The NIST Cybersecurity Framework has many uses for an organization. At its core, the framework is not used to replace or become an organization’s cybersecurity structure but instead to complement its risk management process. Overall, its main purpose is to reduce and to better manage cybersecurity risks. These organizations, regardless of size, need a secure and reliable management system due to the increasing risks from internal and external threats. Potential risks listed in the reading included costs being driven up affecting revenue and complicating an organization’s ability to innovate and gain/maintain customers. To do this, the Framework has three main components: the Framework Core, the Framework Implementation Tiers, and the Framework Profile. Each has a specific purpose contributing to most optimally configuring an organization’s risk management and cybersecurity. The Framework Core is made up of four elements: Functions, Categories, Subcategories, and Informative References. This component is used to cleanly organize an organization’s cybersecurity outcomes and plans so that they can be easily presented and consumed by someone, such as an investor or stakeholder. The Framework Implementation Tiers are a set of four tiers that an organization can place themselves into in order to find what style they have when approaching cybersecurity threats. These tiers range from a partial approach to cybersecurity to an adaptive and fast-acting approach. The last component is the Framework Profile which is used so that an organization can effectively improve their cybersecurity posture. During this step, an organization will create a “Current” profile of their cybersecurity, they can use the Framework Core to do this, and a “Target” profile. The target profile entails an organization’s goals for risk management and they can compare it to their current profile to establish a roadmap of goals and outcomes needed to be completed.