Align and prioritize cybersecurity activities

Release version: Australia

Updated March 12, 2026

1 minute to read

Within the NIST CSF application, the Framework Profiling section is used to help an organization to align and prioritize its cybersecurity activities with its requirements, risk tolerances, and resources.

First, a target is created from a entity or entity type. The application flow begins at Orient Targets. The user locates a target and sets it up for use with NIST CSF providing basic information. Next, the user identifies if the target is critical and establishes a tier for the target per NIST guidelines.

Note:

NIST recommends focusing on critical targets for prioritizing the Cybersecurity risks.

Next, users log their cybersecurity activities. The activities require users to identify targets, functions, and categories that are associated with it.

Note:

These activities are uniquely created to avoid creating duplicate activities for the same targets.

As the activities are created, users then determine the implementation state of these activities.

Next, users perform gap analysis on the cybersecurity activities. The analysis gives a detailed insight into the security position and evaluates the target for a specific cybersecurity activity.

The ServiceNow® GRC suite of applications play a crucial role in tracking the data that enables these metrics. The NIST CSF application is designed to provide the Cybersecurity framework, but it is completely enabled by the ServiceNow® GRC product.