NIST is a US government entity that creates mandatory standards that are followed by federal agencies and those doing business with them. NIST develops tests, test methods, reference data, proof-of concept implementations, and technical analyses to advance the development and productive use of information technology.

The NIST Cybersecurity Framework 1.0 is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. It was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.

COBIT 5 is the leading framework for the governance and management of enterprise IT. Issued by ISACA, COBIT is a comprehensive framework aligned with globally accepted practices, analytical tools and models that can help any enterprise address business issues through governance and management of information and technology.