Who develops and publishes cybersecurity standards?

The organization that develops and publishes cybersecurity standards is the National Institute of Standards and Technology (NIST). NIST plays a crucial role in establishing guidelines and standards for managing cybersecurity risks, particularly through its Cybersecurity Framework, which provides organizations with a structured way to identify and mitigate cybersecurity threats. This framework is widely acknowledged and utilized across various sectors, including federal agencies, private businesses, and international partners.

Other organizations, such as the Department of Justice and the Department of Homeland Security, may be involved in enforcing or supporting cybersecurity policies and regulations, but they do not specifically develop the technical standards. The Department of Commerce has an interest in technology and economic policies, but again, it does not focus on creating cybersecurity standards in the way that NIST does. Therefore, NIST is the recognized authority in this field.