CISA helps organizations use the Cybersecurity Framework to improve cyber resilience. To learn more about the Framework or to download a copy, visit http://www.nist.gov/cyberframework. Additionally, visit the links to below for the Microlearn series with Dr. Ron Ross of the National Institute of Standards and Technology in which he discusses Enterprise
Risk Management (as it relates to critical information systems), other frameworks, and implementation considerations. CISA connects organizations with public and private sector resources that align to the Framework’s five Function Areas: Identify, Protect, Detect, Respond, and Recover. This page explains the Framework Function Areas and provides links to Cybersecurity Framework sector-specific guidance. On This
Page: Cybersecurity Framework Function AreasIdentify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The
Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications. Cybersecurity Framework GuidanceSector-specific guidance has been completed by all six critical infrastructure sectors for which the Department of Homeland Security, Office of Infrastructure Protection is the Sector-Specific Agency (SSA): Chemical, Commercial Facilities, Critical Manufacturing, Dams, Emergency Services, and Nuclear. Guidance is developed in close collaboration with the SSA, alongside the Sector Coordinating Councils (SCC) and Government Coordinating Councils (GCC), to provide a holistic view of a sector’s cybersecurity risk environment. Framework Guidance provides sector stakeholders with the ability to:
Chemical Framework Guidance
[pdf] Which NIST Cybersecurity Framework core function is concerned with the development and implementation?NIST CSF: Detect
The Detect function requires the development and implementation of the appropriate activities to recognize the occurrence of a cybersecurity event. "The Detect function enables the timely discovery of cybersecurity events.
What are the functions of the NIST Cybersecurity Framework?This learning module takes a deeper look at the Cybersecurity Framework's five Functions: Identify, Protect, Detect, Respond, and Recover.
Which function for NIST CSF framework core refers to develop and implement the appropriate safeguards to ensure delivery of services?The CSF is made up of the following five core functions: Identify, which refers to developing an understanding of how to manage cybersecurity risks to systems, assets, data or other sources. Protect, which refers to the safeguards put in place that ensure critical infrastructure services are delivered.
What are the three categories of the Detect de function of the NIST Cybersecurity Framework?The National Institute of Standards and Technology (NIST) Cybersecurity Framework has been touted as a gold-standard framework for managing cybersecurity risk. The NIST CSF is composed of three main elements: The Framework Core, Profiles, and Implementation Tiers.
Which are the five phases for the cyber resilience lifecycle based in NIST CSF?It consists of five concurrent and continuous Functions: Identify, Protect, Detect, Respond and Recover.
What is the de function in the National Institute of Standards Technology NIST Cybersecurity Framework?Security Continuous Monitoring (DE.CM): The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
|