NIST Cyber Security Framework (CSF) Question Set

By : 6clicks
This download includes the NIST Cyber Security Framework core controls and mapped questions that you can use to internally audit your organisation. The NIST Cyber Security Framework provides a set of core controls for the US government and industry.
In stock


The NIST Cyber Security Framework was originally developed by NIST for voluntary use by critical infrastructure owners and operators. However, it is now in widespread adoption by government departments and agencies across the United States, and in the industry more generally.

It is organised into functions and categories. Functions organize basic cybersecurity activities at their highest level. These Functions are Identify, Protect, Detect, Respond, and Recover. Categories are the subdivisions of a Function into groups of cybersecurity outcomes closely tied to programmatic needs and particular activities.

The NIST Cyber Security Framework includes 108 controls across 22 high level functions and categories which are:

  • Identify (ID)- Asset Management (ID.AM)
  • Identify (ID) - Business Environment (ID.BE)
  • Identify (ID) - Governance (ID.GV)
  • Identify (ID) - Risk Assessment (ID.RA)
  • Identify (ID) - Risk Management Strategy (ID.RM)
  • Identify (ID) - Supply Chain Risk Management(ID.SC)
  • Protect (PR) - Identity Management, Authentication and Access Control (PR.AC)
  • Protect (PR) - Awareness and Training (PR.AT)
  • Protect (PR) - Data Security (PR.DS)
  • Protect (PR) - Information Protection Processes and Procedures (PR.IP)
  • Protect (PR) - Maintenance (PR.MA)
  • Protect (PR) - Protective Technology (PR.PT)
  • Detect (DE) - Anomalies and Events (DE.AE)
  • Detect (DE) - Security Continuous Monitoring (DE.CM)
  • Detect (DE) - Detection Processes (DE.DP)
  • Respond (RS) - Response Planning (RS.RP)
  • Respond (RS) - Communications (RS.CO)
  • Respond (RS) - Analysis (RS.AN)
  • Respond (RS) - Mitigation (RS.MI)
  • Respond (RS) - Improvements (RS.IM)
  • Recover (RC) - Recovery Planning (RC.RP)
  • Recover (RC) - Improvements (RC.IM)
  • Recover (RC) - Communications (RC.CO)

Getting Started

Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.


Understanding NIST cyber security framework for reduced risk

More Information

More Information
Jurisdiction All
Type Assessment