This represents a best practice for completing CSF Step 3: Create a Current Profile, because it
involves collaborating with relevant stakeholders to identify the current cybersecurity outcomes and
implementation status of the organization12. Engaging in a dialogue and obtaining input can help to
ensure that the Current Profile reflects the business drivers, mission, objectives, and risk appetite of
the organization, as well as the scope and boundaries of the cybersecurity program34.
Reference: 1: Cybersecurity Framework Components | NIST 2: Getting Started with the NIST
Cybersecurity Framework: A Quick Start Guide3 3: Implementing the NIST Cybersecurity Framework
Using COBIT 2019 | ISACA 4: NIST CSF: The seven-step cybersecurity framework process5
