NIST is a US government entity that creates mandatory standards that are followed by federal agencies and those doing business with them. NIST develops tests, test methods, reference data, proof-of concept implementations, and technical analyses to advance the development and productive use of information technology.

The NIST Cybersecurity Framework 1.0 is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. It was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.