NIST CSF

 

Hi Folks!

In today's post, I will be sharing some basic information related to NIST CSF (Cyber Security Framework) given by NIST.

NIST CSF mainly consists of three components i.e. Framework core, Framework Implementation Tiers, and Framework Profile.

Now I will be explaining them one by one. So, starting with Framework core-

Core contains five functions/tenets of NIST CSF which are Identify, Protect, Detect, Respond, and Recover.

In each tenet, there are some of the categories listed with them and in all of them, there are subcategories as well. 

I will go by explaining all tenet's work and their categories/sub-categories.

For e.g. Identify - This function is all about managing cybersecurity risk associated with IT Systems, assets, data, and other capabilities.

Protect - This function tells us about safeguards/controls that we can put in place to ensure the delivery of critical INFRA services in any org.

Detect -This function will help us to identify any anomalies and cyber incidents in our tech space.

Respond - This function will ensure that we are ready to deal with any kind of cyber incidents and we have documented plans in place to respond to any realized threats, detected attacks and, events.

Recover - This is the last function of NIST CSF which will help us to make plans to restore or roll back to our normal business operations.

I am attaching an image that lists down all categories and sub-categories.

Note: All of these categories and sub-categories controls are made by taking some informative/authoritative references. 

Now we will move on to the second component of NIST CSF which is Framework Implementation Tiers.

So, these Implementation Tiers can be from Tier 1 to Tier 4. All Tier names and functions have been mentioned below in the image.

Moving to the last component of the NIST CSF which is Framework Profile. Profiles that we compare in this case are current vs target.

Current Profile simply has a security posture view that defines what safeguards we have in place and the maturity model currently we have achieved in our cyber security program.

Target Profile will have all needed requirements, controls and, a new maturity model level that we want to achieve in the future and some of the gaps that we want to mitigate by looking at them.

If you like the efforts that I have put to prepare this in a precise manner.

Don't forget to share, please.

Thank you all ;) We will meet soon with another post!