In 2014 NIST was tasked with creating a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for critical infrastructure to help identify, assess, and manage cyber risks. The NIST Cybersecurity Framework (CF) revolves around 5 key functions. Identify, Protect, Detect, Respond, Recover.
“Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances. They also will vary in how they customize practices described in the Framework. Organizations can determine activities that are important to critical service delivery and can prioritize investments to maximize the impact of each dollar spent. Ultimately, the Framework is aimed at reducing and better managing cybersecurity risks.” — NIST Cybersecurity Framework v1.1