Skip to content
    Home / Function (NIST CSF 2.0)

    Function (NIST CSF 2.0)

    The NIST Cybersecurity Framework (CSF) 2.0 organizes cybersecurity activities into six high-level functions that guide organizations in managing and reducing cyber risk. Govern provides strategic oversight, policies, and accountability structures to integrate cybersecurity into organizational decision-making. Identify focuses on understanding assets, business environment, and risk landscape to prioritize protective efforts. Protect involves implementing safeguards such as access controls, encryption, and secure configurations to prevent or limit the impact of cyber events. Detect emphasizes timely discovery of anomalies and potential incidents through monitoring and threat intelligence. Respond outlines processes for containing, mitigating, and communicating during incidents to minimize damage. Finally, Recover addresses restoring capabilities and services after an event to maintain business continuity. Together, these six functions provide a comprehensive, flexible, and risk-based approach to cybersecurity management.

    MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9

    The MITRE Common Attack Pattern Enumeration and Classification (CAPEC) is a publicly available, comprehensive catalog that documents and categorizes common attack patterns used by adversaries to exploit software and systems.… Read More »MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9

    NIST Federal Information Processing Standard (FIPS) Publication 140-3: Security Requirements for Cryptographic Modules

    FIPS 140-3 is a mandatory standard for federal agencies and a benchmark for the private sector that defines the security requirements for hardware and software cryptographic modules. It superseded FIPS… Read More »NIST Federal Information Processing Standard (FIPS) Publication 140-3: Security Requirements for Cryptographic Modules

    NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

    NIST Special Publication 800-37, Revision 2, titled “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy,” provides comprehensive guidelines for applying the… Read More »NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

    California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA)

    The CCPA/CPRA represents the most comprehensive data privacy framework in the United States, granting California residents extensive rights over their personal information, including the right to know, delete, correct, and… Read More »California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA)

    ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary

    The ISO 27000 standard provides an overview and introduction to the ISO 27000 family, which is a series of international standards focused on information security management systems (ISMS). These standards… Read More »ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary