Views: 26
NIST Functions
- Identify – Understand what you have and includes activities such as asset management, governance, risk assessment.
- Protect – Build safeguards and controls to protect what is important to you.
- Detect – Implement capabilities to identify security events and incidents.
- Respond – When an incident happens, be ready to respond, have appropriate processes, training and tools.
- Recover – Ensure resilience of your systems in the face of incidents and build capability to quickly recover from the impact of these incidents.
Framework Core
The Core consists of three parts: Functions, Categories, and Subcategories. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover. These 5 functions are not only applicable to cybersecurity risk management, but also to risk management at large. The next level down is the 23 Categories that are split across the five Functions.
Subcategories are the deepest level of abstraction in the Core. There are 108 Subcategories, which are outcome-driven statements that provide considerations for creating or improving a cybersecurity program. Because the Framework is outcome driven and does not mandate how an organization must achieve those outcomes, it enables risk-based implementations that are customized to the organization’s needs.
The five Subcategories pictured from the Business Environment Category (ID.BE) provide an example of the outcome focused statements that are found throughout the core. The column to the right, Informative References support the Core by providing broad references that are more technical than the Framework itself. Organizations may wish to use some, none, or all of these references to inform the activities to undertake to achieve the outcome described in the Subcategory.