The NIST SP 800-171 Cybersecurity Framework is voluntary guidance based on existing standards, guidelines, and practices to help organizations manage and reduce cybersecurity risk and liability.
The NIST Cybersecurity Framework fosters cybersecurity risk management and related communications among both internal and external stakeholders and for larger organizations, helps to integrate better and align cybersecurity risk management with broader enterprise risk management processes as described in the NISTIR 8286 series.
Five key Functions organize the Framework – Identify, Protect, Detect, Respond, and Recover. When considered together, these five widely understood terms provide a comprehensive view of the lifecycle for managing cybersecurity over time. The activities listed under each Function may offer a good starting point for your organization, See related articles in this section.