The Framework Core consists of common cybersecurity activities and goals. It is comprised of five concurrent and continuous functions representing activities that assist with defining and implementing the cybersecurity program. The functions are Identify, Protect, Detect, Respond, and Recover.
Functions are subdivided into categories representing cybersecurity goals which tie agency and security needs to desired outcomes. Examples of categories include "Asset Management", "Access Control", and "Detection Processes".
Categories are further divided into subcategories that provide specific outcomes of technical and/or management activities. Examples of subcategories include "External information systems are catalogued", "Data-at-rest is protected", and "Notifications from detection systems are investigated".