Red Bridge CyberRed Bridge Cyber
Customer Login
What We CheckHow It WorksPricingResearchAboutBlogCustomer Login

What is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework (CSF) is a United States government framework for organising an organisation’s security program around 6 functions: Govern, Identify, Protect, Detect, Respond and Recover:

  • Why large companies use it — it gives boards and auditors a common language, and version 2.0 (2024) added the Govern function to formalise that role.
  • Reference, not regulation — nothing in Australian law requires a small business to adopt it. The Australian equivalents are the ACSC’s publications: the Small Business Cyber Security Guide for businesses without IT staff, and the Essential Eight for managed corporate networks — both better matched to the Australian context.
  • The practical trigger — is the same as for most frameworks: a US-headquartered customer or insurer may ask where you sit against the CSF.

Unless a contract names it, an Australian small business can safely treat NIST CSF as background reading.