The NIST Cybersecurity Framework is a set of guidelines, standards, and best practices to manage cybersecurity risk, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices. It is a voluntary framework that helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The framework consists of five core functions: Identify, Protect, Detect, Respond, and Recover, which are subdivided into a total of 23 categories and 108 subcategories of cybersecurity outcomes and security controls. The NIST Cybersecurity Framework is designed to be a living document, meaning it will be updated and improved over time to keep up with changes in technology and cybersecurity threats, as well as to integrate best-practices and lessons learned. The framework is widely considered to be the gold-standard for building a cybersecurity program. While the framework is designed for individual businesses and other organizations to assess risks they face, it has been criticized for being too complex and costly, resulting in bills from both houses of Congress that direct NIST to create Cybersecurity Framework guides that are more accessible to small and medium businesses.