For example, NIST SP 800-53 deals with the steps of the Risk Management Framework required by the Federal Information Processing Standards (FIPS) 200 (Chang-Gu, 2017). Additionally, ISO 27000 and COBIT frameworks describe how to execute controls and procedures within the information technology domains. Most organizations and federal offices are bound to a specific policy, NIST CSF on the other hand compliments and builds on existing theoretical accounts to strengthen an organization's cybersecurity …show more content…
NIST with the cooperation of various industry leaders created a standardized framework to improve and reduce cybersecurity risks. This led to NIST publishing version 1.0 of the Cybersecurity Framework on February 12, 2014; which commonly known as “NIST CSF”. While NIST CSF references common standards and practices such as ISO 27001, COBIT, NIST SP 800-53, ISA 62443, and the Council on Cybersecurity Critical Security Controls it was never intended to replace or supersede those standards but rather to compliment or enhance existing practices. As of January 10, 2017, NIST and various industry partners under the direction of the Cybersecurity Enhancement Act of 2014 are in the process of coordinating and developing CSF version 1.1 to address and review gaps or weakness and to facilitate its usage (Cybersecurity Framework Draft Version 1.1,