What is NIST? Why use the NIST Cyber Security Framework?


A Short History

Many people haven’t heard of NIST. The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time—a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany, and other economic rivals.


Today, NIST supports the smallest of technologies to the largest and most complex of human-made creations—from nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair up to earthquake-resistant skyscrapers and global communication networks. In short, NIST has been helping US industry compete on a global scale for over a century.


Starting in 1990, NIST began the Special Publication (SP) 800 series of information of interest to the computer security community. The series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities.


Why It Matters Today

NIST’s overarching goal to support US industry is at the heart of the SP 800 standards guidance. These publications provide the industry with an abundance of cybersecurity best practices, and many companies recognize these standards which provides a high level of comfort and trust.


NIST has developed SP 800 publications for specific industries (e.g., healthcare) that are used ubiquitously across many industries due to the recognized success of their identified cybersecurity controls.


AXIOTROP use the NIST SP 800 series as the basis for most of our assessments, policy development, and as a guide for our remediation plans and roadmaps. We have achieved the “Registered Provider Organization” (RPO) status from the CyberAB (the CMMC Accreditation Body) which demonstrates our organizational knowledge of NIST SP 800 series.


About AXIOTROP, LLC:


AXIOTROP’s mission is to make cybersecurity accessible, attainable, and sustainable for small and medium-sized businesses so they remain competitive and poised for growth. We simplify cybersecurity by working closely with businesses to right-size their program for their needs, resulting in client retention, business expansion, and reduced risk.