Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Identify
These mappings are intended to demonstrate the relationship between existing NIST publications and the Cybersecurity Framework. These preliminary mappings are intended to evolve and progress over time as new publications are created and existing publications are updated. Initially, each publication has been mapped only once to the category considered most applicable. Certain NIST publications that have broad applicability across multiple categories of a function have been included within the General Mappings section.
General Mappings
This table provides publications that have broad applicability across multiple categories of a function.
|
IDENTIFY (ID) |
|
NIST Cybersecurity Publication by Category
This table consists of NIST Publications that have been mapped only once to an individual Category.
|
IDENTIFY (ID) |
Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy |
|
|||||||||||
|
Business Environment (ID.BE): The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions. |
|
||||||||||||
|
Governance (ID.GV): The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk. |
|
||||||||||||
|
Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals. |
|
||||||||||||
|
Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions. |
|
||||||||||||
|
Supply Chain Risk Management (ID.SC): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks. |
|