The National Institute of Standards and Technology (NIST)
The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce whose mission is to promote US innovation and industrial competitiveness in fields such as nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement.
Frequently asked questions
What does NIST do?
According to its official website, the National Institute for Standards and Technology (NIST) is committed to “advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.” It does this by fostering compliance, providing education and training, guiding federal policy, and more.
What does NIST mean for cybersecurity?
The National Institute for Standards and Technology (NIST) aims to address the lack of universal standards in cybersecurity by offering regularly-updated security frameworks that help companies mitigate the impact of evolving cyberattacks.
What is NIST certification?
NIST certification means that a product, service, or piece of software has been tested and aligns with NIST (National Institute for Standards and Technology) standards. While NIST is a non-regulatory agency — meaning its standards and best practices are non-binding — many government agencies and enterprises have adopted NIST standards and require any partner agencies to align with NIST standards to help improve overall security.
What are NIST security standards?
The NIST cybersecurity framework is divided into five broad functions that help businesses align with evolving security standards:
- Identify: Understand how to manage cybersecurity risk to systems, assets, data, and capabilities
- Protect: Develop and implement safeguards to ensure the delivery of critical infrastructure services
- Detect: Develop and implement ways to identify cybersecurity events
- Respond: Develop and implement the appropriate ways to take action when a cybersecurity event occurs
- Recover: Develop and maintain plans to fix anything that was damaged during the cybersecurity event
Together, these core functions aim to help businesses effectively mitigate the impact of security threats and minimize their overall damage.