14,952
edits
Changes
Jump to navigation
Jump to search
Line 31:
Line 31: − + + +
National Institute of Standards and Technology (view source)
Revision as of 17:59, 19 July 2021
, 3 years ago→Tiers
The Core is a set of desired cybersecurity activities and outcomes organized into Categories and aligned to Informative References.
The Core is a set of desired cybersecurity activities and outcomes organized into Categories and aligned to Informative References.
======Tiers======
======Tiers======
The tiers do not describe maturity levels; rather, they describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. It is up to each organization to decide its target tier. The Tiers range from "partial" to "adaptive," reflecting an increasing degree of rigor, integration among cybersecurity risk decisions, and information sharing the organization with external parties.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref>
The tiers do not describe maturity levels; rather, they describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. It is up to each organization to decide its target tier. The Tiers range from "partial" to "adaptive," reflecting an increasing degree of rigor, integration among cybersecurity risk decisions, and information sharing between the organization and external parties.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref>
======Profiles======
Profiles refer to the alignment between each organization's requirements and objectives, risk appetite, and resources and the desired outcomes of the Framework. The profile system is meant to help organizations identify opportunities for improving their cybersecurity posture by comparing their current profiles with their target profiles.
====C3====
====C3====