NIST Cybersecurity Framework
Akanksha Singh
Your Cyber Coach I Director - Cyber Security Compliance and Governance I CISM I CISA I S&P Global
Overview :
The Framework provides a common taxonomy and mechanism for organizations to:
1) Describe their current cybersecurity posture;
2) Describe their target state for cybersecurity;
3) Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process;
4) Assess progress toward the target state;
5) Communicate among internal and external stakeholders about cybersecurity risk.
Three Primary Components
Core : A set of Desired cybersecurity outcomes organized in a hierarchy and aligned to more detailed guidance and controls
Profiles : Alignment of an organization’s requirements and objectives, risk appetite and resources using the desired outcomes of the Framework Core
Implementation Tiers : A qualitative measure of organizational cybersecurity risk management practices
The Framework Core –Functions and Categories
Framework Profile :
?The Framework Profile (“Profile”) is the alignment of the Functions, Categories, and Subcategories with the business requirements, risk tolerance, and resources of the organization.
?Framework Profiles can be used to describe the current state or the desired target state of specific cybersecurity activities.
?The Current Profile indicates the cybersecurity outcomes that are currently being achieved.
?The Target Profile indicates the outcomes needed to achieve the desired cybersecurity risk management goals.
?Profiles support business/mission requirements and aid in communicating risk within and between organizations.
Implementation Tiers