NIST CSF

The NIST Cybersecurity Framework (CSF) is a voluntary, risk-based set of cyber outcomes published by the US National Institute of Standards and Technology, first released in 2014 and updated to version 2.0 in February 2024. It organizes activity into core functions: Govern, Identify, Protect, Detect, Respond, and Recover (the Govern function was added in 2.0). Shipping operators and class societies use it as the baseline structure for vessel and shore cyber programs, mapping its outcomes onto IMO Resolution MSC.428(98) and the BIMCO guidelines, which themselves cite the framework.