Filter by Category

What is NIST?

NIST fosters innovation across industries

NIST, the National Institute of Standards and Technology, is a lab and non-regulatory federal agency of the U.S. Department of Commerce. Founded in 1901 as a tool to boost the U.S.'s global competitiveness, NIST fosters efforts to create standards across technology systems. Today, NIST continues to push for innovation in a variety of industries and develops guidelines to do so. Two such guidelines are the Cybersecurity Framework (CSF) and the recently released Privacy Framework.

While most guidelines that NIST creates are unenforced, the federal government endorses this guidance as best practice across sectors.

What is the NIST Cybersecurity Framework?

The NIST Framework for Improving Critical Infrastructure, more commonly known as the NIST Cybersecurity Framework or even CSF, is a tool to help organizations manage risks to critical infrastructure more consistently. It is made up of three components:

  1. Implementation Tiers, or how well cybersecurity risk management is integrated into the organization’s broad risk management
  2. Framework Cores, a set of 5 high level missions with 3 to 6 subcategories each:
    • Identify: Managing and assessing risk across environments and assets
    • Protect: Everything from raising awareness and training to implementing security technology
    • Detection: Creating processes to discover abnormal access and anomalies
    • Response: Planning how to analyze and contain the issue, and communicating with stakeholders
    • Recovery: Planning for recovery, including communicating and making improvements
  3. Profiles, an organization’s comparison between its requirements and goals and the Cybersecurity Framework – which can be used to find gaps and areas for improvement

Related Reading: Top Data Breaches of 2019: How You Can Minimize Your Risks

The Cybersecurity Framework can be used to uncover and prioritize cybersecurity goals to reduce risk. For detailed information about the Cybersecurity Framework, see NIST’s training modules.

What is NIST’s Privacy Framework?

Rolled out in January of 2020, the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management is a means to help organizations manage privacy risks and protect individuals’ privacy while collecting and using personal data.

The Privacy Framework overlaps slightly with the Cybersecurity Framework as a risk management document, but with an eye towards individuals whose personal data is exposed. It also differentiates between cybersecurity-related data incidents and events stemming from data processing.

Related Reading: Think Your Customer Data was Exposed? Follow These Steps

Like the Cybersecurity Framework, the Privacy Framework is made up of Implementation Tiers, Profiles, and overarching Cores which encompass how to understand and mitigate the privacy risks of data processing:

  • Identify: Uncovering gaps and understanding privacy risks in current processes
  • Govern: Continuously reevaluating privacy risk priorities
  • Control: Managing privacy risks by controlling access to data
  • Communicate: Disclosing how data is processed and used for both individuals and the organization
  • Protect: Developing ways to safely process and store data

Related Reading: Think like a Hacker and Secure Your Data

Version 1.0 of the NIST Privacy Framework was released in January 2020. For the most recent version, see the Privacy Framework overview on NIST’s website.

Why are NIST’s Frameworks Important?

While the Privacy and Cybersecurity Frameworks are suggestions for organizations, they offer helpful ways to adhere to new laws like GDPR and the CCPA, and federal laws like HIPAA and FISMA. Both are meant to:

  • Provide standardized government-endorsed security best practices across industries
  • Spark questions about and investigation into current cybersecurity and data risk management
  • Offer ways to communicate throughout departments to assess and mitigate risk
  • Encourage preparation for potential data breaches
  • Improve how organizations think about and manage risk, including response and recovery

Related Reading: Defending Against Data Breach

Ensuring secure infrastructure can help avoid data breaches and their consequences: fines, loss of customer trust, and loss of business.

How Can You Improve Your Cybersecurity and Risk Management?

Using secure and auditable tools to transfer and process data can significantly reduce your risk of both data breaches and improper handling of personal data. Know that your file transfers are encrypted, and that only appropriate users have access to certain folders and files.

Learn More About Data Security Compliance

Related Posts


10 Cybersecurity Tips and Best Practices

The 10 Best Cybersecurity Tips and Practices – as Told by IT Professionals Although there’s a lot of tips and best practices out there when it comes to cybersecurity, it’s important to make…


Meeting Compliance Regulations and Privacy Laws for Sensitive Data Transfers

Highly sensitive data is frequently exchanged between organizations. For instance, a business will routinely transmit financial information to their bank including payroll direct deposits and ACH…


How to Create a Cybersecurity Policy for Your Organization

The cyberattacks and data breaches that make the news are usually the ones that happen at big corporations like TJX or Home Depot. But every organization, large or small, needs to be concerned about…


Meeting IT Security and Compliance Requirements with GoAnywhere MFT

Meet your IT and compliance requirements easily with GoAnywhere MFT. GoAnywhere helps organizations and IT professionals comply with an array of strict regulations, methods, and technologies. To…


Top Data Breaches of 2019: How You Can Minimize Your Risks

Top Data Breaches of 2019: How You Can Minimize Your RiskYour organization made the headlines! That’s great, right? Not if it’s because you had sensitive data breached. A data breach can wreak…