Skip to main content

NIST Cybersecurity Framework


Education Law 2-d requires educational agencies to adopt a policy on data security and privacy that aligns with the NIST Cybersecurity Framework, or NIST CSF. At the center of the NIST CSD is the Framework Core, which is a set of activities and desired outcomes to help organizations manage data security and privacy risk. Districts will use a Target Profile, Current Profile, and Action Plan to apply these activities.

Framework Core: A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.

Framework Core Functions: The Core consists of live concurrent and continuous functions:

NIST Standards Outline

These functions provide a high-level, strategic view of the organization's management of cybersecurity risk.

Framework Implementation Tiers: Tiers Characterize an organization's practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-information.

Framework Profile: The Profile represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories.

Current Profile and Target Profile: Profiles are used to identify opportunities for improving the cybersecurity posture by comparing a "Current" Profile (the "as is" state) with a "Target Profile (the "to be" state).

Action Plan: The organization compares the Current Profile and the Target Profile to determine gaps. Next, it creates a prioritizes action plan to address gaps-reflecting mission drivers, costs and benefits, and risks.

Visit the NIST site to view the detailed Cybersecurity Framwork


Data Privacy and Security: