14,952
edits
Changes
Jump to navigation
Jump to search
Line 29:
Line 29: − + +
National Institute of Standards and Technology (view source)
Revision as of 18:00, 19 July 2021
, 3 years ago→Core
[[File:Coreofframework.png|right|Framework Core (Image from NIST)]]The resulting Cybersecurity Framework consists of voluntary standards, guidelines, and practices for promoting critical infrastructure protection. The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref>
[[File:Coreofframework.png|right|Framework Core (Image from NIST)]]The resulting Cybersecurity Framework consists of voluntary standards, guidelines, and practices for promoting critical infrastructure protection. The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref>
======Core======
======Core======
The Core is a set of desired cybersecurity activities and outcomes organized into Categories and aligned to Informative References.
The core is a set of desired cybersecurity activities and outcomes organized into Categories and aligned to Informative References.
======Tiers======
======Tiers======
The tiers do not describe maturity levels; rather, they describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. It is up to each organization to decide its target tier. The Tiers range from "partial" to "adaptive," reflecting an increasing degree of rigor, integration among cybersecurity risk decisions, and information sharing between the organization and external parties.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref>
The tiers do not describe maturity levels; rather, they describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. It is up to each organization to decide its target tier. The Tiers range from "partial" to "adaptive," reflecting an increasing degree of rigor, integration among cybersecurity risk decisions, and information sharing between the organization and external parties.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref>