​The National Institute of Standards and Technology is a US governmental institution (part of the US Department of Commerce). The NIST Cybersecurity Framework was initially published in 2014 (v1.0) and updated in 2018 (v1.1, current).
The NIST Cybersecurity Framework was written to provided guidance to US Federal agencies and US operators of critical infrastructure on the management and reduction of cybersecurity risk within their organisations and is based on existing standards and guidance, notably the International Standard for Information Security (ISO 27001) and the International Standard series for Industrial communication networks - IT security for networks and systems (ISA/IEC 62443 series). While the origin of the framework is US-based it has seen widespread adoption, particularly in the financial and telecommunications business sectors.
The NIST Framework approach to cybersecurity is closely aligned with that taken by the EU Network and Information Systems (NIS) Directive (implemented in the UK as the NIS Regulations) for operators of essential services (OES) and digital service providers (DSP) with its 5 core cybersecurity functions of Identify, Protect, Detect, Respond and Recover being mirrored in the NIS Regulations requirements for Managing security risks, Protecting against cyber attack, Detecting cybersecurity events and Minimising the impact of cybersecurity incidents. The NIS Regulations objectives are supported by the UK National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) document.
Method Cyber Security Limited are well versed in current International Standards and best-practice guidance but advise the use of the National Cyber Security Centre Cyber Assessment Framework as the de facto UK standard for security assessment.
