LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the main NIST cybersecurity publications referenced as standards?

SP 800-30 (Risk Management), SP 800-53 (Security & Privacy Controls), and the NIST Cybersecurity Framework (NIST CSF) — produced by the US National Institute of Standards and Technology.

Publication Purpose
SP 800-30 Risk Management Guide — how to assess and treat IT risk
SP 800-53 Massive control catalogue (~1000 controls) used by US federal agencies
NIST CSF The high-level framework: Identify / Protect / Detect / Respond / Recover / Govern
CIS Controls (related) Pragmatic top-X control list, widely used as a 27002 alternative

All NIST publications are free, which is why they dominate where ISO would otherwise win — NIST CSF in particular has become the de-facto framework for non-regulated US private sector and many international organisations (including being the basis for Switzerland's IKT-Minimalstandard).

Tip: When a US auditor says "controls," they probably mean SP 800-53. When a US executive says "framework," they probably mean NIST CSF. Different abstraction levels, both NIST.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026