NIST provides a stockpile of resources aimed at helping CISOs and security managers safeguard their technologies. Among them, the NIST Cybersecurity Framework and NIST Artificial Intelligence Risk Management Framework both focus on cybersecurity risks targeting AI systems. While they share some commonalities, they also have key differences.
Let’s take a look at each document and examine how to use NIST frameworks for AI.
What is the NIST CSF?
The NIST Cybersecurity Framework (CSF), previously known as the Framework for Improving Critical Infrastructure Cybersecurity, is the de facto standard for cybersecurity risk management. Originating from Executive Order 13636 in 2013, NIST collaboratively created the CSF as a clear and concise approach to organize and communicate cybersecurity risk to executive leadership.
Released in 2014, the initial iteration of the CSF was a flexible and repeatable tool to help organizations of all types and sizes manage cybersecurity using the following functions:
- Identify.
- Protect.
- Detect.
- Respond.
- Recover.
The CSF 2.0, updated in 2024, added a sixth function — govern — to the guide. The aim is to give organizations a way to set up governance,…
