Skip to main content
Security Scorecard

What is the NIST Framework? An Introduction and a Look at Its Five Core Functions

Posted on June 27th, 2022

The National Institute of Standards and Technology is an agency within the U.S. Department of Justice. It was founded in 1901 to support science and technological development. For decades, it has provided guidance on computer security.

In 2014, in cooperation with public and private sector experts, the NIST released its cybersecurity framework. The framework combines best practices and industry standards to help organizations deal with cybersecurity risks.

The goal of creating the Cybersecurity Framework (CSF) was to simplify the language of cybersecurity best practices and to make it easy for decision-makers to bring much-needed changes in order to improve security posture among organizations.

The NIST CSF is made up of five core functions:



The first function is about identifying and gathering all critical assets relating to your organization. Assets include systems, people, data, and capabilities.

After completing this phase, you should clearly understand your assets and how they support critical functions in the business context of your organization.


After identifying your critical assets, you have to protect them. This function supports the implementation of security measures to prevent or limit the impact of a cyber incident.

Some of the most important measures are:

  • Stricter Access Control and Identity Management

  • Staff training to raise awareness about cyber risks

  • Securing data by protecting its confidentiality, integrity, and availability


Detecting a cyber incident quickly is vital in minimizing its consequences. Organizations must be able to detect system anomalies through continuous monitoring and other processes.

Defense teams should be able to gather and analyze data from different sources. A good system to weed out false positives is critical for the detection process.


Responding to a detected cyber incident effectively can significantly contain its impact. Having an Incident Response plan is only the first step. Security leaders must ensure that the plan is executed during and after an incident.

Clear communication between internal and external stakeholders and law enforcement is necessary for effective response. A response plan should also have mitigation activities to resolve an incident and prevent its expansion.


The recovery phase is when affected systems and their capabilities are restored. Planning is also necessary for recovery. With recovery planning, organizations can explore various “what if” scenarios to develop a “playbook” for handling cyber incidents.

Learning from the mistakes of others is a great place to start when implementing better recovery processes for future incidents. NIST’s Guide for Cybersecurity Event Recovery outlines the recovery planning process and essential items that should be included in the recovery playbook.

What else does the NIST framework include?

Within each of the five functions, there are three to five categories. These categories identify tasks or challenges associated with each function. Within each of the categories, there are subcategories that break down the task or challenge even further. The framework also includes Informative references, such as sources, documents, and steps to help execute tasks or challenges.

How SecurityScorecard can help

Since 2017, government agencies have been required to adhere to NIST standards. The private sector is also encouraged to adopt some forms of the NIST framework.

With SecurityScorecard’s continuous compliance monitoring solution, organizations can track their adherence to current public and private sector security mandates, as well as detect potential compliance gaps. Request a demo to get started.

Return to Blog
Join us in making the world a safer place.