Cybersecurity Framework
NIST's voluntary framework for managing cybersecurity risk, organized around core functions that version 2.0 defines as Govern, Identify, Protect, Detect, Respond, and Recover. It gives organizations of any size a common language for describing their security posture and target state. It is one of the most widely adopted frameworks in the world despite not being a law or regulation.