What are the different cybersecurity frameworks?
While there are many cybersecurity frameworks, the different cybersecurity frameworks most commonly used are:
- NIST Cybersecurity Framework (NIST CSF);
- ISO 27001/27002;
- NIST SP 800-53 (low, moderate or high baselines);
- NIST 800-171; or
- Secure Controls Framework (SCF) (or a similar metaframework).
The concept of there being a "best cybersecurity framework” is misguided, since the most appropriate framework to align with is entirely dependent upon the organization’s business model. Choosing a cybersecurity framework should be based on the organization’s industry, available resources and compliance objectives.
The applicable laws, regulations and contractual obligations that an organization must comply with will most often point to one of these commonly used cybersecurity frameworks as a starting point. Selecting the right mix depends on industry, regulatory needs and risk appetite.