Quiz Entry - updated: 2026.06.20
What are the seven steps of the NIST CSF implementation process?
Prioritize & Scope → Orient → Current Profile → Risk Assessment → Target Profile → Gap Analysis → Action Plan.
* The seven implementation steps as a repeating cycle, not a one-shot project. *
- Prioritize and Scope — pick business lines/processes in scope; Implementation Tiers can express your risk tolerance here
- Orient — identify related systems, assets, regulatory requirements, and threats for that scope
- Create a Current Profile — which subcategory outcomes are achieved today?
- Conduct a Risk Assessment — analyze likelihood and impact of events
- Create a Target Profile — desired outcomes; if you use a Tier, its characteristics should be reflected here
- Determine, Analyze, and Prioritize Gaps — compare current vs. target, rank by risk and cost
- Implementation Action Plan — concrete, budgeted actions to close prioritized gaps
The process is a cycle, not a one-shot project — re-run it as threats and business priorities change.
Tip: Steps 3–6 are the heart: Current Profile vs. Target Profile = gap analysis. Same Soll-Ist logic as the Grundschutz Basis-Sicherheitscheck — frameworks differ in vocabulary, rarely in logic.