The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks
What is NIST Compliance?
The National Institute of Standards and Technology (NIST) is a non-regulatory, government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry.
As part of this effort, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act (FISMA). NIST also helps those agencies protect their information and information systems through cost-effective programs.
Specifically, NIST develops Federal Information Processing Standards (FIPS) that are the basis for FISMA provisions. The Secretary of Commerce approves FIPS. And FIPS are mandatory for all federal agencies. FIPS does not apply to national security systems (as defined in Title III, Information Security, of FISMA).
NIST provides guidance documents and recommendations through its Special Publications (SP) 800-series. The Office of Management and Budget (OMB) policies require agencies to comply with NIST guidance unless they are national security programs and systems.