← All frameworks
International INTERNATIONAL · reference · US / International

NIST CSF

NIST Cybersecurity Framework 2.0

2.0

22 controls · 6 domains
Start assessment in platform →

About this framework

The NIST Cybersecurity Framework is a widely used, voluntary guide for managing security risk. Version 2.0 organises the work around six functions: Govern, Identify, Protect, Detect, Respond, and Recover, and scales to organisations of any size.

Who needs this

A flexible starting point for any organisation building or maturing its cybersecurity programme.

Cross-framework coverage

Controls in NIST CSF also cover:

ADHICS 19 shared
NCA ECC-2 19 shared
NCA OTCC 19 shared
Qatar NIA 19 shared
CJIS 18 shared

See how NIST CSF connects to the rest → the Security Universe

Control domains

GV · Govern 6
GV.OC
Organizational Context
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.RM
Risk Management Strategy
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.RR
Roles, Responsibilities, and Authorities
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.PO
Policy
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.OV
Oversight
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
GV.SC
Cybersecurity Supply Chain Risk Management
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
ID · Identify 3
ID.AM
Asset Management
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
ID.RA
Risk Assessment
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusDORAISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1Qatar NIASAMA CSFUAE IAGDPR (EU)HIPAA Security RulePDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021UK GDPR
ID.IM
Improvement
CJISCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRADHICSPCI DSS 4.0.1
PR · Protect 5
PR.AA
Identity Management, Authentication, and Access Control
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRNCA CCC
PR.AT
Awareness and Training
CJISADHICSCIS ControlsGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1Qatar NIASAMA CSFUAE IAUK GDPR
PR.DS
Data Security
CJISADHICSCIS ControlsGDPR (EU)ISO 27001NCA ECC-2NCA OTCCPCI DSS 4.0.1PDPLData-protection rulesPDPPLQatar NIAPDPL – Federal Decree-Law 45/2021UAE IAUK GDPRNCA CCCHIPAA Security RuleNIS2SAMA CSF
PR.PS
Platform Security
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusISO 27001NCA CCCNCA ECC-2NCA OTCCPCI DSS 4.0.1Qatar NIAUAE IADORAGDPR (EU)HIPAA Security RuleNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021SAMA CSFUK GDPR
PR.IR
Technology Infrastructure Resilience
CJISADHICSCIS ControlsCyber EssentialsCyber Essentials PlusNCA CCCNCA ECC-2NCA OTCCPCI DSS 4.0.1Qatar NIAUAE IAISO 27001DORAGDPR (EU)HIPAA Security RuleNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021UK GDPR
DE · Detect 2
DE.CM
Continuous Monitoring
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
DE.AE
Adverse Event Analysis
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPRNCA CCC
RS · Respond 4
RS.MA
Incident Management
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
RS.AN
Incident Analysis
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
RS.CO
Incident Response Reporting and Communication
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
RS.MI
Incident Mitigation
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA ECC-2NCA OTCCNIS2PCI DSS 4.0.1PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIASAMA CSFUAE IAUK GDPR
RC · Recover 2
RC.RP
Incident Recovery Plan Execution
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR
RC.CO
Incident Recovery Communication
CJISADHICSCIS ControlsDORAGDPR (EU)HIPAA Security RuleISO 27001NCA CCCNCA ECC-2NCA OTCCNIS2PDPLData-protection rulesPDPPLPDPL – Federal Decree-Law 45/2021Qatar NIAUAE IAUK GDPR

Ready to assess against NIST CSF?

Start free trial →