This NIST framework provides a list of standards and guidelines for information systems in operations, management, and technical domains. These guidelines are multi-tiered, classified into low, moderate, and high controls based on the risk impact. It also introduces baselines that can act as starting points for organizations to secure their information systems and infrastructure.