The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a set of guidelines and best practices to manage and reduce cybersecurity risks to organizations. This framework is applicable to all types of organizations regardless of size, sector, or geographic location.

Overview

The NIST Cybersecurity Framework consists of three main components:

  • Core Functions: These are the essential functions for managing cybersecurity risk. They include Identify, Protect, Detect, Respond, and Recover.
  • Implementation Tiers: These describe an organization’s current state of cybersecurity risk management. The tiers range from Partial to Adaptive.
  • Profiles: These are descriptive representations of user’s goals and objectives for cybersecurity risk management. A profile can represent an organization’s current state or a desired future state.

Core Functions

The core functions of the NIST Cybersecurity Framework are as follows:

  • Identify: Understand the organization's cybersecurity risks to systems, assets, data, and capabilities.
  • Protect: Implement necessary organizational policies and procedures to manage cybersecurity risk.
  • Detect: Identify the occurrence of a cybersecurity event.
  • Respond: Take actions in response to a detected cybersecurity event.
  • Recover: Restore the capabilities or services affected by a cybersecurity event.

Implementation Tiers

The NIST Cybersecurity Framework provides four implementation tiers to describe an organization’s current state of cybersecurity risk management:

  • Partial: Limited implementation of cybersecurity risk management processes.
  • Elementary: Basic implementation of cybersecurity risk management processes.
  • Intermediate: Well-defined and organized implementation of cybersecurity risk management processes.
  • Adaptive: Advanced and dynamic implementation of cybersecurity risk management processes.

Profiles

A profile is a representation of an organization’s cybersecurity goals and objectives. It describes what cybersecurity outcomes an organization aims to achieve and what resources are required to achieve those outcomes. There are two types of profiles:

  • Current Profile: Describes the organization’s current state of cybersecurity.
  • Target Profile: Describes the organization’s desired future state of cybersecurity.

For more information on NIST Cybersecurity Framework, visit the official NIST website.

Additional Resources

[center] Cybersecurity Framework [/center]