Identify
Understand the organization's current cybersecurity risks. Know your assets, your vulnerabilities, your threats, and your exposure before you can protect against them.
Know What You Have
You can’t protect what you can’t see. Identify is the reconnaissance function — turned inward. Before building defenses, you need a complete picture of your assets, your data, your attack surface, and the threats relevant to your organization.
Categories
- ID.AM — Asset Management — Assets (hardware, software, systems, data, services) that enable the organization to achieve business purposes are identified and managed
- ID.RA — Risk Assessment — The organization understands the cybersecurity risks to its operations, assets, and individuals
- ID.IM — Improvement — Improvements to organizational cybersecurity risk management are identified and implemented based on assessments, testing, and lessons learned
- ID.VA — Vulnerability Assessment — Vulnerabilities in organizational assets are identified and documented
Key Concepts
Asset inventory is foundational. Every other function depends on knowing what exists. If a server isn’t in your inventory, it’s not in your vulnerability scans, it’s not in your monitoring, and it’s not in your incident response plan. Shadow IT is the enemy of Identify.
Risk assessment is continuous, not annual. The threat landscape changes faster than annual review cycles. Identify assumes ongoing assessment — new assets, new vulnerabilities, new threat intelligence feeding back into the risk picture.
Data classification. Not all data is equal. Member PII requires different protections than a public marketing page. Identify is where you determine what data you hold, where it lives, how it flows, and how it’s classified.