book

NIST CSF 2.0 - Your essential introduction to managing cybersecurity risks

by Andrew Pattison

February 2025

Beginner to intermediate

94 pages

1h 27m

English

IT Governance Publishing

Read now

Unlock full access

Origins of the CSFThe NIST Cybersecurity Framework
Relevant factors and variablesImplementation benefitsStructure
FunctionsCategoriesSubcategoriesFramework profilesFramework implementation tiers
Informative referencesNIST SP 800-53Implementation examplesQuick-start guides

GovernIdentifyProtectDetectRespondRecover
MethodologiesRisk responsesNIST Risk Management Framework
Step 1: Determine objectives, priorities, and scopeStep 2: Identify assets and risksStep 3: Create a current profileStep 4: Conduct a risk assessmentStep 5: Create a target profileStep 6: Perform a gap analysis and develop an action planStep 7: Implement the action planContinual improvementDecision-making and implementation responsibilities
ISO 27001ISO 22301Combining ISO 27001, ISO 22301, and the CSF

Content preview from NIST CSF 2.0 - Your essential introduction to managing cybersecurity risks

CHAPTER 6: IMPLEMENTING THE FRAMEWORK

Version 2.0 of the CSF does not provide a formal implementation process, preferring instead to let the implementing organization decide how best to approach the project. However, the seven-step process provided in CSF version 1.1 remains a valid and appropriate way of implementing the framework for organizations that are not sure where to begin.

The seven-step implementation process is:

1. Determine objectives, priorities, and scope

2. Identify assets and risks

3. Create a current profile

4. Conduct a risk assessment

5. Create a target profile

6. Perform a gap analysis and develop an action plan

7. Implement the action plan