NIST (National Institute of Standards and Technology)

The NIST Cybersecurity Framework is a voluntary, risk based guide organized into five core functions. Identify, Protect, Detect, Respond, and Recover, it is broken down into 23 categories and over a hundred subcategories. It establishes a common taxonomy and maturity tiers that help organizations benchmark their current security posture, prioritize investments, and communicate risk to both technical teams and executive leadership. Unlike ISO/IEC 27001, which is a certifiable standard with formal audit requirements, the NIST framework serves as high level guidance without mandating certification. It offers more strategic flexibility than the prescriptive, control-focused CIS Controls and addresses broader enterprise objectives compared with the IT governance emphasis of COBIT or the payment-data focus of PCI DSS.