← All frameworks
International INTERNATIONAL · reference · US / International

NIST CSF

NIST Cybersecurity Framework 2.0

2.0

22 controls · 6 domains
Start assessment in platform →

About this framework

The NIST Cybersecurity Framework is a widely used, voluntary guide for managing security risk. Version 2.0 organises the work around six functions: Govern, Identify, Protect, Detect, Respond, and Recover, and scales to organisations of any size.

Who needs this

A flexible starting point for any organisation building or maturing its cybersecurity programme.

Cross-framework coverage

Controls in NIST CSF also cover:

CIS Controls 19 shared
NCA ECC-2 19 shared
Qatar NIA 19 shared
UAE IA 19 shared
NCA OTCC 19 shared

See how NIST CSF connects to the rest → the Security Universe

Control domains

GV · Govern 6
GV.OC
Organizational Context
CIS ControlsISO 27001DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2Qatar NIAUAE IASAMA CSFNCA OTCCADHICS
GV.RM
Risk Management Strategy
CIS ControlsPCI DSS 4.0.1ISO 27001NIS2DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
GV.RR
Roles, Responsibilities, and Authorities
CIS ControlsISO 27001DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2Qatar NIAUAE IASAMA CSFNCA OTCCADHICS
GV.PO
Policy
CIS ControlsPCI DSS 4.0.1ISO 27001NIS2DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2Qatar NIAUAE IASAMA CSFNCA OTCCADHICS
GV.OV
Oversight
CIS ControlsISO 27001DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2Qatar NIAUAE IASAMA CSFNCA OTCCADHICSPCI DSS 4.0.1NIS2
GV.SC
Cybersecurity Supply Chain Risk Management
CIS ControlsPCI DSS 4.0.1ISO 27001NIS2DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
ID · Identify 3
ID.AM
Asset Management
CIS ControlsPCI DSS 4.0.1ISO 27001Cyber EssentialsCyber Essentials PlusNIS2GDPR (EU)UK GDPRNCA ECC-2Qatar NIAUAE IASAMA CSFNCA OTCCADHICS
ID.RA
Risk Assessment
CIS ControlsPCI DSS 4.0.1ISO 27001NIS2DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICSCyber EssentialsCyber Essentials Plus
ID.IM
Improvement
CIS ControlsPCI DSS 4.0.1ISO 27001NIS2DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2Qatar NIAUAE IASAMA CSFNCA OTCCADHICS
PR · Protect 5
PR.AA
Identity Management, Authentication, and Access Control
CIS ControlsPCI DSS 4.0.1HIPAA Security RuleISO 27001Cyber EssentialsCyber Essentials PlusNIS2GDPR (EU)UK GDPRNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
PR.AT
Awareness and Training
CIS ControlsPCI DSS 4.0.1HIPAA Security RuleISO 27001NIS2GDPR (EU)UK GDPRNCA ECC-2Qatar NIAUAE IASAMA CSFNCA OTCCADHICS
PR.DS
Data Security
CIS ControlsPCI DSS 4.0.1ISO 27001NIS2GDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICSDORA
PR.PS
Platform Security
CIS ControlsPCI DSS 4.0.1ISO 27001Cyber EssentialsCyber Essentials PlusNIS2DORANCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICSGDPR (EU)UK GDPRHIPAA Security Rule
PR.IR
Technology Infrastructure Resilience
CIS ControlsPCI DSS 4.0.1ISO 27001Cyber EssentialsCyber Essentials PlusNCA ECC-2Qatar NIAUAE IANCA OTCCADHICSNIS2DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA CCC
DE · Detect 2
DE.CM
Continuous Monitoring
CIS ControlsPCI DSS 4.0.1GDPR (EU)UK GDPRISO 27001NIS2DORAHIPAA Security RuleNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
DE.AE
Adverse Event Analysis
CIS ControlsPCI DSS 4.0.1GDPR (EU)UK GDPRISO 27001NIS2DORAHIPAA Security RuleNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
RS · Respond 4
RS.MA
Incident Management
CIS ControlsPCI DSS 4.0.1HIPAA Security RuleISO 27001NIS2DORAGDPR (EU)UK GDPRNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
RS.AN
Incident Analysis
CIS ControlsPCI DSS 4.0.1HIPAA Security RuleISO 27001NIS2DORAGDPR (EU)UK GDPRNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
RS.CO
Incident Response Reporting and Communication
CIS ControlsPCI DSS 4.0.1HIPAA Security RuleISO 27001NIS2DORAGDPR (EU)UK GDPRNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
RS.MI
Incident Mitigation
CIS ControlsPCI DSS 4.0.1HIPAA Security RuleISO 27001NIS2DORAGDPR (EU)UK GDPRNCA ECC-2NCA CCCQatar NIAUAE IASAMA CSFNCA OTCCADHICS
RC · Recover 2
RC.RP
Incident Recovery Plan Execution
CIS ControlsISO 27001NIS2DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2NCA CCCQatar NIAUAE IANCA OTCCADHICS
RC.CO
Incident Recovery Communication
CIS ControlsISO 27001NIS2DORAGDPR (EU)UK GDPRHIPAA Security RuleNCA ECC-2NCA CCCQatar NIAUAE IANCA OTCCADHICS

Ready to assess against NIST CSF?

Start free trial →