NIST Cybersecurity Framework 2.0 Foundation

Explore the CIA triad: confidentiality, integrity, and availability, and learn how these security goals protect information from unauthorized access, ensure accuracy, and keep data accessible on demand.

Explore authenticity and non-repudiation as additions to the CIA triad, supported by digital signatures that verify sender identity and data integrity within an asymmetric cryptography framework.

Explore the NIST cybersecurity framework 2.0 and its core functions governance, identify, protect, detect, respond, and recover, plus organizational profiles and tiers to tailor risk-based cybersecurity posture.

Navigate the CSF 2.0 resource center to access informative references, implementation examples, quick start guides, and profile templates that support achieving CSF outcomes.

Explore the CSF core structure, six functions, 22 categories, and 106 subcategories, and see how governance, identify, protect, detect, respond, and recover drive desirable cybersecurity outcomes.

Identify function helps understand and manage cybersecurity risks by asset management, risk assessments, and improvement. It emphasizes inventories, data flows, threat intelligence, vulnerabilities, and ongoing risk management improvement.

Explore the protect (PR) function of the NIST Cybersecurity Framework 2.0, including five categories and 22 subcategories that secure identities, data, platforms, and technology infrastructure resilience.

Identify cybersecurity events quickly by continuously monitoring networks, physical environments, personnel activity, external providers, and computing resources, then analyze adverse events through correlation and incident declaration to guide response.

Examine the recover function of the NIST CSF 2.0, focusing on incident recovery plan execution, incident recovery communication, restoration prioritization, and verification of restored assets.

Explore how organizational profiles steer risk-based cybersecurity improvements within the CSF core, comparing current and target profiles to identify gaps and implement a five-step, continuous improvement process.

Define the scope to shape an organizational profile by assessing organizational, physical, and technological scopes, guiding focused cybersecurity efforts and the applicability of KSF outcomes.

Create the organizational profile by selecting CSF outcomes within the defined scope, documenting current and target states, and prioritizing actions to close gaps for the NIST CSF 2.0 foundation.

Explore tier one of the NIST CSF 2.0, where practices are informal and reactive, with ad hoc risk management and limited awareness, often post-incident, supplier risk remains unclear.

Tier two aligns cybersecurity with business objectives and threats, with leadership-approved risk management that lacks cross-organization consistency, informal information sharing, and incomplete organization-wide strategy and supplier risk monitoring.