1. Core: The Core of a security framework is the foundation upon which the entire framework is built. It provides a set of desired cybersecurity activities and outcomes using common language that is easy to understand. It is designed to be flexible and customizable to meet the needs of individual organizations.
2. Implementation Tiers: Implementation Tiers provide organizations with a structure and guidance to identify, assess, and manage cybersecurity risks. They provide a systematic approach to addressing risk and provide a level of assurance that the organization is taking the necessary steps to protect its assets.
3. Profiles: Profiles are the combination of Core components and Implementation Tiers that are tailored to meet the specific needs of an organization. Profiles are designed to be used as a roadmap for organizations to follow in order to better protect their assets and operations.