NIST-CSF Fundamentals

Question 1

What are the Framework Tiers?

Answer 1

Tier 1: Partial
Tier 2: Risk Informed
Tier 3: Repeatable
Tier 4: Adaptive

Question 2

What are the Framework Functions?

Answer 2

Identify
Protect
Detect
Respond
Recover

Question 3

What categories form the Identify function?

Answer 3

Asset Management (ID.AM)
Business Environment (ID.BE)
Governance (ID.GV)
Risk Assessment (ID.RA)
Risk Management (ID.RM)
Supply Chain (ID.SP)

Question 4

What categories form the Protect function?

Answer 4

Access Control (PR.AC)
Awareness and Training (PR.AT)
Data Security (PR.DS)
Information Protection Procedures (PR.IP)
Maintenance (PR.MA)
Protective Technology (PR.PT)

Question 5

What categories form the Detect function?

Answer 5

Anomalies and Events (DE.AE)
Security Continuous Monitoring (DE.CM)
Detection Processes (DE.DP)

Question 6

What categories form the Respond function?

Answer 6

Response Planning (RS.RP)
Communications (RS.CO)
Analysis (RS.AN)
Mitigation (RS.MI)
Improvements (RS.IM)

Question 7

What categories form the Recover function?

Answer 7

Recovery Planning (RC.RP)
Improvements (RC.IM)
Communications (RC.CO)

Question 8

What are the framework components?

Answer 8

Framework Core - Functions, Categories, Sub-categories
Framework Tiers - Partial, Risk Informed, Repeatable, Adaptive
Framework Profile - Current Profile, Improvement Opportunity, Target Profile