NIST Cybersecurity Framework Checklist: 5 Functions

Complete checklist covering all 5 core functions, 23 categories, and 108 subcategories of the NIST Cybersecurity Framework. Flexible approach to cybersecurity risk management.

Get Expert Help Take Free Assessment

Functions

NIST CSF Core Functions & Categories

5 concurrent and continuous functions for comprehensive cybersecurity

IDENTIFY

Develop organizational understanding of cybersecurity risk

Asset Management (ID.AM)

ID.AM-1: Physical devices and systems inventoried

ID.AM-2: Software platforms and applications inventoried

ID.AM-3: Organizational communication and data flows mapped

ID.AM-4: External information systems catalogued

ID.AM-5: Resources prioritized by criticality

ID.AM-6: Cybersecurity roles and responsibilities established

Business Environment (ID.BE)

ID.BE-1: Organization's role in supply chain identified

ID.BE-2: Organization's place in critical infrastructure identified

ID.BE-3: Priorities for organizational mission established

ID.BE-4: Dependencies and critical functions identified

ID.BE-5: Resilience requirements determined

Governance (ID.GV)

ID.GV-1: Organizational cybersecurity policy established

ID.GV-2: Cybersecurity roles and responsibilities coordinated

ID.GV-3: Legal and regulatory requirements understood

ID.GV-4: Governance and risk management processes address risk

Risk Assessment (ID.RA)

ID.RA-1: Asset vulnerabilities identified and documented

ID.RA-2: Cyber threat intelligence received from sources

ID.RA-3: Threats identified and documented

ID.RA-4: Potential business impacts identified

ID.RA-5: Threats, vulnerabilities, likelihoods determined

ID.RA-6: Risk responses identified and prioritized

Risk Management Strategy (ID.RM)

ID.RM-1: Risk management processes established

ID.RM-2: Organizational risk tolerance determined

ID.RM-3: Organization's risk determination includes threats

Supply Chain Risk Management (ID.SC)

ID.SC-1: Cyber supply chain risk management processes identified

ID.SC-2: Suppliers and partners identified and prioritized

ID.SC-3: Contracts with suppliers include cybersecurity requirements

ID.SC-4: Suppliers and partners assessed using assessments

ID.SC-5: Response and recovery planning includes suppliers

PROTECT

Develop and implement safeguards to ensure delivery of services

Identity Management (PR.AC)

PR.AC-1: Identities and credentials issued and managed

PR.AC-2: Physical access to assets managed

PR.AC-3: Remote access managed

PR.AC-4: Access permissions and authorizations managed

PR.AC-5: Network integrity protected

PR.AC-6: Identities authenticated and verified

PR.AC-7: Users and devices authenticated

Awareness & Training (PR.AT)

PR.AT-1: All users informed and trained

PR.AT-2: Privileged users understand roles

PR.AT-3: Third-party stakeholders understand responsibilities

PR.AT-4: Senior executives understand roles

PR.AT-5: Physical and cybersecurity personnel understand roles

Data Security (PR.DS)

PR.DS-1: Data-at-rest protected

PR.DS-2: Data-in-transit protected

PR.DS-3: Assets formally managed during removal

PR.DS-4: Adequate capacity maintained

PR.DS-5: Protections against data leaks implemented

PR.DS-6: Integrity checking mechanisms used

PR.DS-7: Development and testing separated from production

PR.DS-8: Integrity checking mechanisms used

Info Protection Processes (PR.IP)

PR.IP-1: Baseline configuration created and maintained

PR.IP-2: System development life cycle managed

PR.IP-3: Configuration change control processes in place

PR.IP-4: Backups performed and tested

PR.IP-5: Physical operating environment requirements met

PR.IP-6: Data destroyed according to policy

PR.IP-7: Protection processes improved

PR.IP-8: Effectiveness of protection technologies shared

PR.IP-9: Response and recovery plans tested

PR.IP-10: Response and recovery plans included in processes

PR.IP-11: Cybersecurity included in HR practices

PR.IP-12: Vulnerability management plan developed

Maintenance (PR.MA)

