CISA helps organizations use the Cybersecurity Framework to improve their cyber resilience. CISA connects organizations with public and private sector resources that align to the Framework’s five Function Areas: Identify, Protect, Detect, Respond, and Recover. This page explains the Framework Function Areas. To learn more about the Framework or to download a copy, visit http://www.nist.gov/cyberframework.
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.
Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.
Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.
Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
Sector-specific guidance has been completed by all six critical infrastructure sectors for which the Department of Homeland Security, Office of Infrastructure Protection is the Sector-Specific Agency (SSA): Chemical, Commercial Facilities, Critical Manufacturing, Dams, Emergency Services, and Nuclear. Guidance is developed in close collaboration with the SSA, alongside the Sector Coordinating Councils (SCC) and Government Coordinating Councils (GCC), to provide a holistic view of a sector’s cybersecurity risk environment.
Framework Guidance provides sector stakeholders with the ability to:
- Understand and use the Framework to assess and improve their cyber resiliency;
- Assess their current- and target-cybersecurity posture;
- Identify gaps in their existing cybersecurity risk management programs, and;
- Identify current, sector-specific tools and resources that map to the Framework
Chemical Framework Guidance [pdf]
Commercial Facilities Framework Guidance [pdf]
Critical Manufacturing Framework Guidance [pdf]
Dams Framework Guidance [pdf]
Emergency Services Framework Guidance [pdf]
Federal Framework Guidance DRAFT [pdf]
Healthcare & Public Health Framework Guidance [pdf]
Nuclear Framework Guidance [pdf]
Transportation Systems Framework Guidance [pdf]
Water & Wastewater Systems [link: American Water Works Association Cybersecurity Guidance & Tool]