Home/Glossary/NIST (National Institute of Standards and Technology)

NIST (National Institute of Standards and Technology)

A U.S. federal agency that develops cybersecurity standards, guidelines, and best practices widely adopted by organizations globally.

ComplianceAlso called: "national institute of standards and technology", "nist framework", "nist csf"

NIST provides authoritative guidance on cybersecurity that forms the foundation for many organizational security programs and compliance frameworks.

Why it matters

  • NIST frameworks are often required for U.S. federal contractors.
  • Many compliance frameworks (FedRAMP, CMMC, StateRAMP) build on NIST standards.
  • NIST guidelines represent security best practices recognized worldwide.
  • Following NIST demonstrates due diligence for legal and regulatory purposes.

Key NIST publications

  • NIST Cybersecurity Framework (CSF): Risk-based approach organized into Identify, Protect, Detect, Respond, Recover functions.
  • NIST SP 800-53: Comprehensive catalog of security controls for federal systems.
  • NIST SP 800-171: Protecting Controlled Unclassified Information (CUI) in non-federal systems.
  • NIST SP 800-63: Digital identity guidelines covering authentication assurance levels.
  • NIST SP 800-37: Risk Management Framework (RMF) for information systems.

NIST CSF 2.0 functions

  1. Govern: Establish cybersecurity risk management strategy and oversight.
  2. Identify: Understand assets, risks, and vulnerabilities.
  3. Protect: Implement safeguards to limit impact.
  4. Detect: Discover cybersecurity events quickly.
  5. Respond: Take action during incidents.
  6. Recover: Restore capabilities after incidents.

Getting started

  • Assess current state against the CSF framework.
  • Identify gaps and prioritize based on risk.
  • Develop target profiles for desired security posture.
  • Create action plans with measurable milestones.
  • Regularly review and update as threats evolve.

Related Tools

Related Articles

View all articles
MDR Vendor Performance Benchmarks: The Metrics That Matter

MDR Vendor Performance Benchmarks: The Metrics That Matter

Only a handful of MDR providers publish detection and response time benchmarks. We compiled every publicly citable metric from CrowdStrike, Expel, Huntress, eSentire, Arctic Wolf, Red Canary, and Microsoft to help you compare vendors on data, not marketing.

Read article →
AES vs Classical Ciphers: Why Modern Encryption Actually Works

AES vs Classical Ciphers: Why Modern Encryption Actually Works

Understand why AES is unbreakable while Caesar cipher fails instantly. Learn the fundamental differences between classical and modern encryption, and why proper cryptography matters for real security.

Read article →
Formal Security Models Explained: Bell-LaPadula, Biba, Clark-Wilson, and Beyond

Formal Security Models Explained: Bell-LaPadula, Biba, Clark-Wilson, and Beyond

Master the formal security models that underpin all access control systems. This comprehensive guide covers Bell-LaPadula, Biba, Clark-Wilson, Brewer-Nash, lattice-based access control, and how to choose the right model for your organization.

Read article →
Biometric Authentication: Understanding FAR, FRR, and CER for Security Professionals

Biometric Authentication: Understanding FAR, FRR, and CER for Security Professionals

Master the critical metrics behind biometric authentication systems including False Acceptance Rate (FAR), False Rejection Rate (FRR), and Crossover Error Rate (CER). Learn how to evaluate, tune, and deploy biometric systems across enterprise, consumer, and high-security environments.

Read article →

Explore More Compliance

View all terms

Data Privacy

The right of individuals to control how their personal information is collected, used, stored, and shared by organizations.

Read more →
Back to glossary