LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is a NIST CSF Profile, and what's the difference between Current and Target Profile?

A Profile is the alignment of the CSF Core to a specific organisation's business requirements, risk tolerance, and resources. The Current Profile captures where you are; the Target Profile describes where you want to be — the delta is your roadmap.

Current Profile to gap analysis and roadmap to Target Profile

* A Profile tailors the Core to your business: the delta between Current and Target Profile is your improvement roadmap. *

Profiles enable:

  • Current snapshot — which sub-categories are implemented, partially, or not at all.
  • Ideal future state — based on business goals, regulatory requirements, threat landscape.
  • Gap analysis & roadmap — what to invest in to close the gap.
  • Reporting — easy to communicate to non-security leadership.

Branchen-spezifische Profiles also exist — sector working groups can publish reference profiles. Example:

NIST Interagency Report 8473 — "Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure"

These reference profiles let everyone in a sector start from a vetted baseline.

Tip: A great trick: maintain Current + Target Profiles in a spreadsheet, refresh quarterly, and use the year-over-year delta as evidence of progress. Auditors and boards eat that up.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 05, 2026