The Framework Profile represents the cybersecurity goals, based on business needs, which are chosen from the Framework Categories and Subcategories. It is used to identify opportunities for improving a cybersecurity program. This is done by comparing a “Current” Profile (where you are) with a “Target” Profile (where you want to be) and then addressing the gaps to meet cybersecurity objectives. Examples of cybersecurity objectives could be “Prevent Threats”, “Reduce Vulnerabilities”, and “Prepare for contingencies”.
The Current Profile reflects the cybersecurity outcomes that are currently being achieved by the agency. To develop a Current Profile, review all of the categories and subcategories and determine those most important to the agency. The Current Profile designed for use with the Cybersecurity Control Implementation Interface (CCII), will take the agency through a list of controls that directly relate to the categories and subcategories of the Framework as it is currently being performed. This can then be used to help prioritize and measure progress toward the Target Profile.