# CSF

## Cybersecurity Framework (CSF) Summary

The Cybersecurity Framework (CSF) is a set of guidelines aimed at helping organizations better protect their critical infrastructure from cyber threats. Developed by the National Institute of Standards and Technology (NIST), this voluntary framework provides a flexible, risk-based approach to managing cybersecurity risks.

## Key Components of CSF

CSF comprises three key components:

- **Core** - Consists of five functions, each representing a high-level cybersecurity activity:

    - Identify: Understand the organization's cybersecurity risks.
    - Protect: Implement safeguards to protect the critical infrastructure.
    - Detect: Identify the occurrence of a potential cybersecurity event.
    - Respond: Develop and implement appropriate actions to address detected cybersecurity events.
    - Recover: Implement plans to restore systems and services after a cybersecurity incident.

- **Tiers** - Provide context for organizations to consider the robustness of their cybersecurity program:

    - Tier 1: Partial – Minimal cybersecurity risk management practices.
    - Tier 2: Risk Informed – Risk management practices in place, but not consistently applied.
    - Tier 3: Repeatable – Risk management practices are consistent across the organization.
    - Tier 4: Adaptive – Proactive approach to managing cybersecurity risks.

- **Profiles** - Organizations create profiles to align their cybersecurity activities with their organizational goals, risk tolerance, and resources. A target profile represents desired outcomes, whereas a current profile reflects the current state of cybersecurity programs.

## Benefits of Implementing CSF

- Enhanced understanding of cybersecurity risks and corresponding management strategies within an organization.
- Improved ability to prioritize cybersecurity investments based on risk assessments.
- Strengthened communication between different departments and stakeholders regarding cybersecurity expectations and progress.
- Compliance with industry standards and guidelines, including support for organizations subject to regulatory requirements.

CSF offers organizations a structured approach to improving their cybersecurity posture. By following this framework, organizations can manage their cybersecurity risks more effectively, create a stronger defense against cyberattacks, and maintain the resilience of their critical infrastructure.