NIST CSF process overview
The NIST CSF navigation structure facilitates the management of the NIST cybersecurity through activities of identification and prioritization, as described in the NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1 and version 2.0 special publications.
NIST CSF process overview
- The risk executives and/or the security officers identify categories and subcategories as cybersecurity policies.
- The risk executives and/or the security officers prioritize cybersecurity activities.
- Monitor the NIST CSF Overview dashboard
Roles and permissions in the NIST CSF application
To effectively manage the tasks within the NIST CSF application, specific roles are assigned to key stakeholders:
- Risk Executives are assigned the role: sn_irm_nist_csf.risk_executive
- Security Officers are assigned the role: sn_irm_nist_csf.security_officer
These roles enable users to perform the following critical activities:
- Identify categories and subcategories as cybersecurity policies
- Create and manage cybersecurity activities
- Generate and orient target profiles
- Conduct gap analysis to assess alignment with desired outcomes
Note:
To create and manage controls, users must have the sn_compliance.user role or a higher-level compliance role.