What Are the NIST CSF Implementation Tiers?

The NIST Cybersecurity Framework (CSF) consists of three main components:

1. Framework Core
2. Implementation Tiers
3. Framework Profiles

The NIST CSF implementation tiers are as follows:

• Tier 1: Partial
• Tier 2: Risk Informed
• Tier 3: Repeatable
• Tier 4: Adaptive

Tier levels determine how well organizations follow the rules and recommendations of the CSF, with 1 being the lowest and 4 being the highest. A detailed breakdown of these tiers can be found here.

Return to Security and Risk Terms Glossary