The NIST Cybersecurity Framework is a flexible, risk-based approach to managing cybersecurity risk developed by the U.S. National Institute of Standards and Technology. It provides a structured methodology organizations can use to manage and reduce cybersecurity risks.
The framework consists of five core functions: Identify (understand your assets and risks), Protect (implement safeguards), Detect (identify cybersecurity events), Respond (take action on incidents), and Recover (restore capabilities). Organizations map these functions to their specific context and maturity level, making it applicable across industries and organization sizes.