News Room

The NIST CSF provides a 7-step approach for the implementation and improvement of their cybersecurity posture utilizing the NIST CSF.

The 7-steps include:

Step 1

Prioritize and Scope. The organization identifies its business/mission objectives and high-level organizational priorities.

Step 2

Orient. The organization identifies related systems and assets, regulatory requirements, and overall risk approach and then identifies threats to, and vulnerabilities of, those systems and assets.

Step 3

Create a Current Profile. The organization develops a Current Profile by indicating which Category and Subcategory outcomes from the Framework Core are currently being achieved.

Step 4

Conduct a Risk Assessment. The organization analyzes the operational environment in order to discern the likelihood of a cybersecurity event and the impact that the event could have on the organization.

Step 5

Create a Target Profile. The organization creates a Target Profile that focuses on the assessment of the Framework Categories and Subcategories describing the organization’s desired cybersecurity outcomes.

Step 6

Determine, Analyze, and Prioritize Gaps. The organization compares the Current Profile and the Target Profile to determine gaps. Next, it creates a prioritized action plan to address those gaps that draw upon mission drivers, a cost/benefit analysis, and understanding of risk to achieve the outcomes in the Target Profile.

Step 7

Implement Action Plan. The organization determines which actions to take in regards to the gaps, if any, identified in the previous step.

NIST Cybersecurity Framework Training