14,932
edits
Changes
→Components
====Components====
====Components====
The resulting Cybersecurity Framework consists of voluntary standards, guidelines, and practices for promoting critical infrastructure protection. The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles.
[[File:Coreofframework.png|right|Framework Core (Image from NIST)]]The resulting Cybersecurity Framework consists of voluntary standards, guidelines, and practices for promoting critical infrastructure protection. The Cybersecurity Framework consists of three main components: the Core, Implementation Tiers, and Profiles.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref>
======Core======
The Core is a set of desired cybersecurity activities and outcomes organized into Categories and aligned to Informative References.
======Tiers======
The tiers do not describe maturity levels; rather, they describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework. It is up to each organization to decide its target tier. The Tiers range from "partial" to "adaptive," reflecting an increasing degree of rigor, integration among cybersecurity risk decisions, and information sharing the organization with external parties.<ref>[https://www.nist.gov/cyberframework/online-learning/components-framework Framework Components, NIST]</ref>
====C3====
====C3====