NIST Cybersecurity Framework

  1. Framework Profiles
    1. Profile Concept and Purpose
      1. Business Requirement Alignment
        1. Risk Assessment Support
          1. Activity Prioritization
            1. Communication Facilitation
              1. Progress Measurement
              2. Current Profile Development
                1. Current State Assessment
                  1. Existing control inventory
                    1. Process documentation
                      1. Capability evaluation
                        1. Gap identification
                        2. Self-Assessment Methodology
                          1. Assessment criteria
                            1. Evaluation procedures
                              1. Evidence collection
                                1. Validation processes
                                2. Control and Practice Documentation
                                  1. Implementation status
                                    1. Effectiveness evaluation
                                      1. Resource allocation
                                        1. Performance metrics
                                        2. Baseline Establishment
                                          1. Current capability level
                                            1. Performance benchmarks
                                              1. Improvement opportunities
                                                1. Resource requirements
                                              2. Target Profile Creation
                                                1. Desired Outcome Definition
                                                  1. Business objective alignment
                                                    1. Risk tolerance consideration
                                                      1. Regulatory requirement integration
                                                        1. Stakeholder expectation management
                                                        2. Goal Setting Process
                                                          1. Specific objective definition
                                                            1. Measurable outcome identification
                                                              1. Achievable target establishment
                                                                1. Timeline development
                                                                2. Risk Appetite Alignment
                                                                  1. Risk tolerance integration
                                                                    1. Business impact consideration
                                                                      1. Resource constraint evaluation
                                                                        1. Priority balancing
                                                                        2. Organizational Integration
                                                                          1. Strategic plan alignment
                                                                            1. Business process integration
                                                                              1. Cultural consideration
                                                                                1. Change management
                                                                              2. Profile Utilization for Improvement
                                                                                1. Gap Analysis Methodology
                                                                                  1. Current versus target comparison
                                                                                    1. Priority gap identification
                                                                                      1. Resource requirement analysis
                                                                                        1. Implementation planning
                                                                                        2. Action Plan Development
                                                                                          1. Priority-based planning
                                                                                            1. Resource allocation
                                                                                              1. Timeline establishment
                                                                                                1. Responsibility assignment
                                                                                                2. Progress Measurement Systems
                                                                                                  1. Metric development
                                                                                                    1. Monitoring procedures
                                                                                                      1. Reporting mechanisms
                                                                                                        1. Performance evaluation
                                                                                                        2. Remediation Tracking
                                                                                                          1. Implementation monitoring
                                                                                                            1. Milestone tracking
                                                                                                              1. Issue identification
                                                                                                                1. Corrective action
                                                                                                                2. Profile Evolution Management
                                                                                                                  1. Regular review cycles
                                                                                                                    1. Update procedures
                                                                                                                      1. Change management
                                                                                                                        1. Stakeholder communication

                                                                                                                    Previous

                                                                                                                    4. Framework Implementation Tiers

                                                                                                                    Go to top

                                                                                                                    Next

                                                                                                                    6. Framework Implementation Methodology