Analysis: NIST Cybersecurity Framework - Core Counts

The NIST Cybersecurity Framework (CSF) provides a common language and systematic methodology for managing cybersecurity risk. The Core includes activities to be incorporated in a cybersecurity program that can be tailored to meet any organization’s needs.  The Framework is designed to complement, not replace, an organization's cybersecurity program and risk management processes. You can read more information here.


The bar chart below provides the counts within the CSF Framework Core. The Core consists of 3 hierarchical parts:

  1. Function
  2. Category
  3. Subcategory
The first/highest part of the Core consists of the following 5 Functions:
  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover
These 5 Functions have been widely integrated into many U.S. and international security programs as a standardized way to monitor system security and measure program maturity.