Skip to Content

Division of Information Technology

  • Circular diagram with NIST Framework in the center. The five steps include Identify, Protect, Detect, Respond, and Recover.

CyberSecurity Framework

Founded in 1901, NIST is an agency of the U.S. Department of Commerce. It advances measurement science, standards, and technology to improve our quality of life. NIST has provided important computer security guidance for many decades.

Why is the CSF Important?

The CSF (CyberSecurity Framework) makes cyber risk management easier so that you can take the right action right away. It also simplifies the language of cybersecurity so that everyone can understand--both inside and outside your organization.

What makes the CSF easy to use?

The Framework is organized using a simple structure containing five key functions - Identify, Protect, Detect, Respond, Recover. These five widely understood terms, when considered together, provide  a comprehensive view of the lifecycle for managing cybersecurity over time. The CSF outlines a series of action steps to guide organizations through the process of evaluating their security controls.

Identify

The identify function helps you to develop an overall risk management approach to cybersecurity. It helps you understand your critical set, business environment, governance model, and supply chain.

Protect

Protect helps you put important defensive controls in place based on your critical assets, risk tolerance, and other input from the Identify function. Protect highlights the importance of managing identities, securing access, protecting data, and training users.

Detect

When you are under attack, you may not always know right away. The Detect functions shortens the time to discovery by spotting anomalies, investigating events, continuously monitoring and other detection processes. 

Respond

When you know you are under attack, you must act fast. Respond helps you take the right action immediately through incident response planning, analysis, mitigation, communication, and ongoing improvement.

Recover

Once you have stopped the attack, you need to get back to normal. The Recover function helps you restore operations through recovery planning, continuous improvement, and communications

 


Challenge the conventional. Create the exceptional. No Limits.

©