The U.S. National Institute of Standards and Technology published drafted guidance for businesses' cybersecurity programs. The guidance aims to help businesses develop cybersecurity programs that fit the needs of the organization while also navigating cyber risks.