In general, NIST recommendations outline the set of security controls for information systems at federal agencies. The government endorses these standards, and businesses adhere to them because they include security best practices measures across a wide range of sectors.