Kelly Hood, a cybersecurity engineer with Optic Cyber Solutions, talks about the NIST cybersecurity framework, which is a comprehensive set of guidelines for managing cybersecurity risk. Key points include:

• The NIST cybersecurity framework has three components: the framework core, implementation tiers, and framework profiles. The core defines the desired cybersecurity outcomes; profiles document and define an organization's cybersecurity program; and tiers measure the organization's maturity;
• The framework provides a risk-based approach to cybersecurity, establishes a common language for communicating about cybersecurity, and references many other standards and frameworks to help organizations integrate regulatory requirements into their cybersecurity program;
• The framework is used across critical infrastructure sectors and many other organizations, and has been a valuable tool for facilitating communication and ensuring that cybersecurity goals are well-defined and achievable. The core is broken down into five functions, 23 categories, and 108 subcategories that define specific outcome statements.