NIST-CSF Fundamentals Flashcards
What are the Framework Tiers?
Tier 1: Partial
Tier 2: Risk Informed
Tier 3: Repeatable
Tier 4: Adaptive
What are the Framework Functions?
Identify Protect Detect Respond Recover
What categories form the Identify function?
Asset Management (ID.AM) Business Environment (ID.BE) Governance (ID.GV) Risk Assessment (ID.RA) Risk Management (ID.RM) Supply Chain (ID.SP)
What categories form the Protect function?
Access Control (PR.AC) Awareness and Training (PR.AT) Data Security (PR.DS) Information Protection Procedures (PR.IP) Maintenance (PR.MA) Protective Technology (PR.PT)
What categories form the Detect function?
Anomalies and Events (DE.AE)
Security Continuous Monitoring (DE.CM)
Detection Processes (DE.DP)
What categories form the Respond function?
Response Planning (RS.RP) Communications (RS.CO) Analysis (RS.AN) Mitigation (RS.MI) Improvements (RS.IM)
What categories form the Recover function?
Recovery Planning (RC.RP)
Improvements (RC.IM)
Communications (RC.CO)
What are the framework components?
Framework Core - Functions, Categories, Sub-categories
Framework Tiers - Partial, Risk Informed, Repeatable, Adaptive
Framework Profile - Current Profile, Improvement Opportunity, Target Profile