Voluntary US framework organizing cybersecurity activity into outcomes across Govern, Identify, Protect, Detect, Respond, and Recover.