Identify the framework core
Within the NIST CSF application, the Framework Core section is used to identify categories and subcategories as cybersecurity policies and their statement policies.
The application uses categories to define cybersecurity activities for targets and uses subcategories to evaluate cybersecurity requirements to provide additional details on compliance.
With NIST CSF guidance, the
application groups categories and subcategories into functions and represent them as activities.
The NIST CSF uses the following five
modules to designate individual functions:
- Identify
- Protect
- Detect
- Respond
- Recover
- Govern
Each module points to a grouping of policy and control objectives that relates to that function.