Jump to content

www.nist.gov/cyberframework/frequently-asked-questions

Careers
Shop
Visit

Search

NIST Menu

Topics Expand or Collapse
Publications
Labs & Major Programs Expand or Collapse
Services & Resources Expand or Collapse
News & Events Expand or Collapse
About NIST Expand or Collapse

Cybersecurity Framework

cyberframework Expand or Collapse

Connect with us

Frequently Asked Questions

Share

Facebook LinkedIn Twitter

Framework Basics

What is the Framework, and what is it designed to accomplish?

Is my organization required to use the Framework?

Does it provide a recommended checklist of what all organizations should do?

See all questions

Framework Users

What critical infrastructure does the Framework address?

Does the Framework apply only to critical infrastructure companies?

Does the Framework benefit organizations that view their cybersecurity programs as already mature?

See all questions

Framework Components

What is the Framework Core and how is it used?

What are Framework Profiles and how are they used?

What are Framework Implementation Tiers and how are they used?

See all questions

Using the Framework

What is the difference between 'using', 'adopting', and 'implementing' the Framework?

Would the Framework have prevented recent highly publicized attacks?

Does the Framework address the cost and cost-effectiveness of cybersecurity risk management?

See all questions

Small Business Use

Does the Framework apply to small businesses?

Will NIST provide guidance for small businesses? Is there a starter kit or guide for organizations, just getting started with cybersecurity?

Will NIST provide guidance for small businesses? Is there a starter kit or guide for organizations just getting started with cybersecurity?

See all questions

U.S. Federal Agency Use

Are U.S. Federal agencies required to apply the Framework to Federal information systems?

Can U.S. Federal agencies apply the Framework to Federal information systems?

How is NIST integrating the Cybersecurity Framework into the cybersecurity risk management practices of federal agencies?

See all questions

Relationship Between the Framework and Other Approaches and Initiatives

What is the relationship between the Cybersecurity Framework and the NICE Cybersecurity Workforce Framework?

What is the relationship between the Cybersecurity Framework and the NIST Privacy Framework currently under development?

What is the relationship between the Framework and the DHS Critical Infrastructure Cyber Community (C³) Voluntary Program?

See all questions

Updates to the Cybersecurity Framework

How often will NIST update the Framework?

How did NIST process the V1.1 update?

How did NIST determine features for this update?

See all questions

Informative References

What are Informative References?

What is the Online Informative References (OLIR) Program?

Why were Online Informative References necessary?

See all questions

Communicating with NIST

How can I ensure resources or case studies my organization has released publicly are visible for others to use?

Does NIST encourage translations of the Cybersecurity Framework? If so, is there a procedure to follow?

Who can answer additional questions regarding the Framework?

See all questions

Cybersecurity

Created February 11, 2015, Updated September 13, 2019

twitter
facebook
linkedin
Instagram
youtube
rss
govdelivery

HEADQUARTERS
100 Bureau Drive
Gaithersburg, MD 20899
301-975-2000

Webmaster | Contact Us | Our Other Offices

How are we doing? Feedback

Topics
Publications
Labs & Major Programs
Services & Resources
News & Events
About NIST

Privacy Statement
Privacy Policy
Security Notice
Accessibility Statement
NIST Privacy Program
No Fear Act Policy

Disclaimer
FOIA
Environmental Policy Statement
Cookie Disclaimer
Scientific Integrity Summary
NIST Information Quality Standards

Business USA
Commerce.gov
Healthcare.gov
Science.gov
USA.gov