The NIST Cybersecurity Framework is a a set of guidelines and practices and set standards developed by NIST to help manage and reduce cybersecurity risks. The NIST CSF can help organizations in many ways such as learning common cybersecurity terms and language, risk based approach, adaptability to the industry of the organization, and overall improvement to the cybersecurity controls of a organization. Some of the language that organizations can learn form the NIST CSF are standardized practices to describe, manage, and communicate cybersecurity risks across any level of an organization. By adapting a risk based approach in an organization it allows for the entity to assess, identify, and prioritize certain cybersecurity practices based on level of severity, risk tolerance, etc. NIST also makes sure to allow flexibility in their standard practices by being able to adapt the framework to a organization no matter the size, whether its a small business or even the government all entities are adaptable to these practices. The NIST CSF is a always adapting, proactive and reactive set of guidelines that are updating as new cybersecurity threats enter the IT and business realm. My current position at my workplace is focused on ensuring my organization will be certified with the DOD’s CMMC (Cybersecurity Maturity Model Certification) to allow for future government contracts. The CMMC is 100% based on a set of 17 practices made by the NIST CSF. These practices laid out in the CMMC certification cover cybersecurity protections that limit system access to authorized users, requiring identification and authentication, protecting data at rest and in transit, updating or patching systems, and adding physical safeguards to these systems. The NIST allows for not only protection on a user based level but on a network or even as stated before a physical security level such as locked doors, physical security or even access control vestibules.