N
NIST (National Institute of Standards and Technology)
A U.S. federal agency that develops technology standards and guidelines, including influential cybersecurity frameworks.
What is NIST?
The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and non-regulatory agency of the U.S. Department of Commerce. NIST develops standards and guidelines, including widely-adopted cybersecurity frameworks.
Key NIST Cybersecurity Publications
NIST Cybersecurity Framework (CSF):
- Five core functions: Identify, Protect, Detect, Respond, Recover
- Voluntary framework for managing cyber risk
- Widely adopted across industries
NIST SP 800 Series:
- SP 800-53: Security and Privacy Controls
- SP 800-171: Protecting CUI
- SP 800-37: Risk Management Framework
- SP 800-63: Digital Identity Guidelines
NIST CSF Core Functions
- Identify: Asset management, risk assessment
- Protect: Access control, training, data security
- Detect: Monitoring, detection processes
- Respond: Response planning, communications
- Recover: Recovery planning, improvements
Why NIST Matters
- Provides authoritative guidance
- Enables consistent security approaches
- Supports regulatory compliance
- Facilitates communication about risk
- Offers implementation flexibility
NIST Compliance Requirements
- FISMA (federal agencies)
- DFARS (defense contractors)
- Many state regulations reference NIST
- Increasingly required in contracts