Chapter 4: Framework implementation tiers

The four Framework implementation tiers (‘tiers’) describe different degrees of sophistication that an organization’s cybersecurity measures might have – specifically on the basis of its risk management process, integrated risk management program, and external participation. The four tiers are:

1.Partial

2.Risk-informed

3.Repeatable

4.Adaptive

The tiers are designed for describing how mature an organization’s risk management processes are. As the risk management processes determine how cybersecurity risks are dealt with, the tiers naturally extend to describing the rigor of the organization’s cybersecurity measures. They also give an organization some idea of the characteristics of risk management at ...

Get NIST Cybersecurity Framework - A pocket guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

NIST Cybersecurity Framework - A pocket guide by Alan Calder

CHAPTER 4: FRAMEWORK IMPLEMENTATION TIERS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly