What is the NIST Cybersecurity Framework (CSF)?
NIST is a federal agency within the US Department of Commerce that creates guidelines, frameworks, and policies that support innovation in science and technology. It was created in response to Presidential Executive Order 13636, The National Institute of Standards and Technology (NIST) created a Cybersecurity Framework (CSF) in 2014.
The NIST Cybersecurity Framework provides guidance to organizations on how to mitigate, handle, and monitor security threats. Only federal agencies and their vendors, contractors, and partners are mandated to comply with NIST CSF.
Many private organizations voluntarily implement NIST CSF principles into their compliance and security programs. Self-attestation does not require an audit, and there is no accrediting body that awards certificates for compliance.
NIST CSF is based on five core functions intended to holistically safeguard organizations from security risks.
- Identify: Develop an understanding of possible security risks as they relate to a company’s people, processes, and technology.
- Protect: Establish cybersecurity protocols and principles that actively and passively defend a company’s infrastructure from security breaches.
- Detect: Continuously monitor a company’s infrastructure for anomalous events, malicious activity, and system weaknesses.
- Respond: Ensure a proper response strategy that effectively eliminates a security threat while also keeping company production on track.
- Recover: Maintain the integrity of all systems so that a company’s people, processes, and technologies can return to a stronger, more efficient state of operations.
{{cta_simple3="/cta-modules"}}
Join our product demo to discover how automation, continuous monitoring, and centralized workflows can streamline your GRC program, enhance control visibility, and improve vendor and buyer security management—all within a single platform.
Join our product demo to discover how automation, continuous monitoring, and centralized workflows can streamline your GRC program, enhance control visibility, and improve vendor and buyer security management—all within a single platform.
Watch our on-demand webinar with John Hammond—cybersecurity researcher, practitioner, and content creator with nearly two million YouTube subscribers—and Matt Cooper, Vanta’s Director of GRC, for a fireside chat on AI, security maturity, and the top security risks in 2025.
Watch our special Ask Me Almost Anything (AMAA) session featuring Vanta CISO Jadee Hanson, along with Mandy Matthew, Senior Security Risk Program Manager at Duolingo, and Divya Singh, Senior Director of Compliance and Privacy at Chegg.
Watch Vanta’s 45-minute demo to see how our platform automates up to 90% of the work for achieving ISO 27001 and SOC 2 compliance, helping you streamline security and move towards continuous compliance.
.svg)
.svg)
