Overview#NIST Cybersecurity Framework (NIST CSF) provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cybersecurity attacks.
NIST Cybersecurity Framework "provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes." Version 1.0 was published by the US National Institute of Standards and Technology in 2014, originally aimed at operators of critical infrastructure. NIST Cybersecurity Framework being used by a wide range of businesses and organizations, and helps shift organizations to be proactive about risk management.
A security framework adoption study reported that 70% of the surveyed organizations see NIST's framework as a popular best practice for computer security, but many note that it requires significant investment.
NIST Cybersecurity Framework includes guidance on relevant protections for privacy and civil liberties.
More Information#There might be more information for this subject on one of the following:
- [#1] - NIST_Cybersecurity_Framework - based on information obtained 2017-06-12
- [#2] - Framework for Improving Critical Infrastructure Cybersecurity - based on information obtained 2018-08-22-