A principal component of the NIST Cybersecurity Framework is the Framework Core, depicted in the figure below, which provides the overarching structure for the assignment of cybersecurity activities that support specific cybersecurity outcomes.
Figure 22. NIST Cybersecurity Framework Structure
The Framework Core is comprised of four elements:160
- “Functions organize basic cybersecurity activities at their highest level and help organizations manage cybersecurity risk.
- “Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
- “The activities in the Identify Function are foundational for effective use of the Framework.
- “Examples of outcome Categories within this Function include Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.
- “Protect – Develop and implement appropriate safeguards to ensure delivery of critical services.
- “The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.
- “Examples of outcome Categories within this Function include Identity Management and Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.
- “Detect – Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
- “The Detect Function enables timely discovery of cybersecurity events.
- “Examples of outcome Categories within this Function include Anomalies and Events; Security Continuous Monitoring; and Detection Processes.
- “Respond – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
- “The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.
- “Examples of outcome Categories within this Function include Response Planning; Communications; Analysis; Mitigation; and Improvements.
- “Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
- “The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.
- “Examples of outcome Categories within this Function include Recovery Planning; Improvements; and Communications.
- “Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
- “Categories subdivide Functions into groups of cybersecurity outcomes that are topical in nature.
- “Sub-Categories further subdivide Categories into specific cybersecurity outcomes.
- “Informative References are standards, frameworks, guidelines, and best practices that support the outcomes specified by each Sub-category.”161,162
160 Ibid.
161 Ibid., pp. 7 – 9.
162 Emphasis and bulletized structure added.