An Introduction to the NIST Cybersecurity Framework

If you’re not a technology expert, cybersecurity can feel confusing and overwhelming. But that doesn’t mean it’s unattainable. The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) can help organizations take the first step toward understanding what cybersecurity is and how to protect your data.

Who is NIST and What is the NIST CSF?

The National Institute of Standards and Technology was founded in 1901 and became part of the U.S. Department of Commerce in 1903. It was established to remove a major challenge to the U.S. industrial competitiveness at the time. In 2014, NIST organized private-sector stakeholders and government experts to create the Cybersecurity Framework.

The NIST cybersecurity framework is a powerful tool that allows organizations to lay the foundation for organizing and improving a cybersecurity program. The framework integrates industry standards and best practices that help organizations manage their cybersecurity risks. It provides common language to help align staff of all levels within an organization to develop an understanding of their organization’s cybersecurity risks.

The Five Functions of NIST CSF

The NIST functions are the highest level included in the CSF and act as the backbone of the Framework Core. These functions represent the five primary pillars for a successful and holistic cybersecurity program. They enable organizations to make risk management decisions by easily expressing their cybersecurity risk at a high level.


The identify function serves to help an organization develop an understanding of managing cybersecurity risks to people, assets, data, and capabilities. It is used to focus and prioritize efforts in relation to the business context, related cybersecurity risks, and the resources that support critical functions in efforts consistent with its risk management strategy and business needs.

This category should lead to the identification of:

  • Physical and software assets
  • Legal and regulatory requirements (if any)
  • A risk management strategy


The protect function illustrates what safeguards are needed to ensure delivery to critical infrastructure services in the event of a cybersecurity event. This function should be used to define the supports needed to limit or contain the impact of an event.

This category will define an organizational need for:

  • Access controls (both physical and remote)
  • Awareness training for users based on their roles and responsibilities
  • Data security measures
  • Information protection processes and procedures
  • Maintenance schedules and activities
  • Protective technology


The detect function defines what activities need to be identified during a cybersecurity event. It enables timely discovery of events to mitigate the outcome.

This category outlines the importance of:

  • Ensuring events and anomalies are detected and their potential impact is understood
  • Implementing security software and monitoring
  • Maintaining detection documentation and processes to follow when an event occurs


The respond function contains the appropriate activities to perform when a cybersecurity event is detected. It supports the ability for an organization to contain the potential impact of a cybersecurity event before it becomes catastrophic.

This category illustrates the need for activities such as:

  • Execution of the response process plan during and after an incident
  • Communications during and after an event with appropriate parties
  • Analysis to make sure the response is effective
  • Mitigation activities to reduce the growth of an event
  • Post-incident activities to update and improve for future response measures


The recover function pinpoints activities needed to maintain plans for hardening the environment and to restore any capabilities or services that were impaired due to an incident.  This function supports timely recovery to reduce the impact a cybersecurity incident has.

This category ensures:

  • Recovery Planning Processes (such as Incident Response Plans) are implemented to restore affected systems, assets, and users
  • Review of the processes taken for quality improvements
  • Communications are coordinated to both internal and external parties following recovery

Who Should Follow the NIST CSF?

Many federal agencies are required to follow the CSF however private businesses have begun to utilize these standards to combat cybersecurity threats.

Enabling your organization to follow the CSF provides guidance and benefits to all aspects of your business. It balances comprehensive risk management that is tailored to your business in language that is easy for all levels of an organization to follow. The framework encourages accurate and meaningful communication from executives all the way down through the hierarchy.

"*" indicates required fields