Skip to content
Log in

Subcategory

Definition

The most granular level of the CSF core, each describing a specific outcome or practice (for example, 'Physical assets are inventoried'). CSF 2.0 contains 106 subcategories. Subcategories carry references to other frameworks such as ISO 27001 controls and NIST SP 800-53 control families.

Related terms

Category
A subdivision of a core function that groups related cybersecurity outcomes. For example, the Identify function contains categories such as Asset Management...
Core Function
The highest level of the CSF hierarchy. CSF 2.0 defines six: Govern, Identify, Protect, Detect, Respond, and Recover. Each function represents a...
CSF Profile
A customised selection of categories and subcategories that reflects an organisation's business environment, risk tolerance, and resources. A Current Profile describes what...
Govern (Function)
The sixth and newest CSF core function, introduced in CSF 2.0. It covers the organisational context, risk management strategy, roles and responsibilities,...
Implementation Tier
A descriptor of how mature an organisation's cybersecurity risk management practices are, on a scale from Tier 1 (Partial, reactive) to Tier...

Explained in

  • The NIST Cybersecurity FrameworkThe most granular level of the CSF core, each describing a specific outcome or practice (for example, 'Physical assets are inventoried'). CSF 2.0 contains 106...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account