What is Your NIST Framework Profile?

Originally posted by NIST in the Cybersecurity Framework, the Framework Profile (“Profile”) is the alignment of the Functions, Categories, and Subcategories with the organization's business requirements, risk tolerance, and resources.

What are the NIST Framework Profiles?

A Profile enables organizations to establish a roadmap for reducing cybersecurity risk that aligns well with their organizational and sector goals, considers legal/regulatory requirements, and reflects industry best practices and risk management priorities.

Given the complexity of many organizations, they may choose to have multiple profiles aligned with particular components and recognize their individual needs. Framework Profiles can be used to describe the current state or the desired target state of specific cybersecurity activities.

Your Current and Target NIST Profile

The Current Profile indicates the cybersecurity outcomes that are currently being achieved. The Target Profile outlines the outcomes required to achieve the desired cybersecurity risk management objectives.

It's essential to incorporate goals from all business segments, including both business and security. That way, you'll have a more well-rounded goal set that aligns with your business's future vision.

The Value of NIST Profiles

Profiles support business/mission requirements within your organization to all constituents and aid in communicating risk between organizations. Creating these profiles will enhance communication between all parties involved, particularly if you have difficulty translating your current and target risk and cyber strength to your partners, vendors, and other stakeholders. The better the communication within and around your organization, the more progress you'll make in building a robust program or creating a faster response plan.

Let us know if you're interested in baselining your organization against NIST Cybersecurity Framework best practices in a matter of hours. You'll be able to see areas for improvement and gaps across all five NIST functions, and you'll have a plan of action on how to close those gaps within and around your organization.