Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

NIST Cybersecurity Framework (NIST CSF)

The National Institute of Standards and Technology (NIST) is a federal agency within the US Department of Commerce that is charged with creating guidelines, frameworks, and policies that help businesses understand and navigate information and technology security.

What is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework (NIST CSF) was developed by the NIST to help businesses understand, manage, and reduce their cybersecurity risk. While the framework is voluntary for businesses, it provides an outline of best practices for businesses to utilise to understand where to focus time, money, and effort for cybersecurity protection.

NIST framework

The NIST CSF is centred around five key functions to help safeguard organisations from cybersecurity threats. These are:

  1. Identify – Understand which processes and assets are at risk of threat
  2. Protect – Establish protocols and safeguards to protect the organisation from threats
  3. Detect – Continue to monitor the organisation’s infrastructure, malicious activity and system weaknesses
  4. Respond – Establish threat response protocols to ensure security threats are effectively mitigated while limiting operational downtime as much as possible
  5. Recover – Ensure any affected systems are restored and system integrity is maintained organisation-wide

Understanding the 5 core functions of the NIST Cybersecurity Framework


The Identify function lays the groundwork for effective organisational cybersecurity protection. In this function, businesses audit their internal systems and processes to have a clear understanding of any existing weak points, as well as any oversights in their current threat protection policies. While this function can be extensive, as all key operational assets, software, and systems need to be thoroughly vetted, it is integral to establishing a foundation for effective cybersecurity protection.


Once an organisation has a thorough understanding of its key processes and systems—as well as any existing oversights—it can begin to establish the necessary cybersecurity protocols and processes to ensure the ongoing protection of these assets. This function also includes shoring up existing weak points from exploitation.


The Detect function is an ongoing process in which organisations continuously monitor their systems and networks for anomalies and potential threats. This enables organisations to discover breaches or other attacks as quickly as possible, allowing for immediate response to limit potential damage.


The Respond function includes following established response protocols to contain identified breaches and mitigate damage. However, the Respond function includes more than just containing breaches effectively. Organisations need to keep all internal and external stakeholders informed of the situation, the response tactics, and the damage caused by cybersecurity incidents. It is also important for organisations to run forensic analyses on breaches to better understand how the attack was carried out, how the bad actor gained access to protected systems, and how far-reaching were the effects of the attack.


Once the cybersecurity event has been contained and analysed, organisations can begin the Recover function. This function includes restoring systems that were affected by the incident, patching newly discovered weak points that were exploited in the attack, and restoring operations as quickly and effectively as possible.

Why should organisations use the NIST Cybersecurity Framework?

The NIST CSF gives organisations the necessary framework to effectively bolster their cybersecurity protocols. Implementing the NIST CSF not only enables organisations to better protect themselves from potential threats but also ensures they are equipped to identify and respond to breaches in a timely manner, limiting both damage and operational downtime as much as possible.