The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity [PDF - 834 KB] (known as the NIST Cybersecurity Framework) organizes basic cybersecurity activities at their highest level, known as Functions.
These Functions are: Identify, Protect, Detect, Respond, and Recover. They aid an organization in managing cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and learning from previous activities.
Categories are subdivisions of a Function. They group cybersecurity outcomes closely tied to programmatic needs and particular activities.
Identify - Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
Categories - Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy.
Protect - Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
Categories - Access Control, Awareness & Training, Data Security, Info Protection & Procedures, Maintenance.
Detect - Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Categories - Anomalies & Events, Security Continuous Monitoring, Detection Process.
Respond - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Categories - Response Planning, Communications, Analysis, Mitigation, Improvements.
Recover - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Categories - Response Planning, Communications, Analysis, Mitigation, Improvements.
GSA provides access to products and services related to these CSF Functions and Categories through the following IT Security Subcategory related SINs:
Views: 1419