CyberSecurity Functions and Categories

The NIST CyberSecurity Framework includes a breakdown of key cybersecurity functions and categories. These critical cybersecurity functions and categories are defined in the Framework Core, providing a common point of reference for measurement and analysis of an organization’s risk management posture vs best practices defined within a specific cybersecurity standard (e.g. NIST 800-171) or industry guideline (e.g. Manufacturing Profile).

Core functions defined in the NIST CyberSecurity Framework describe the high-level, strategic view of an organization’s approach to cybersecurity management. Core categories (and subcategories) break each function into manageable components that are more easily aligned with the metrics used to assess the organization’s cybersecurity risk management efforts. Taken together, this standardized alignment of cybersecurity functions and categories establishes a consistent benchmark for measuring progress from the current (As Is) situation to the desired (To Be) objective.

Five key functions are included in the NIST CyberSecurity Framework:

  • Identify: The activities in the Identify function define the resources that support critical business functions and help focus/prioritize the organization’s risk management strategy.
  • Protect: Activities defined in the Protect function support an organization’s ability to limit or contain the impact of a potential cybersecurity event.
  • Detect: Activities in the Detect function enable timely discovery of common cybersecurity events and anomalies, facilitating implementation of an effective response.
  • Respond: Activities in the Respond function prepare the organization for rapid, effective action after a cybersecurity event has occurred.
  • Recover: Activities in the Recover function support timely recovery to normal operations.

CyberSecurity Functions and Categories Define Benchmarking/Improvement Activities

CyberSecurity functions and categories structure the activities defined by an organization as critical to its risk mitigation and response efforts. Categories and subcategories are tailored to the specific requirements of each organization. The table below provides an example of a typical function/category breakdown:

CyberSecurity Functions and Categories

The following links provide additional background information: