The NIST Cybersecurity Framework (CSF) is widely used to help organizations manage and reduce their cybersecurity risks. CSF is defined by six functions (Govern, Identify, Protect, Detect, Respond, and Recover) with each function comprising categories and subcategories.

The mindmap below shows how the CSF functions, categories and subcategories fit together. For example, you’ll notice that the ‘Govern’ function comprises six categories. Each category is further divided into subcategories. If you click on the subcategory text, you’ll be directed to the NIST website, where you’ll see an example of how to implement the subcategory. The mindmap is dynamic; for example, you may click to fold or expand a branch.