Skip to main content
Library homepage
 
Engineering LibreTexts

1.2: Why use NIST?

  • Page ID
    84559
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    Five reasons for using NIST publications:

    1. NIST publications are processes & practices for federal government agencies to follow regarding Cybersecurity. Organizations partnering with the federal government are obligated to adopt these standards. Moreover, many organizations (public and private) adopt and adapt NIST standards for their own Cybersecurity and Risk Management programs.
    2. NIST is often cited in federal laws, regulations, orders and statutes1 as a source for Cybersecurity guidance. It is also cited by federal Departments2 and agencies when promulgating rules and regulations governing specific critical sectors (e.g., manufacturing, health, finance).
    3. NIST publications are used by private businesses and commercial vendors for the development of custom Cybersecurity and risk assessment programs. Some professional certifications in Cybersecurity are based on NIST standards.
    4. NIST publications serve as an authoritative source for industry Cybersecurity “Best Practices”.
    5. NIST publications are often cited in regulatory or legal proceedings as the basis for a company or organization’s Cybersecurity strategy or Risk Management Program.

    [1] Examples include IoT Cybersecurity Improvement Act of 2020, passed in December, 2020; HIPAA Safe Harbor Act, an amendment to the Health Information Technology for Economic and Clinical Health Act (HITECH), signed into law in January, 2021; and Executive Order 14028 (Improving the Nation’s Cybersecurity), signed May 12, 2021.

    [2] An example is the Department of Health and Human Services (HIPAA). See https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html?language=es for an example of NIST citation.


    This page titled 1.2: Why use NIST? is shared under a CC BY-NC 4.0 license and was authored, remixed, and/or curated by Thomas P. Dover.