IDENTIFY - Build the Foundation
We sell your preferred brands on COSTARS and PEPPM.
Visit our COSTARS Page for contract numbers.
Purchase with confidence!
Read real reviews on Procurated, the COSTAR-approved supplier ratings and review platform for the public sector.
In the NIST Cybersecurity Framework, “Identify” is the foundational step in managing cybersecurity risks. This function focuses on understanding and managing resources, assets, systems, data, and capabilities within an organization. Without a clear, comprehensive inventory of assets, organizations struggle to protect their network. By identifying and categorizing all components, they can establish a solid groundwork for effective security practices, ensuring resources are allocated where they’re needed most.
Effective identification includes cataloging physical and virtual assets, understanding business environment dependencies, and mapping out roles and responsibilities. Organizations should conduct assessments to understand vulnerabilities and classify assets based on their criticality to business operations. This approach allows them to prioritize high-value resources and focus cybersecurity efforts on essential components.
Risk management is another key area within the Identify function. Once assets are inventoried, organizations can perform risk assessments to determine how likely and severe potential threats might be. From here, they can prioritize risks, aligning security spending with strategic goals. Risk management here also includes evaluating third-party risks to ensure that external vendors adhere to comparable security standards.
Governance is essential to ensuring cybersecurity protocols are followed across an organization. Policies should establish accountability and guide decision-making. A defined governance structure also clarifies incident response, protecting the organization’s assets while keeping all team members on the same page. Identifying governance roles ensures employees know where to go in the event of a security concern.
Ultimately, the Identify function creates an actionable roadmap for cybersecurity. It allows organizations to make informed decisions, allocate resources effectively, and understand where their vulnerabilities lie. This step lays the groundwork for the following stages of protection, detection, and response.