All US federal agencies must follow NIST Cybersecurity Framework according to executive order 13800, while the private sector and enterprises are recommended to follow it. The Cybersecurity Frameworks is also considered a roadmap for organizations developing their cybersecurity practices, as well as a guide for SMB companies.
The Cybersecurity Framework is highly recommended to all organizations, no matter size, cybersecurity risk, and security team size. The Cybersecurity Framework focuses on affordable ways for you to protect your organization–ways that are working in the global industry today.
Complying with the Cybersecurity Framework and SP 800-53 will help your organization to be compliant with other government regulations–HIPAA, PCI DSS, or GDPR.
As the Cybersecurity Framework is based on global recognized “best standards”, the framework applies to organizations beyond US Federal and the United States.