There are 108 subcategories in total. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes Subcategories are the deepest level of abstraction in the core
kkvsh on Twitter: "meet me in the bathroom 🫣 https://t.co/tI3rJINQVi
The subcategories are not exhaustive, but they describe detailed outcomes that support each category
The functions, categories, and subcategories apply to all ict used by an organization, including information technology (it), the internet of things (iot), and operational technology (ot).
The nist csf core comprises five functions, and each function is further broken down into categories and subcategories There are currently 23 categories and 108 subcategories in the nist csf. It encompasses six categories, which are summarized in the table below and described in detail in the subsections that follow the table Identify and manage the data, personnel, devices, systems, and facilities that enable the organization to achieve its objectives.
The functions, categories, and subcategories of the framework core are applicable whether you are operating your own assets or another party is operating assets as a service for you. While the csf does not prescribe controls expressly, each of the framework functions has a series of categories, subcategories, and informative references nested within it, enabling organizations to implement the appropriate capabilities and services to improve their cybersecurity posture. The csf does not prescribe how outcomes should be achieved
