LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the four Implementation Tiers of the NIST CSF?

Tier 1 Partial, Tier 2 Risk Informed, Tier 3 Repeatable, Tier 4 Adaptive.

Four-rung ladder Partial, Risk Informed, Repeatable, Adaptive.

* The four Tiers as a ladder — each step up means more formalization and more learning. *

The Tiers describe how rigorously an organization manages cybersecurity risk:

Tier Name Flavor
1 Partial Ad-hoc, reactive; risk handled case by case
2 Risk Informed Management approves practices, but not org-wide policy
3 Repeatable Formal policy, regularly updated, organization-wide
4 Adaptive Continuous improvement; lessons learned and predictive indicators feed back into practice

Tip: Mnemonic ladder P-R-R-A: "Practices Rarely Repeat… until they Adapt." Each step up = more formalization and more learning.

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jul 14, 2026