The National Institute for Standards and Technology (NIST) Framework for Critical Infrastructure Cybersecurity (also referred to as the NIST Cybersecurity Framework or “NIST CSF”) describes the standing of an organization’s information security program using a Framework Core, Implementation Tiers, and Framework Profiles. The NIST CSF’s Framework is flexible enough to be applied in various other contexts and across a wide array of industries.
The intent of the NIST CSF Framework is to provide “a common taxonomy and mechanism for organizations” to:
The NIST CSF is organized into five core Functions also known as the Framework Core. The functions are organized concurrently with one another to represent a security lifecycle. Each function is essential to a well-operating security posture and successful management of cybersecurity risk. Definitions for each Function are as follows:
The NIST CSF Tiers represent how well an organization views cybersecurity risk and the processes in place to mitigate risks. This helps provide organizations a benchmark on how their current operations.
You can use the NIST CSF to benchmark your current risk posture. Going through each category and subcategories in the core function can help you determine where you stand on the NIST CSF Tier scale.
Do you still have questions regarding NIST CSF? Our compliance professionals can help you to understand and comply with the NIST Cyber Security Framework, regardless of complexity.Contact Us Today