What is the NIST Cybersecurity Framework?

The National Institute of Standards and Technology (NIST) is a government agency tasked with creating standards for federal employees and contractors to prevent unauthorized people from accessing government buildings and computer systems. They’ve created the NIST Cyber Security Framework to help government agencies and the contractors who work for them manage cybersecurity risks.

The five pillars of the NIST framework are: identify, protect, detect, respond, and recover. With cyber threats constantly evolving, it’s important to have a system in place to stay ahead of cybercriminals. Here’s a brief overview of each function to help you mitigate risks in your organization.


Identifying threats to your cyber security is probably the most difficult task as criminals are constantly coming up with new ways to sneak in the back door. For this reason, you must be ever vigilant in your approach to safeguarding your systems. Categories covered in this pillar are asset management, business environment, governance, risk assessment, and risk management strategy.


This function of the NIST Cybersecurity Framework deals with putting the proper safeguards in place for your system. Things they recommend you consider in this category include managing identity and access control, making employees aware of threats and training them to mitigate risks, data security, processes and procedures for protecting information, maintenance, and defensive technology.


You must have proactive systems in place to detect potential threats to your security. This pillar of the framework promotes prompt discovery of cybersecurity crises. Functions you want to consider in this category include abnormalities and events, continuous monitoring, and detection processes.


Once you’ve detected a cyber attack, a proper and timely response is critical to mitigating damage. This function of the NIST Cyber Security Framework helps you think about the actions you’ll take if a threat ever occurs, so you can be ready before it happens. This includes possible improvements to prevent future vulnerabilities, response planning, internal and external communications, and analysis.


Sometimes even the best plans aren’t enough. If you do suffer a setback in cybersecurity, it’s important to be resilient. This pillar of the NIST Framework deals with how to bounce back quickly and restore operations to normal after a crisis. Things to consider here are recovery planning, system and process improvements, and timely communication.

Get Expert Protection

Whether you work with the federal government or not, the NIST Cybersecurity Framework gives valuable insight into what it takes to protect your system from cyber threats. There are a lot of factors to take into account when it comes to cybersecurity, but it doesn’t have to be overwhelming.

NIC has worked with companies for decades to create and implement cybersecurity strategies. We provide managed IT support for companies of all sizes. If you need help safeguarding your system, contact us today for a free consultation.

Providing solutions to fit your organization’s IT needs

IT Partner