What are the five pillars of NIST Cybersecurity Framework?

National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology's cybersecurity framework is a valuable tool for organizing and improving your cybersecurity program. It's a set of standards and best practices aimed at assisting businesses in establishing and improving their cybersecurity posture. The framework includes a series of suggestions and standards that help companies better prepare for cyber-attacks by identifying and detecting them, as well as for instructions for responding to, preventing, and recovering from them.

This framework, developed by the National Institute of Standards and Technology (NIST), tackles the lack of cybersecurity standards by providing a unified set of rules, guidelines, and standards that businesses can utilize across industries. The National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) is widely regarded as the gold standard for establishing a cybersecurity program.

"Core," "Profile," and "Tiers" are the three sections of the framework. The "Framework Core" covers a variety of actions, outputs, and references related to cybersecurity elements and techniques. An organization's "Framework Implementation Tiers" are used to describe how it views cybersecurity risk and the sophistication of its management approach for itself and its partners. [9] A "Framework Profile" is a set of outcomes selected from the categories and subcategories by an organization based on its needs and risk assessments.

The NIST Cybersecurity Framework is aimed at guaranteeing the security of essential IT infrastructure in private sector businesses. The framework developed by the National Institute of Standards and Technology (NIST) is meant to provide recommendations but is not focused on compliance. The goal is to persuade businesses to treat cybersecurity risks as seriously as they treat financial, industrial/personnel, and operational risks. Another goal of the framework is to provide cybersecurity risk considerations in day-to-day conversations at businesses across the country.

Five Pillars of NIST Cybersecurity Framework

There are five distinct functions in the NIST framework. Each one indicates a collection of tasks and goals that must be met. These responsibilities must be combined in order for firms to develop a holistic and comprehensive cybersecurity strategy.

The NIST framework is made up of five pillars −

  • Identify − Determine the sorts of threats and all assets that could be jeopardized.

  • Protect − Consider how to best protect all of the assets that have been identified.

  • Detection − Specify how risks to assets will be identified.

  • Respond − Outline critical procedures to take in the event of a threat being detected.

  • Recover − Determine ways to repair and secure the infrastructure that has been harmed.


This pillar entails identifying an organization's "essential functions" and the cybersecurity dangers that could obstruct them. If a company takes payments from clients online, for example, secure data collecting is an essential function; without it, the company will be unable to sell its products. The business environment, which refers to the organization's objectives, activities, and stakeholders, and asset management, which refers to the systems, data, devices, facilities, and workers required to perform a critical function, are two categories covered by the Function.


To restrict or contain the consequences of a possible cybersecurity event, organizations must create and implement suitable protections. To comply, your company must control access to digital and physical assets, provide awareness education and training, implement data security processes, maintain network configuration and operations baselines, deploy protective technology to ensure cyber resilience, and maintain baselines of network configuration and operations to repair system components in a timely manner.


The Detect Function specifies the operations that should be carried out in order to detect the occurrence of a cybersecurity event. The Detect Function enables the detection of cybersecurity events in real-time.

Within this Function, some examples of result Categories include −

  • Ascertaining the detection of anomalies and events, as well as their potential impact

  • Continual Security Implementation Monitoring skills to keep track of cybersecurity events and ensure that preventive measures, such as network and physical security, are working.

  • Detection Processes must be maintained in order to provide knowledge of unusual events.


Once a threat or abnormality has been identified, a specified reaction must be established to deal with it. This could be a number of techniques, depending on the asset's criticality, the behavior noticed, and other factors. Each response plan should be adapted to the specific use case, asset, and threat activity.

Investigating the cause of the behavior to determine whether it is legitimate is one example procedure. Analysts can assess cyber activity before and after the event to better comprehend the threat and its context if it is determined to be unauthorized. The outcome of this intelligence will influence the course of action that must be pursued.


The recovery function seeks to retrieve any data that has been lost due to a breach or attack. It also takes care of restoring services to important systems that may have been harmed as a result of the intrusion. It also allows for the identification of future operations that will support the organization's cybersecurity infrastructure resilience.

The recovery role also entails communicating with both internal and external stakeholders (for example, employees and customers) about the incident, in addition to recovery planning and deciding where changes can be made.