NIST Cybersecurity Framework

This practice note provides an overview of the key features, updates, and benefits of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. The framework is risk-based, voluntary guidance based on existing standards and practices to help organizations manage and reduce cybersecurity risks and improve communication with internal and external stakeholders. Organizations use the framework to, among other things, assess their current practices and risks and share cybersecurity expectations with business partners and suppliers. Organizations can customize the framework based on their sectors, needs, and risk tolerance. Implementing the framework is not a safe harbor for legal compliance, but it demonstrates that an organization has made efforts to implement widely adopted standards and best practices, which could help avoid legal liability.