The Government Accountability Office has found that most organizations voluntarily agreed to adopt the National Institute of Standards and Technology's cybersecurity framework but their overseeing agencies are yet to develop ways to ensure NIST compliance.

This publication describes a voluntary risk management framework ("the Framework") that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework's prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.