Live wire
CVE-2026-1142Apache Tomcat — RCE, CVSS 9.8Credentialstuffing wave — 8 retail brands hitISO42001 final draft — AI governance baselineVoltTyphoon successor — energy-sector dwell time 18 daysEUNIS2 expanded scope — mid-market SaaS inRansomwaremean dwell time — 6 days, down from 11Supplychain — npm package compromise — 2.4M downloadsZero-dayin Cisco IOS — patches availableCVE-2026-1142Apache Tomcat — RCE, CVSS 9.8Credentialstuffing wave — 8 retail brands hitISO42001 final draft — AI governance baselineVoltTyphoon successor — energy-sector dwell time 18 daysEUNIS2 expanded scope — mid-market SaaS inRansomwaremean dwell time — 6 days, down from 11Supplychain — npm package compromise — 2.4M downloadsZero-dayin Cisco IOS — patches available
FeedStatsPoliciesComplianceThreat Intel
All Frameworks
NIST CSF

NIST Cybersecurity Framework

The US federal standard for managing cybersecurity risk

3–6 months
Timeline
$5,000–$30,000
Typical cost
Medium
Difficulty

§ Overview

The NIST Cybersecurity Framework (CSF) provides a voluntary framework for organizations to manage and reduce cybersecurity risk. It's organized around five core functions: Identify, Protect, Detect, Respond, and Recover. Unlike ISO 27001 or SOC 2, NIST CSF doesn't have a formal certification process — it's a self-assessment framework used to benchmark and improve security posture.

§ Who needs this

US government contractors and agencies (mandatory), critical infrastructure organizations, and any company wanting a structured approach to cybersecurity. Widely adopted by US-based companies as a baseline security framework, especially those in defense, energy, and financial sectors.

§ Key requirements

01

Identify

Develop organizational understanding of cybersecurity risk to systems, people, assets, data, and capabilities. Includes asset management, risk assessment, and governance.

02

Protect

Implement safeguards to ensure delivery of critical services. Covers access control, awareness training, data security, maintenance, and protective technology.

03

Detect

Develop activities to identify cybersecurity events. Includes anomalies detection, continuous monitoring, and detection processes.

04

Respond

Develop activities to take action regarding detected cybersecurity incidents. Covers response planning, communications, analysis, mitigation, and improvements.

05

Recover

Develop activities to maintain resilience and restore capabilities impaired during a cybersecurity incident. Includes recovery planning, improvements, and communications.

§ Steps to compliance

1

Establish Current Profile

Document your current cybersecurity posture by mapping existing controls to NIST CSF categories and subcategories.

2

Define Target Profile

Determine your desired cybersecurity state based on business objectives, risk tolerance, and regulatory requirements.

3

Gap Analysis

Compare current and target profiles to identify gaps. Prioritize gaps based on risk and business impact.

4

Create Action Plan

Develop a prioritized roadmap to close identified gaps, including resource allocation, timelines, and responsible parties.

5

Implement Controls

Deploy technical and organizational controls to address gaps. Focus on highest-risk areas first.

6

Assess & Report

Conduct self-assessment or third-party assessment against the framework. Report maturity levels to leadership.

§ What you get

Clear understanding of your cybersecurity risk posture

Structured roadmap for security improvements

Common language for discussing cybersecurity with leadership

Alignment with US federal security requirements

Foundation for pursuing formal certifications (ISO 27001, SOC 2)

Improved incident detection and response capabilities