NIST stands for the National Institute of Standards and Technology. It’s one of many federal agencies under the U.S. Department of Commerce. Originally founded to help the United States better compete with economic rivals, NIST focuses on the mantra, “One cannot manage what cannot be measured.” NIST is one of the oldest physical science laboratories in the U.S. Many of the benefits of NIST can be seen in a wide variety of products and services like nano devices, disaster resistant buildings, cybersecurity frameworks, and global networking. One of the most well-known branches of NIST is the Computer Security Resource Center (CSRC). The CSRC was founded in the mid ‘90s and provides resources regarding information security, cybersecurity, and information privacy. The CSRC comprises two divisions: the Computer Security Division (CSD) and the Applied Cybersecurity Division (ACD).  The CSD division conducts research in securing machine level components, systems, applications, and cryptography. The CSD also provides security engineering and risk management information along with testing, validating, and measuring security controls.  The ACD division is where the rubber meets the road on cybersecurity, privacy, and risk. Many U.S organizations have adopted the practical application of standards and best practices focused on improving their overall cybersecurity posture. Those in cybersecurity are most familiar with several NIST special publications (NIST SPs). The most common NIST publications for professional security consumption are the NIST Cybersecurity Framework (CSF), Federal Information Processing Standards (FIPS), NIST Special Publications 800, 1800, 500, and ITL Bulletins:
  • FIPS focuses on security standards 
  • SP 800 focuses on computer security 
  • SP 1800 contains cybersecurity practice guides 
  • SP 500 highlights information technology
  • ITL Bulletin is a monthly overview of NIST security 
Overall, cybersecurity in the United States is heavily influenced by the NIST framework and publications.