The closest relationship to the Core is in steps 3 (Create a Current State Profile) & 5 (Create a Target State Profile). In these steps, we create a Profile organized by the Functions, Categories, or Subcategories to understand our current or target state relating to each. Step 1, Prioritize and Scope is more focused on evaluating what is being evaluated rather than beginning the evaluation itself. Hope this helps!

@@OpticCyber Thanks a lot, I appriciate the respons. So the 7 implementation steps are used basically independent of Core? You explained very well in the first video that the Core are outcome based, and only tells you what to do, and not how to do it. But would it be reasonable to presume that the 7 steps are used without having the Core, or would you say that you must first have/look at the Core, then use the 7 steps? I'm just trying to understand if the Core and the 7 steps were created in conjunction to each other, or if one would use the other without even having to know that the other exists (which of cours is possible, but I'm not sure if that was the intent)?

@@romiocp732 You're right, the Implementation Steps can be used independently of the Core and the Core used independently of the Implementation Steps. However, they work very well together to use the Core as the criteria for evaluating a cybersecurity program leveraging the Implementation Steps as the process to follow.

Thanks for reaching out. Can you let me know what link you are looking for and I will send directly!

Hi Shon! NIST has some additional information in the Cybersecurity Framework itself describing "Establishing or Improving a Cybersecurity Program" in Section 3.2 (www.nist.gov/cyberframework/framework). Additionally, we have a more in depth video that walks through implementing the Cybersecurity Framework along with NIST's Privacy Framework that you might find helpful (kzbin.info/www/bejne/bnnYkHZnn6Zqjrs).