Skip to content

Questions & Answers

Is NIST a standard or framework?


Get the answers you need


Is NIST a standard or framework?


NIST is both a standard and a framework.

  • As a standard, NIST is a set of guidelines and best practices for organizations to follow when it comes to cybersecurity. It provides a comprehensive set of security controls, processes, and procedures that organizations can use to protect their networks and data.
  • As a framework, NIST provides a structure for organizations to use when assessing and managing their cybersecurity risk. The Framework is designed to be flexible and scalable, allowing organizations to tailor their security solutions to their own unique needs. It also provides guidance on how to develop and implement a cybersecurity program, as well as how to measure and report on the effectiveness of that program.