NIST CSF core functions: Protect - Security Boulevard

NIST CSF core functions: Protect


The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide guidance for organizational cybersecurity defenses and risk management. This framework is renowned for its inherent flexibility and open-endedness to account for different organizational needs. 

At its center, NIST CSF comprises five core functions. This article will detail the second of these functions, Protect, and explore the Framework’s five core functions, what the Protect function is and the outcome categories and subcategory activities of this function.

What is the NIST CSF framework core?

The framework core is a set of recommended activities designed to achieve certain cybersecurity outcomes and serves as guidance, not intended to serve as a checklist. The core is composed of five functions that work together to achieve the outcomes mentioned above. These elements are:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

What is the Protect function?

NIST defines the purpose of the Protect function as “(to) develop and implement appropriate safeguards to ensure delivery of critical services.” Just as many experts have made the analogy that the previous function, Identify, was the foundation of the CSF core framework functions, the Protect function can be thought of as framing the rest of the functions yet to come.

Outcome categories and subcategory activities

Each Framework function is composed of outcome categories that describe the kinds of processes and tasks organizations should carry out for that Framework level. The Protect function contains six outcome categories, each of which in turn contains subcategory activities.

Identity Management, Authentication and Access Control

This category is defined as “access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions.”

Subcategory activities

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: