Overview

Overview ()

NIST 800-53 classifies its controls into 5 main functions: 
-Identify. Includes Asset Management, Business Environment, Governance, Risk Assessment and Risk Management Strategy – and has been marked optional since these processes are described in the secondary & tertiary architectures and therefore rarely realised by mechanisms in the primary, run-time architecture.
-Protect 
-Detect 
-Respond 
-Recover.


namespace	NIST
publisher NIST	NIST
sourceURL	https://www.nist.gov/cyberframework


NIST CSF
Identify
Asset Management
ID.AM Asset Management
Business Environment
ID.BE Business Environment
Governance
ID.GV Governance
Risk Assessment
ID.RA Risk Assessment
Risk Management Strategy
ID.RM Risk Management Strategy
Supply Chain Risk Management
ID.SC Supply Chain Risk Management
Detect
Anomalies & Events
DE.AE Anomalies & Events
Detection Processes
DE.DP Detection Processes
Security Continuous Monitoring
DE.SC Security Continuous Monitoring
Respond
Analysis
RS.AN Analysis
Communications
RS.CO Communications
Improvements
RS.IM Improvements
Mitigation
RS.MI Mitigation
Response Planning
RS.RP Response Planning
Recover
Communications
RC.CO Communications
Improvements
RC.IM Improvements
Recovery Planning
RC.RP Recovery Planning
Protect
Awareness & Training
PR.AT Awareness & Training
Data Security
PR.DS Data Security
Identity Management, Authentication, Access Control
PR.AC Identity Management, Authentication & Access Control
Information Protection Processes & Procedures
PR.IP Information Protection Processes & Procedures
Maintenance
PR.MA Maintenance
Protective Technology
PR.PT Protective Technology


		NIST CSF	Identify
		NIST CSF	Detect
		NIST CSF	Respond
		NIST CSF	Recover
		NIST CSF	Protect
		Identify	Asset Management
		Identify	Business Environment
		Identify	Governance
		Identify	Risk Assessment
		Identify	Risk Management Strategy
		Identify	Supply Chain Risk Management
		Detect	Anomalies & Events
		Detect	Detection Processes
		Detect	Security Continuous Monitoring
		Respond	Analysis
		Respond	Communications
		Respond	Improvements
		Respond	Mitigation
		Respond	Response Planning
		Recover	Communications
		Recover	Improvements
		Recover	Recovery Planning
		Protect	Awareness & Training
		Protect	Data Security
		Protect	Identity Management, Authentication, Access Control
		Protect	Information Protection Processes & Procedures
		Protect	Maintenance
		Protect	Protective Technology