IDENTIFY

Develop organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

PROTECT

Develop and implement the appropriate safeguards to ensure delivery of services.

DETECT

Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

RESPOND

Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

RECOVER

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.