.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Implement the original NIST Cybersecurity Framework (v1.1) across five core functions.The NIST Cybersecurity Framework (CSF) 1.1 is a voluntary framework from the U.S. National Institute of Standards and Technology. It organizes cybersecurity activities into five core functions — Identify, Protect, Detect, Respond, and Recover — providing a common language for managing and reducing cyber risk.
If you are starting fresh, consider NIST CSF 2.0, which adds the Govern function. CSF 1.1 remains widely referenced in existing contracts and programs.
Who needs NIST CSF?
Critical infrastructure
Originally designed for the 16 critical infrastructure sectors, including energy, finance, and healthcare.
Maturing security programs
Organizations building a structured, risk-based security program from the ground up.
Key components
Identify
Develop organizational understanding of cybersecurity risk to systems, assets, data, and capabilities.
Protect
Develop and implement safeguards to ensure delivery of critical services.
Detect
Implement activities to identify the occurrence of a cybersecurity event.
Respond
Take action regarding a detected cybersecurity incident.
Recover
Maintain plans for resilience and restore capabilities impaired by incidents.
How DSALTA helps with NIST CSF
Activate NIST CSF
Select NIST CSF from the Frameworks page. DSALTA maps all five functions to pre-built controls.
Frequently asked questions
Should I use CSF 1.1 or 2.0?
Should I use CSF 1.1 or 2.0?
New programs should generally adopt CSF 2.0 for its added Govern function and broader applicability. Use 1.1 if your contracts or existing program specifically reference it.
Is NIST CSF mandatory?
Is NIST CSF mandatory?
It is voluntary for most private organizations, though some federal contracts and sector regulators require alignment.