Close Menu
    Facebook LinkedIn YouTube Instagram X (Twitter)
    Blue Tech Wave Media
    Facebook LinkedIn YouTube Instagram X (Twitter)
    • Home
    • Leadership Alliance
    • Exclusives
    • Internet Governance
      • Regulation
      • Governance Bodies
      • Emerging Tech
    • IT Infrastructure
      • Networking
      • Cloud
      • Data Centres
    • Company Stories
      • Profiles
      • Startups
      • Tech Titans
      • Partner Content
    • Others
      • Fintech
        • Blockchain
        • Payments
        • Regulation
      • Tech Trends
        • AI
        • AR/VR
        • IoT
      • Video / Podcast
    Blue Tech Wave Media
    Home » What are the main components of the NIST cybersecurity framework?
    NIST-Framework
    NIST-Framework
    IoT

    What are the main components of the NIST cybersecurity framework?

    By Monica ChenApril 24, 2024No Comments4 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email
    • Cybersecurity compliance refers to adhering to standards and statutory requisites set by entities, laws or governing bodies. Companies handling digital assets need to implement controls and security practices to minimise the risk to sensitive data.
    • Numerous compliance frameworks and standards exist to guide organisations in establishing robust cybersecurity practices, including the NIST Cybersecurity Framework, GDPR, HIPAA and PCI DSS.
    • The NIST Cybersecurity Framework is a set of guidelines for mitigating an organisation’s cybersecurity risks, published by the National Institute of Standards and Technology, the main components of which are “Core”, “Profile” and “Tiers”.

    The exponential rise in cybercrime makes governments, businesses, and organisations focus on compliance and compliance regulations. The NIST Cybersecurity Framework is one of the widely recognised frameworks, the main components of which are “Core”, “Profile” and “Tiers”.

    Cybersecurity compliance

    Cybersecurity compliance refers to adhering to standards and statutory requisites set by entities, laws or governing bodies. Companies handling digital assets need to implement controls and security practices to minimise the risk to sensitive data.

    The exponential rise in cybercrime often leads to massive data breaches or business disruptions. This has become among the primary drivers for this renewed focus on compliance and compliance regulations. 

    Numerous compliance frameworks and standards exist to guide organisations in establishing robust cybersecurity practices. These frameworks provide a structured approach to implementing security controls and addressing specific compliance requirements. 

    Some widely recognised frameworks include the NIST Cybersecurity Framework, the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).

    Also read: How can generative AI be used in cybersecurity?

    The NIST cybersecurity framework

    The NIST Cybersecurity Framework is a set of guidelines for mitigating an organisation’s cybersecurity risks, published by the National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices.

    Also read: How to enhance cybersecurity after the Australian State Court database breach?

    The framework, which “provides a high-level taxonomy of cybersecurity outcomes and methods for evaluating and managing those outcomes,” has been translated into multiple languages and is widely used by governments, businesses, and organisations, in addition to guidance on protecting privacy and civil liberties in the context of cybersecurity.

    Version 1.0 of the framework was released in 2014 and was initially targeted at critical infrastructure operators. In 2017, draft version 1.1 of the framework was released for public comment and officially released to the public on April 16, 2018. The framework is divided into three parts: “Core”, “Profile” and “Tiers”.

    1. Framework core

    “Framework Core” contains an array of activities, outcomes and references about aspects and approaches to cybersecurity. The NIST Cybersecurity Framework organises its “core” material into 5 “functions”, identify, protect, detect, respond and recover.

    These functions are subdivided into a total of 23 “categories”. For each category, it defines several subcategories of cybersecurity outcomes and security controls, with 108 subcategories in all.

    2. Framework profile

    A “Framework Profile” is a list of outcomes that an organisation has chosen from the categories and subcategories, based on its needs and risk assessments.

    An organisation typically starts by using the framework to develop a “Current Profile” which describes its cybersecurity activities and what outcomes it is achieving. It can then develop a “Target Profile”, or adopt a baseline profile tailored to its sector (e.g. infrastructure industry) or type of organisation, which defines steps for switching from its current profile to its target profile.

    3. Framework implementation tiers

    Organisations use the “Framework Implementation layer” to clarify to themselves and their partners how they view cybersecurity risks and the complexity of their approach to managing them. Tiers reflect an increasing degree of expertise in cyber risk management practices.

    Tier 1 Partial includes companies with on-demand or no security procedures.

    The majority of corporate executives in Tier 2 Risk-informed are now aware of the main threats they face, including malware, state-sponsored attacks, and other bad actors.

    Tier 3 Repeatable is for companies with risk management and cybersecurity best practices that have received executive approval.

    Tier 4 Adaptive is the topmost tier and requires the greatest time and money to deploy, but it is essential in heavily regulated industries like banking, healthcare, and critical infrastructure.

    cybersecurity framework NIST
    Monica Chen

    Monica Chen is an intern reporter at BTW Media covering tech-trends and IT infrastructure. She graduated from Shanghai International Studies University with a Master’s degree in Journalism and Communication. Send tips to m.chen@btw.media

    Related Posts

    Datum’s MCR2 delivers Next-Gen data capacity in Manchester

    July 7, 2025

    Temasek Polytechnic: Shaping future innovators

    July 7, 2025

    Lelantos: Tackles home WiFi gaps with enterprise solutions

    July 7, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    CATEGORIES
    Archives
    • July 2025
    • June 2025
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023

    Blue Tech Wave (BTW.Media) is a future-facing tech media brand delivering sharp insights, trendspotting, and bold storytelling across digital, social, and video. We translate complexity into clarity—so you’re always ahead of the curve.

    BTW
    • About BTW
    • Contact Us
    • Join Our Team
    TERMS
    • Privacy Policy
    • Cookie Policy
    • Terms of Use
    Facebook X (Twitter) Instagram YouTube LinkedIn

    Type above and press Enter to search. Press Esc to cancel.