Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Cybersecurity Framework

More than ever, organizations must balance a rapidly evolving cyber threat landscape against the need to fulfill business requirements. To help these organizations manage their cybersecurity risk, NIST convened stakeholders to develop a Cybersecurity Framework that addresses threats and supports business. While the primary stakeholders of the Framework are U.S. private-sector owners and operators of critical infrastructure, its user base has grown to include communities and organizations across the globe.

Graph showing 30% current use of the Cybersecurity Framework and projected 50% use
Credit: Natasha Hanacek/NIST
The Cybersecurity Framework is now used by 30 percent of U.S. organizations, according to the information technology research company Gartner, and that number is projected to reach 50 percent by 2020, as shown on the graphic.

The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization—and at all points in a supply chain—to develop a shared understanding of their cybersecurity risks. NIST worked with private-sector and government experts to create the Framework, which was released in early 2014. The effort went so well that Congress ratified it as a NIST responsibility in the Cybersecurity Enhancement Act of 2014.

The Framework not only helps organizations understand their cybersecurity risks (threats, vulnerabilities and impacts), but how to reduce these risks with customized measures. The Framework also helps them respond to and recover from cybersecurity incidents, prompting them to analyze root causes and consider how they can make improvements. Companies from around the world have embraced the use of the Framework, including JP Morgan Chase, Microsoft, Boeing, Intel, Bank of England, Nippon Telegraph and Telephone Corporation, and the Ontario Energy Board.

NIST continues to promote awareness of the Framework and its implementation in domestic and international markets. NIST also continues to work with industry and other stakeholders to ensure that updates to the Framework maintain its relevance and utility for a broad range of organizations.

Questions? Contact inquiries [at] nist.gov (subject: Industry%20Impact%3A%20Cybersecurity) (NIST Inquiries).