The NIST Cybersecurity Framework (CSF) was published in 2018, for the benefit of private and public sector organizations. It has been widely adopted as a structure for assessing and improving the ability to prevent, detect and respond to cyber incidents.
The Framework Core sets out the following recommended cybersecurity functions:
Identify assets, roles, responsibilities and current risks
Protect by adopting appropriate safeguards
Detect threats by adopting appropriate measures and solutions
Respond to threats with a pre-prepared plan and learn from incidents
Recover from any threat with a pre-prepared recovery plan
A Framework Profile represents how these are being applied by an organization, when broken down into smaller categories. Implementation Tiers also help measure how the framework is being applied.
Although implementation is currently voluntary, this framework is based on well-known standards, and represents the current best practices in cyber security. The NIST CSF is the primary risk framework used in the CyGov platform today, and the organizational risk score is created based on this framework using a proprietary weighting and grading algorithm.