PR.MA-1: Maintenance and repair performed and logged

PR.MA-2: Remote maintenance approved and logged

Protective Technology (PR.PT)

PR.PT-1: Audit/log records determined and documented

PR.PT-2: Removable media protected

PR.PT-3: Least functionality configured

PR.PT-4: Communications and control networks protected

PR.PT-5: Mechanisms implemented to achieve resilience

DETECT

Develop and implement activities to identify cybersecurity events

Anomalies & Events (DE.AE)

DE.AE-1: Baseline of network operations established

DE.AE-2: Detected events analyzed

DE.AE-3: Event data collected and correlated

DE.AE-4: Impact of events determined

DE.AE-5: Incident alert thresholds established

Security Continuous Monitoring (DE.CM)

DE.CM-1: Network monitored to detect events

DE.CM-2: Physical environment monitored

DE.CM-3: Personnel activity monitored

DE.CM-4: Malicious code detected

DE.CM-5: Unauthorized mobile code detected

DE.CM-6: External service provider activity monitored

DE.CM-7: Monitoring for unauthorized activity performed

DE.CM-8: Vulnerability scans performed

Detection Processes (DE.DP)

DE.DP-1: Roles and responsibilities defined

DE.DP-2: Detection activities comply with requirements

DE.DP-3: Detection processes tested

DE.DP-4: Event detection information communicated

DE.DP-5: Detection processes improved

RESPOND

Develop and implement activities to take action regarding a detected event

Response Planning (RS.RP)

RS.RP-1: Response plan executed during or after incident

Communications (RS.CO)

RS.CO-1: Personnel know their roles

RS.CO-2: Incidents reported consistent with criteria

RS.CO-3: Information shared with stakeholders

RS.CO-4: Coordination with stakeholders occurs

RS.CO-5: Voluntary information sharing occurs

Analysis (RS.AN)

RS.AN-1: Notifications investigated

RS.AN-2: Impact of incident understood

RS.AN-3: Forensics performed

RS.AN-4: Incidents categorized

RS.AN-5: Processes established to receive threat info

Mitigation (RS.MI)

RS.MI-1: Incidents contained

RS.MI-2: Incidents mitigated

RS.MI-3: Newly identified vulnerabilities mitigated

Improvements (RS.IM)

RS.IM-1: Response plans incorporate lessons learned

RS.IM-2: Response strategies updated

RECOVER

Develop and implement activities to maintain resilience and restore capabilities

Recovery Planning (RC.RP)

RC.RP-1: Recovery plan executed during or after event

Improvements (RC.IM)

RC.IM-1: Recovery plans incorporate lessons learned

RC.IM-2: Recovery strategies updated

Communications (RC.CO)

RC.CO-1: Public relations managed

RC.CO-2: Reputation repaired after incident

RC.CO-3: Recovery activities communicated

NIST CSF Implementation Tiers

Assess your organization's cybersecurity maturity level

Tier 1: Partial

Risk management process not formalized

Limited awareness of cybersecurity risk

Cybersecurity risk managed in ad hoc manner

Information sharing is irregular

Tier 2: Risk Informed

Risk management practices approved by management

Cybersecurity practices defined but not policy

Awareness of cybersecurity risks but not organization-wide

Information sharing occurs informally

Tier 3: Repeatable

Risk management practices formally approved

Cybersecurity practices regularly updated

Organization-wide approach to risk management

Information sharing is formal and routine

Tier 4: Adaptive

Adaptive to changing cybersecurity landscape

Advanced cybersecurity practices in place

Real-time understanding of risk

Proactive information sharing with partners

How LowerPlane Automates NIST CSF

🎯

Profile Creation

Automatically create your current and target profiles based on your organization's risk tolerance.

📊

Tier Assessment

Assess your current implementation tier and get a roadmap to achieve your target tier.

🔗

Framework Mapping

Map NIST CSF to other frameworks like ISO 27001, SOC 2, and HIPAA for unified compliance.

Download Your Free NIST CSF Checklist

Get the complete NIST Cybersecurity Framework checklist as a printable PDF. Track your progress across all 5 functions.

Download PDF Checklist Or Get Expert Help

No email required for PDF download. Start tracking your compliance progress today.