We have entered the era of multiple security frameworks. Sometimes mandatory, often voluntary, security frameworks are created to provide federal and commercial organizations with an effective roadmap for securing IT systems. The goal is to reduce risk levels and prevent or mitigate cyber-attacks.
To accomplish this task, security frameworks typically provide a series of documented, agreed and understood policies, procedures, and processes necessary to secure the confidentiality, integrity and availability of information systems and data.
In the United States, the overarching framework is the National Institute of Standards and Technology (NIST) Cyber Security Framework. As part of the Department of Commerce, NIST is responsible for developing technical standards and guidelines for information security, among other things. Although the NIST standards apply to U.S. federal agencies and critical infrastructure, it is also widely used throughout the private sector.