Most security incidents are not zero-days — they are failures of basic hygiene. This framework walks you through the five NIST CSF functions to give your organization a current-state baseline and a prioritized improvement roadmap.
Identify
- Asset inventory: all hardware, software, and data assets documented
- Business environment: critical functions and dependencies mapped
- Risk assessment: threats and vulnerabilities identified and rated
- Risk management strategy: risk appetite defined by leadership
- Supply chain: third-party vendor risk assessed
Protect
- Identity management: MFA enforced on all critical systems
- Access control: least-privilege and need-to-know enforced
- Data security: encryption at rest and in transit implemented
- Security awareness training: annual + phishing simulations
- Maintenance: patch cadence documented (critical patches < 72 hours)
Detect
- Anomaly detection: SIEM or log aggregation in place
- Continuous monitoring: endpoints covered by EDR
- Detection processes: incident triggers and escalation path documented
Respond
- Incident response plan documented and tested (tabletop exercise)
- Communications plan: breach notification chain defined
- Mitigation: documented playbooks for top 5 incident types
- Post-incident reviews: lessons learned process exists
Recover
- Recovery plan: RTO and RPO defined per critical system
- Backups: 3-2-1 backup strategy tested quarterly
- Improvements: post-incident findings tracked and remediated
- Communications: stakeholder update process during/after incidents