NIST CSF

A voluntary framework from NIST organized around five functions -- Identify, Protect, Detect, Respond, Recover -- that provides a common language for managing cybersecurity risk. NIST CSF 2.0 (released February 2024) added a sixth function: Govern. While not legally mandatory for most private companies, NIST CSF is widely adopted as a baseline and is frequently referenced in contracts, RFPs, and regulatory guidance.