NIST CSF was developed by the National Institute of Standards and Technology under the Cybersecurity Enhancement Act and Executive Order EO13636 "Improving Critical Infrastructure Cybersecurity". It is a framework that focuses on the use of business drivers to guide cybersecurity activities and consider cybersecurity risk as a part of an organization's risk management process. It enables organizations to address and manage cybersecurity risks in a cost-effective manner based on business and organizational needs. The NIST CSF helps organizations align and prioritize their cybersecurity activities based on their business requirements, risk tolerance, and resources, and organizations can improve security and resilience by applying the framework's risk management principles and best practices.
NIST CSF consists of core requirements, implementation maturity, and practice guidelines, and covers identification, protection, detection, response, and recovery of security events, helping organizations establish, assess, and continuously improve their response to cybersecurity risks. The NIST CSF attestation certified by the third-party organization is not only an affirmation of the capability of Tencent Cloud's network security defense system, but also shows that Tencent Cloud can effectively identify, resist, respond to and deal with security risks and protect customers' cloud assets and data, which enhances customers' confidence in the security and stability of Tencent Cloud.