The National Institute of Standards and Technology (NIST) is a non-regulatory agency and laboratory, operating as part of the US Department of Commerce. Its mandate is to promote innovation and industrial competitiveness. NIST's scope of activities is broad, encompassing nanoscale science, information technology, neutron research, and measurement (physical and material), among others. NIST is also responsible for promoting cybersecurity and providing guidance on managing and reducing cybersecurity risks through the NIST Cybersecurity Framework (CSF).
The NIST Cybersecurity Framework (CSF) is a voluntary, recommended baseline for cybersecurity that is widely used by governments and industries around the world. The CSF consists of five main areas: Identify, Protect, Detect, Respond, and Recover, each of which comes with detailed recommendations for how organizations can implement the relevant security measures.
In the US, the CSF has been adopted by approximately 30% of organizations and usage is expected to grow. Since 2016, federal agencies in the US have been required to implement the CSF under the Federal Information Security Modernization Act (FISMA) and the Cybersecurity Executive Order. In addition to the CSF, NIST also provides guidelines protecting US federal information systems through the security controls detailed in NIST 800-53.