The National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce, developed this Cybersecurity Framework to provide a policy framework for private sector organisations. The framework helps assess and improve their ability to prevent, detect, and respond to cyber-attacks.