User:Tunjesh/NIST Cybersecurity Framework

Lead
NIST Cybersecurity Framework is a guidance on how both internal and external stakeholders of organizations can manage and reduce cybersecurity risk. It lists organization specific and customizable activities associated with managing cybersecurity risk and it is based on existing standards, guidelines, and practices. The framework has been translated to many languages and is used by the governments of Japan and Israel, among others. It "provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes." It is being used by a wide range of businesses and organizations and helps shift organizations to be proactive about risk management.

A security framework adoption study reported that 70% of the surveyed organizations see NIST's framework as a popular best practice for computer security, but many note that it requires significant investment. It also includes guidance on relevant protections for privacy and civil liberties.

Article body
The NIST Cybersecurity Framework is designed for individual businesses and other organizations to assess risks they face.

Version 1.0 was published by the US National Institute of Standards and Technology in 2014, originally aimed at operators of critical infrastructure. In 2017, a draft version of the framework, version 1.1, was circulated for public comment. Version 1.1 was announced and made publicly available on April 16, 2018. Version 1.1 is still compatible with version 1.0.