Quiz Entry - updated: 2026.07.14
Which categories belong to the Identify function in the NIST CSF, and what are their IDs?
Six categories: Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, and Supply Chain Risk Management.
| ID | Category | Core question |
|---|---|---|
| ID.AM | Asset Management | What hardware/software/data do we have? |
| ID.BE | Business Environment | What is our mission, and our role in the supply chain / critical infrastructure? |
| ID.GV | Governance | Which policies, laws, and regulations govern us? |
| ID.RA | Risk Assessment | What threats and vulnerabilities do we face? |
| ID.RM | Risk Management Strategy | What risk tolerance and priorities do we set? |
| ID.SC | Supply Chain Risk Management | How do we manage risk from suppliers and partners? |
Tip: ID.SC was added in CSF 1.1 (2018) — supply-chain attacks (think SolarWinds, 2020) proved exactly why it deserved its own category.