The NIST framework
This framework is made up of three separate modules – Core, Tiers, and Profiles. The Core is made up of six functions that are used to reduce cybersecurity risk in an organization:
- Govern
- Identify
- Protect
- Detect
- Respond
- Recover
Each control is numbered so that we easily know how the controls align together. As an example, an inventory of physical devices would be ID.AM-01, software inventory would be ID.AM-02, and so on:
Function.Category-subcategory
ID.AM-01
We will discuss the individual controls further in later chapters; for now, let’s dive right into what each of the six functions means.
Govern
Govern is meant to establish governance throughout a cyber program. This is why the Govern function is at the center of all other functions. It is used to set a risk management strategy, policies, and standards, ensuring that these documents are well written and communicated. Govern is especially important...
