The most important reason to compare framework profiles is to identify gaps between the current
and target state of cybersecurity activities and outcomes, and to prioritize the actions needed to
address them12. Framework profiles are the alignment of the functions, categories, and
subcategories of the NIST Cybersecurity Framework with the business requirements, risk tolerance,
and resources of the organization3. By comparing the current profile (what is being achieved) and
the target profile (what is needed), an organization can assess its cybersecurity posture and develop
a roadmap for improvement4.
Reference: 1: Cybersecurity Framework Components | NIST 2: Implementing the NIST Cybersecurity
Framework Using COBIT 2019 | ISACA 3: Examples of Framework Profiles | NIST 4: Connecting COBIT
2019 to the NIST Cybersecurity Framework - ISACA
