Definition

NIST

NIST is the U.S. National Institute of Standards and Technology, globally recognized for its Cybersecurity Framework (CSF) and security standards.

NIST (National Institute of Standards and Technology) develops frameworks and special publications (SP) that have become global cybersecurity references. NIST CSF 2.0 organizes cyber risk management into 6 functions: Govern, Identify, Protect, Detect, Respond and Recover. Publications SP 800-53 (controls) and SP 800-30 (risk assessment) complement the framework.

Key aspects

6 CSF 2.0 functions

Govern (new in v2.0), Identify, Protect, Detect, Respond and Recover provide a complete view of the cyber risk management lifecycle.

Complementarity with ISO 27001

NIST CSF and ISO 27001 are complementary. NIST CSF offers a functional approach; ISO 27001 a certifiable management system. Many organizations map both frameworks.

Global applicability

Although originating in the U.S., the NIST CSF is globally adopted by organizations across all sectors as a cybersecurity maturity reference framework.

Frequently asked questions

No. NIST CSF is a voluntary reference framework, not a certifiable standard. Organizations use it to assess and improve their cybersecurity posture. For certification, ISO 27001 or SOC 2 is used.

Version 2.0 added Govern as a sixth core function, expanded scope beyond critical infrastructure to all organizations, and improved integration with enterprise risk management.

Comparison

ISO 27001 vs ISO 42001: key differences between information security and AI management

View Comparison

Available now

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

Frequently asked questions

No. NIST CSF is a voluntary reference framework, not a certifiable standard. Organizations use it to assess and improve their cybersecurity posture. For certification, ISO 27001 or SOC 2 is used.

Version 2.0 added Govern as a sixth core function, expanded scope beyond critical infrastructure to all organizations, and improved integration with enterprise risk management.

NIST

Key aspects

6 CSF 2.0 functions

Complementarity with ISO 27001

Global applicability

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

NIST

Key aspects

6 CSF 2.0 functions

Complementarity with ISO 27001

Global applicability

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?