The NIST Framework consists of three main components:
Core: A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. Implementation Tiers: These provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Profiles: Help organizations align their cybersecurity activities with business requirements, risk tolerances, and resources.