# NIST CSF The NIST Cybersecurity Framework (NIST CSF) is a voluntary, non-prescriptive framework developed by the National Institute of Standards and Technology (NIST) to help organizations of all sizes manage and reduce [[cybersecurity]] risks. It provides a set of recommended practices and guidelines that can be customized to fit the specific needs of an organization. ## Capability Scope | NIST CSF Catagory | Capability Scope | | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | | ID.AM<br />Asset Management | L0: Human Resources<br />L0: Information Technology | | ID.BE<br />Business Environment | L1: [[Control Development]]<br />L0: Legal | | ID.GV<br />Governance | L0: Legal<br />L2: [[Standards Management]]<br />L2: [[Policy Management]] | | ID.RM<br />Risk Management Strategy | L2: [[Risk Prioritization]] | | PR.AC Access Control | L0: [[Identity and Access Management]]<br />L0: Information Technology<br />L2: [[Defense Modeling]] | | PR.AT<br />Awareness and Training | L0: Human Resources<br />L1: [[Adversary Research]] | | PR.DS<br />Data Security | L2: [[Defense Modeling]] | | PR.IP<br />Information Protection Processes and Procedures | L0: Human Resources<br />L2: [[Defense Modeling]]<br />L2: [[Standards Management]]<br />L2: [[Policy Management]] | | PR.MA<br />Maintainance | L0: Information Technology<br />L0: Facilities | | PR.PT<br />Protective Technology | L1: [[Control Development]] | | DE.AE<br />Anomalies and Events | L2: [[Alert Correlation]] | | DE.CM<br />Security Continuous Monitoring | L1: [[Control Verification]] | | DE.DP<br />Detection Process | L2: [[Assurance Reporting]]<br />L2: [[Test Plan Management]] | | RS.RP<br />Response Planning | L1: [[Incident Containment]]<br />L2: [[Standards Management]] | | RS.CO<br />Communications | L2: [[Incident Management]] | | RS.AN<br />Analysis | L2: [[Forensic Analysis]] | | RS.MI<br />Mitigation | L1: [[Incident Containment]]<br />L2: [[Remediation Management]] | | RS.IM<br />Improvements | L2: [[Case Management ]]<br />L2: [[Test Plan Management]] | | RC.RP<br />Recovery Planning | L1: [[Control Development]] | | RC.IM<br />Improvements | L2: [[Case Management]] | | RC.CO<br />Communications | L0: Legal | ## Inspiration & Resources + https://www.nist.gov/cyberframework ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.