NIST-CSF
The NIST cyber framework — 5 Identify/Protect/Detect/Respond/Recover functions.
Definition
CSF 2.0 (published February 2024) adds the Govern function. Widely adopted beyond US government — by private sector, by other countries (Japan METI references it, ENISA draws inspiration). For EDI: Identify = flow inventory, Protect = mTLS/encryption, Detect = SIEM, Respond = playbooks, Recover = backups.
Origin
First 1.0 edition February 2014 by NIST under Executive Order 13636. 1.1 edition April 2018. 2.0 edition February 2024.
Example in context
A NIST CSF 2.0 mapping on an EDI programme to demonstrate compliance to a cyber insurer.
Related terms
- ISO 27001 — equivalent international framework.