NIST CSF 2.0 and You!
Here are the 6 functions of the NIST CSF 2.0 framework for you and the main areas it covers. Each area are known as categories and controls within each are known as subcategories. The best way to start planning security strategy is to perform an assessment against a framework like NIST CSF 2.0. What kind of assessment do you actually need though, a gap assessment or risk assessment and whats the difference? A gap assessment will give you the gaps your organization has as it’s compared to the framework. A risk assessment takes the gaps to the next level by assessing the risks associated with each as applicable to your organization and lastly it drives the action items, remediation plans to close the gaps. These risks are associated with a needed risk registry that will help you track remediation status and be able to report on the risk to your organization.
