework's prioritized, flexible, and cost-effective approach helps promote the protection and resilience of critical infrastructure.

The NIST CSF core material is organized into five functions, which are subdivided into the categories shown in the following figure:

Figure 12.    National Institute of Standards and Technology, Cybersecurity Framework

Visit the NIST website for more information on the NIST CSF.