Which function defined in the NIST Cyber Security Framework Core provides guidance on how do you recover normal operations after a cyber security incident?

CISA helps organizations use the Cybersecurity Framework to improve cyber resilience. To learn more about the Framework or to download a copy, visit http://www.nist.gov/cyberframework. Additionally, visit the links to below for the Microlearn series with Dr. Ron Ross of the National Institute of Standards and Technology in which he discusses Enterprise Risk Management (as it relates to critical information systems), other frameworks, and implementation considerations.

• Non-federal Enterprise Risk Management Microlearn with guest speaker Dr. Ron Ross: https://dhsconnect.connectsolutions.com/ptu75rpzyr5w/
• Dr. Ron Ross Q&A Part 1 – Overview of Enterprise Risk Management: https://dhsconnect.connectsolutions.com/p79h6ls5wvrt/
• Dr. Ron Ross Q&A Part 2 – Enterprise Risk Management and other Frameworks: https://dhsconnect.connectsolutions.com/prfvxwohnlac/
• Dr. Ron Ross Q&A Part 3 – Implementation Considerations: https://dhsconnect.connectsolutions.com/p1ott6mfmxak/

CISA connects organizations with public and private sector resources that align to the Framework’s five Function Areas: Identify, Protect, Detect, Respond, and Recover. This page explains the Framework Function Areas and provides links to Cybersecurity Framework sector-specific guidance.

On This Page:
Cybersecurity Framework Function Areas
Cybersecurity Framework Guidance

Cybersecurity Framework Function Areas

Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.

Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
 

Cybersecurity Framework Guidance

Sector-specific guidance has been completed by all six critical infrastructure sectors for which the Department of Homeland Security, Office of Infrastructure Protection is the Sector-Specific Agency (SSA): Chemical, Commercial Facilities, Critical Manufacturing, Dams, Emergency Services, and Nuclear. Guidance is developed in close collaboration with the SSA, alongside the Sector Coordinating Councils (SCC) and Government Coordinating Councils (GCC), to provide a holistic view of a sector’s cybersecurity risk environment.

Framework Guidance provides sector stakeholders with the ability to:

• Understand and use the Framework to assess and improve their cyber resiliency;
• Assess their current- and target-cybersecurity posture;
• Identify gaps in their existing cybersecurity risk management programs, and;
• Identify current, sector-specific tools and resources that map to the Framework 

Chemical Framework Guidance [pdf]
Commercial Facilities Framework Guidance [pdf]
Critical Manufacturing Framework Guidance [pdf]
Dams Framework Guidance [pdf]
Defense Industrial Base Framework Guidance [pdf]
Emergency Services Framework Guidance [pdf]
Federal Framework Guidance DRAFT [pdf]
Healthcare & Public Health Framework Guidance [pdf]
Nuclear Framework Guidance [pdf]
Transportation Systems Framework Guidance [pdf]
Water & Wastewater Systems [link: American Water Works Association Cybersecurity Guidance & Tool]