NIST Cybersecurity Framework (CSF)

The NIST Cybersecurity Framework (CSF) is widely regarded as one of the foremost standards for improving an organization’s cybersecurity posture and incident response.

What Is NIST Cybersecurity Framework?


The NIST Cybersecurity Framework (NIST CSF) is a set of comprehensive guidelines and best practices for organizations to improve their security posture. This framework provides recommendations and standards enabling organizations to better prepare in identifying and protecting against cyberattacks, and guidance on recovering from an incident.

History of NIST CSF

The original version (v1.0) was released in 2014 and intended for critical infrastructure such as energy and banking. The framework was made of five core functions: Identify, Protect, Detect, Respond, Recover. Due to its comprehensive nature, it’s been widely adopted and used by organizations of all sizes across every industry. It’s considered to be the gold standard to build and mature security programs as it provides metrics to measure progress, which assists in communicating to senior leadership the program’s efficacy. 

The current version (v2.0) was released by NIST in February of 2024 and includes multiple updates. These include a sixth core function (Govern), recognized broader application with language changes, and clarification along with implementation examples. It also includes supply chain risk and aligns to other NIST resources.

NIST CSF Compliance Checklist

The primary objective of the NIST CSF 2.0 is to help identify areas of weakness, prioritize hardening efforts, and communicate to technical and business leaders through six core functions.


  • Establish and monitor the organization’s cybersecurity risk management strategy, expectations, and policy
  • New step added in Revision 2.0 of the CSF to reduce complexity and support the other steps
  • Provides guidance for how organizations can make internal decisions that support the security strategy


  • Help determine the current cybersecurity risk to the organization
  • Addresses asset management, risk assessment, and improvements to risk management processes and procedures


  • Use safeguards to prevent or reduce cybersecurity risk
  • Identity and access management, security awareness training, data security, and management of the IT estate


  • Find and analyze possible cybersecurity attacks and compromises 
  • Includes continuous monitoring and analysis to surface anomalies and indicators of compromise


  • Take action regarding a detected cybersecurity incident
  • Guidance on incident management through documented incident response plan with forensics to determine full scope and inform hardening requirements upstream


  • Restore assets and operations that were impacted by a cybersecurity incident
  • Implementation of hardening to prevent or reduce the risk of a similar incident and communication strategy.

Fortra and the NIST Cybersecurity Framework

Fortra’s portfolio of solutions for infrastructure protection and data security helps organizations meet the NIST CSF.












Put Fortra's industry-leading team in your corner

Find out all the ways the Fortra team can make your life easier. From our constantly evolving solutions to our cutting-edge compliance tactics, we’re here to help.

Contact Us