LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Which categories belong to the Identify function in the NIST CSF, and what are their IDs?

Six categories: Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, and Supply Chain Risk Management.

ID Category Core question
ID.AM Asset Management What hardware/software/data do we have?
ID.BE Business Environment What is our mission, and our role in the supply chain / critical infrastructure?
ID.GV Governance Which policies, laws, and regulations govern us?
ID.RA Risk Assessment What threats and vulnerabilities do we face?
ID.RM Risk Management Strategy What risk tolerance and priorities do we set?
ID.SC Supply Chain Risk Management How do we manage risk from suppliers and partners?

Tip: ID.SC was added in CSF 1.1 (2018) — supply-chain attacks (think SolarWinds, 2020) proved exactly why it deserved its own category.

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jul 14, 2026