What is the NIST Cybersecurity Framework (NCSF) and How Can It Help My Company?

The NCSF has three main components:

  1. The Framework Core describes “a set of desired cybersecurity activities and outcomes using common language that is easy to understand.”
  2. The Framework Implementation Tiers offer guidance to help organizations choose the appropriate level (tier) of rigor and maturity for their cybersecurity program, and serve as a foundational tool to discuss risk, risk appetite, mission priorities and budget issues.
  3. An organization’s Framework Profile describes its unique requirements, objectives, risk appetite and cybersecurity resources in relation to the “desired outcomes” described in the Framework Core. The purpose of a profile is to help companies identify and prioritize “opportunities for improvement,” aka vulnerabilities in their information security controls.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Pivot Point Security

Pivot Point Security

We are a trusted source of simple, practical, and actionable information security guidance.