What is NIST?

What is NIST?

NIST (National Institute of Standards and Technology) is a non-regulatory agency of the United States Department of Commerce that develops and publishes standards, guidelines, and best practices for technology and cybersecurity. NIST's publications are among the most widely referenced resources in information security worldwide, influencing both government and private sector organizations.

Key NIST publications

• NIST Cybersecurity Framework (CSF) — a voluntary framework organized around five core functions (Identify, Protect, Detect, Respond, Recover) that provides a common language for managing cybersecurity risk. Widely adopted by organizations of all sizes.
• NIST SP 800-53 — a comprehensive catalog of security and privacy controls for federal information systems. Often used as a reference by private organizations building security programs.
• NIST SP 800-171 — security requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems, required for defense contractors.
• NIST SP 800-37 — the Risk Management Framework (RMF) that guides organizations through a structured process for managing security risk.

Why NIST matters for compliance

While NIST frameworks are voluntary for most private organizations, they serve as the foundation or reference point for many compliance requirements:

• Federal agencies are required to follow NIST guidelines
• Defense contractors must comply with NIST SP 800-171 (enforced through CMMC)
• Many ISO 27001 and SOC 2 control mappings reference NIST publications
• Cyber insurance providers increasingly reference NIST CSF alignment

How episki helps

episki supports NIST CSF as a framework and provides control mappings between NIST and other standards like ISO 27001 and SOC 2. Learn more on our compliance platform.