National Critical Functions: Status Update to the Critical Infrastructure Community [open pdf - 654KB]
From the Executive Summary: "In the Spring of 2019, the Cybersecurity and Infrastructure Security Agency (CISA), through the National Risk Management Center (NRMC), published a set of 55 National Critical Functions (NCFs) to guide national risk management efforts. Subsequent to the publication of the NCFs, the NRMC has worked closely with Sector Specific Agencies and private sector representatives of the Critical Infrastructure Partnership Advisory Council to develop a more robust understanding of critical infrastructure risk and risk management. The NCFs allows for a more robust prioritization of critical infrastructure and a more systematic approach to risk management. The NCFs effectively reset the critical infrastructure risk management framework established in the National Infrastructure Protection Plan. The previous version focused on entity level risk management as opposed to critical outcomes. By establishing a set of critical functions performed by critical infrastructure, the NCF approach enables a richer understanding of how entities come together to produce critical functions, which then contributes to understanding the key assets, systems and networks that contribute to the functions, as well as critical technologies, and dependencies that enable the function."
U.S. Cybersecurity and Infrastructure Security Agency: https://www.cisa.gov/