Home/Glossary/NIST (National Institute of Standards and Technology)

NIST (National Institute of Standards and Technology)

A U.S. federal agency that develops cybersecurity standards, guidelines, and best practices widely adopted by organizations globally.

ComplianceAlso called: "national institute of standards and technology", "nist framework", "nist csf"

NIST provides authoritative guidance on cybersecurity that forms the foundation for many organizational security programs and compliance frameworks.

Why it matters

  • NIST frameworks are often required for U.S. federal contractors.
  • Many compliance frameworks (FedRAMP, CMMC, StateRAMP) build on NIST standards.
  • NIST guidelines represent security best practices recognized worldwide.
  • Following NIST demonstrates due diligence for legal and regulatory purposes.

Key NIST publications

  • NIST Cybersecurity Framework (CSF): Risk-based approach organized into Identify, Protect, Detect, Respond, Recover functions.
  • NIST SP 800-53: Comprehensive catalog of security controls for federal systems.
  • NIST SP 800-171: Protecting Controlled Unclassified Information (CUI) in non-federal systems.
  • NIST SP 800-63: Digital identity guidelines covering authentication assurance levels.
  • NIST SP 800-37: Risk Management Framework (RMF) for information systems.

NIST CSF 2.0 functions

  1. Govern: Establish cybersecurity risk management strategy and oversight.
  2. Identify: Understand assets, risks, and vulnerabilities.
  3. Protect: Implement safeguards to limit impact.
  4. Detect: Discover cybersecurity events quickly.
  5. Respond: Take action during incidents.
  6. Recover: Restore capabilities after incidents.

Getting started

  • Assess current state against the CSF framework.
  • Identify gaps and prioritize based on risk.
  • Develop target profiles for desired security posture.
  • Create action plans with measurable milestones.
  • Regularly review and update as threats evolve.

Related Tools

Related Articles

View all articles
Formal Security Models Explained: Bell-LaPadula, Biba, Clark-Wilson, and Beyond

Formal Security Models Explained: Bell-LaPadula, Biba, Clark-Wilson, and Beyond

Master the formal security models that underpin all access control systems. This comprehensive guide covers Bell-LaPadula, Biba, Clark-Wilson, Brewer-Nash, lattice-based access control, and how to choose the right model for your organization.

Read article →
Biometric Authentication: Understanding FAR, FRR, and CER for Security Professionals

Biometric Authentication: Understanding FAR, FRR, and CER for Security Professionals

Master the critical metrics behind biometric authentication systems including False Acceptance Rate (FAR), False Rejection Rate (FRR), and Crossover Error Rate (CER). Learn how to evaluate, tune, and deploy biometric systems across enterprise, consumer, and high-security environments.

Read article →
Database Inference & Aggregation Attacks: The Complete Defense Guide

Database Inference & Aggregation Attacks: The Complete Defense Guide

Learn how inference and aggregation attacks exploit aggregate queries and combined data to reveal protected information, and discover proven countermeasures including differential privacy, polyinstantiation, and query restriction controls.

Read article →
NIST 800-88 Media Sanitization Complete Guide: Clear, Purge, and Destroy Methods Explained

NIST 800-88 Media Sanitization Complete Guide: Clear, Purge, and Destroy Methods Explained

Master NIST SP 800-88 Rev. 1 media sanitization methods including Clear, Purge, and Destroy. Covers SSD vs HDD sanitization, crypto erase, degaussing, regulatory compliance, and building a media sanitization program.

Read article →

Explore More Compliance

View all terms

Data Privacy

The right of individuals to control how their personal information is collected, used, stored, and shared by organizations.

Read more →
Back to glossary