A cybersecurity framework provides a set of standard requirements for IT and security leaders to align their programs with to demonstrate a consistent way to establish, operate and measure security risk. The cybersecurity frameworks align to countries, regions, and industry specific perspectives so that a common language can be established for what practices are expected based on varying data and risk profiles. Typically, smaller organizations will align to a single framework, whereas larger more complex organizations will align to multiple frameworks to cover their products, data, and geographies.

The graphic below outlines the spectrum of typical cybersecurity frameworks and the coverage of the control requirements.

For more information on these frameworks;

• NIST CSF
• CMMC v2.0 (NIST 800-171)
• NIST 800-53
• ISO 27001 / ISO27002