There’s a lot of existing content to introduce you to the NIST CSF 2.0. You can get started by referencing the NIST CSF resources and/or search YouTube. This post provides an additional resource to help you understand and implement the CSF.
The CSF Core is a hierarchy of the following components:
- CSF Function – The highest level of organization for cybersecurity outcomes. There are six CSF Functions: Govern, Identify, Protect, Detect, Respond, and Recover.
- CSF Category – A group of related cybersecurity outcomes that collectively comprise a CSF Function.
- CSF Subcategory – A group of more specific outcomes of technical and management cybersecurity activities that comprise a CSF Category.
CSF data table benefits:
- Quick reference to zoom in from Function to Subcategory.
- Provide estimated level of effort insight for each Function.
- Isolate and/or compare CSF implementation examples.