After this lesson, you will be able to: Understand NIST CSF, what it is, why it exists, and the five core functions.
The NIST Cybersecurity Framework (CSF) is the most widely adopted security framework in the US. Its five functions. Identify, Protect, Detect, Respond, Recover, give organizations a common vocabulary for managing risk.
Created by NIST in 2014 (executive order after critical infrastructure attacks). Updated to CSF 2.0 in 2024. Voluntary in the US (mandatory for federal contractors). Adopted globally as a benchmark.
1. Common vocabulary across teams + vendors.
2. Mapping target, most other frameworks (ISO 27001, CIS, HIPAA) crosswalk to CSF.
3. Maturity-friendly, tier 1 (partial) to tier 4 (adaptive).
4. Free, well-documented.
5. Recognized by auditors, regulators, insurers.
Profile = your organization's selected outcomes. 'Current profile' (where you are) → 'Target profile' (where you want). Tiers (1-4) measure how integrated and adaptive your risk processes are.
Sign in and purchase access to unlock this lesson.