• Skip to primary navigation
  • Skip to main content
  • Skip to footer

  • Compliance
    • CMMC/NIST 800-171 Virtual Classroom
    • Consulting
    • Compliance Software
  • Consulting
    • Cyber Risk Assessment
    • Security Controls Assessment
    • Supply Chain Security
    • Cybersecurity Policy Development
      • System Security Plan
      • Plan of Action and Milestones
      • Acceptable Use Policy
      • Incident Response Plan
    • ICS/SCADA Services
    • Penetration Testing
    • Vulnerability Scanning
  • Industries
    • DoD Contractors
    • Health Care (HIPAA)
    • Higher Education
    • Utilities/Critical Infrastructure
    • Local and Federal Government
  • Trainings
    • CMMC / NIST 800-171 Virtual Classroom
    • Totem Town Hall
    • DFARS Cybersecurity E-Book
    • Cybersecurity Awareness
    • IT Administrators
    • Resources
      • Acronyms
      • Glossary
  • Pricing
  • About
    • Team
    • Partners
    • Clients
    • Careers
  • Blog
  • Contact
Request a Quote

NIST Cybersecurity Framework

You are here: Home / Glossary / NIST Cybersecurity Framework

April 1, 2021 by Zoie Schiermeyer

The NIST Cybersecurity Framework (CSF) is a voluntary set of cybersecurity guidelines an organization can follow to better manage and reduce cybersecurity risk. The Framework is only guidance; it is not a checklist or a list of required controls like those in NIST SP 800-171. It should be customized by different sectors and individual organizations to best suit their risks, situations, and needs. Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances – and how they implement the practices in the Framework to achieve positive outcomes will vary. The Framework should not be implemented as an un-customized checklist or a one-size-fits-all approach for all critical infrastructure organizations. The Framework was developed in response to Presidential Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which was issued in 2013. This EO outlines responsibilities for Federal Departments and Agencies to aid in improving the cybersecurity of Critical Infrastructure, such as the electrical grid, water treatment plants, transportation, and internet backbone providers. The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles. The Framework Core provides a set of desired cybersecurity activities and outcomes using common language that is easy to understand. The Core guides organizations in managing and reducing their cybersecurity risks in a way that complements an organization’s existing cybersecurity and risk management processes. The Framework Implementation Tiers assist organizations by providing context on how an organization views cybersecurity risk management. The Tiers guide organizations to consider the appropriate level of rigor for their cybersecurity program and are often used as a communication tool to discuss risk appetite, mission priority, and budget. Framework Profiles are an organization’s unique alignment of their organizational requirements and objectives, risk appetite, and resources against the desired outcomes of the Framework Core. Profiles are primarily used to identify and prioritize opportunities for improving cybersecurity at an organization.

Footer

Totem Cybersecurity

Simplifying your cybersecurity through consulting, compliance training, cybersecurity compliance software, and other cybersecurity services.

(855) 405-4075

[email protected]

Cybersecurity Services

  • Consulting
  • Cybersecurity Training
  • Compliance Software
  • Industries Served
  • Pricing

Cybersecurity Compliance

  • DoD Contractors
  • CMMC
  • NIST 800 171
  • HIPAA Security Rule
  • Colleges and Universities

Newsletter

Copyright © 2021  Haight Bey & Associates LLC DBA Totem Technologies. All rights reserved. Return to top

Cybersecurity Compliance from Totem