Skip to content
Home

Function (NIST CSF 2.0)

The NIST Cybersecurity Framework (CSF) 2.0 organizes cybersecurity activities into six high-level functions that guide organizations in managing and reducing cyber risk. Govern provides strategic oversight, policies, and accountability structures to integrate cybersecurity into organizational decision-making. Identify focuses on understanding assets, business environment, and risk landscape to prioritize protective efforts. Protect involves implementing safeguards such as access controls, encryption, and secure configurations to prevent or limit the impact of cyber events. Detect emphasizes timely discovery of anomalies and potential incidents through monitoring and threat intelligence. Respond outlines processes for containing, mitigating, and communicating during incidents to minimize damage. Finally, Recover addresses restoring capabilities and services after an event to maintain business continuity. Together, these six functions provide a comprehensive, flexible, and risk-based approach to cybersecurity management.

NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286 Rev. 1, Integrating Cybersecurity and Enterprise Risk Management (ERM), provides a strategic framework for bridging the gap between technical security operations and high-level business decision-making. It emphasizes… Read More »NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile

The NIST Cyber AI Profile offers a structured approach to integrating AI into cybersecurity operations. It provides guidance on leveraging AI for threat detection, risk assessment, and automated response while… Read More »NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile

NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

NIST IR 8286A Rev. 1, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, serves as a specialized companion to the main framework by providing deep-dive methodologies for the initial… Read More »NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology

The CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology provide a comprehensive framework to help critical infrastructure owners and operators securely integrate AI into their OT… Read More »CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology

NIST IR 8349 Methodology for Characterizing Network Behavior of Internet of Things Devices

NIST Internal Report (IR) 8349, titled “Methodology for Characterizing Network Behavior of Internet of Things Devices,” outlines a comprehensive approach to capturing, documenting, and analyzing the network communication behaviors of… Read More »NIST IR 8349 Methodology for Characterizing Network Behavior of Internet of Things Devices

CISA Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators

The CISA guidance titled “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators” provides operational technology (OT) owners and operators across critical infrastructure sectors with practical, step-by-step recommendations… Read More »CISA Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators