In plain English
The NIST CSF is a widely-adopted international security framework that helps organisations understand their current cyber security posture and set measurable improvement goals. Australian organisations often use it alongside the Essential Eight to satisfy enterprise customers or international regulatory requirements.
Full definition
The National Institute of Standards and Technology (NIST) published version 1.0 of the CSF in 2014 and released CSF 2.0 in 2024, adding a sixth function: Govern. Each function is broken into categories and subcategories that map to specific controls and outcomes.
Unlike the — which prescribes specific technical controls — the NIST CSF is technology-neutral and outcomes-based. This makes it adaptable to organisations of any size or sector, and useful for board-level conversations about risk posture.