A characterization of the rigor of an organization’s cybersecurity risk governance and management practices. There are four Tiers: Partial (Tier 1), Risk Informed (Tier 2), Repeatable (Tier 3), and Adaptive (Tier 4).

Source: NIST Cybersecurity Framework 2.0 | Category: