Compliance with NIST’s security guidelines is voluntary, but can serve as a roadmap for organizations that want more protection against cyberattacks but aren’t sure how to go about it. Many of the standards are based on current best security practices.
Read more here:
http://www.cio.com/article/741838/US_NIST_Recommends_Ways_Businesses_Can_Improve_Cybersecurity