LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is the NIST Cybersecurity Framework (CSF), and why has it become so influential?

The NIST CSF is a voluntary, risk-based framework for managing cybersecurity risk, built around outcomes rather than prescriptive controls — and it's free.

Kreisdiagramm der sechs NIST-CSF-2.0-Funktionen Govern, Identify, Protect, Detect, Respond, Recover.

* Das NIST-CSF-2.0-Funktionsrad — die fünf klassischen Funktionen plus die 2024 ergänzte Funktion „Govern" im Zentrum. — NIST, Public domain, via Wikimedia Commons. *

NIST (the US National Institute of Standards and Technology) published the framework in 2014, originally to help critical infrastructure operators after US Executive Order 13636. It spread far beyond that audience because of three properties:

  • Outcome-oriented: it describes what you should achieve ("anomalies are detected"), not how — so any organization, sector, or size can map its own controls to it
  • Common language: executives, engineers, and auditors can all discuss security posture using the same five functions
  • Free and vendor-neutral: unlike ISO 27001, no license fees and no certification machinery required

Many national adaptations are built directly on it — including the Swiss IKT Minimalstandard.

Tip: Don't confuse the NIST CSF with NIST SP 800-53 — the latter is a detailed control catalog; the CSF is a high-level framework that points to 800-53 (and ISO 27001, COBIT…) as references.

Go deeper:

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jul 05, 2026