National Institute of Standards and Technology: Difference between revisions
Line 29: | Line 29: | ||
[[File:Coreofframework.png|right|Framework Core (Image from NIST)]]The resulting Cybersecurity Framework consists of voluntary standards, guidelines, and practices for promoting critical infrastructure protection. The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref> | [[File:Coreofframework.png|right|Framework Core (Image from NIST)]]The resulting Cybersecurity Framework consists of voluntary standards, guidelines, and practices for promoting critical infrastructure protection. The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref> | ||
======Core====== | ======Core====== | ||
The | The core is a set of desired cybersecurity activities and outcomes organized into Categories and aligned to Informative References. | ||
======Tiers====== | ======Tiers====== | ||
The tiers do not describe maturity levels; rather, they describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. It is up to each organization to decide its target tier. The Tiers range from "partial" to "adaptive," reflecting an increasing degree of rigor, integration among cybersecurity risk decisions, and information sharing between the organization and external parties.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref> | The tiers do not describe maturity levels; rather, they describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. It is up to each organization to decide its target tier. The Tiers range from "partial" to "adaptive," reflecting an increasing degree of rigor, integration among cybersecurity risk decisions, and information sharing between the organization and external parties.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref> |