What is Identify Function?

The Identify function establishes the foundation for all other cybersecurity activities by ensuring the organization understands its environment, the resources that support critical functions, and the cybersecurity risks it faces. Key categories within this function include asset management (inventorying hardware, software, data, and external information systems), business environment (understanding the organization's mission, objectives, and stakeholders), governance (establishing cybersecurity policies, roles, and legal requirements), risk assessment (identifying and evaluating cybersecurity risks), and supply chain risk management (understanding and managing risks associated with the supply chain). Without the Identify function, organizations cannot effectively prioritize their security investments or determine which assets require the most protection. In practice, implementing the Identify function involves creating comprehensive asset inventories, conducting regular risk assessments, mapping data flows, understanding regulatory obligations, and establishing a governance structure with clear accountability for cybersecurity decisions. Organizations at higher implementation tiers integrate the Identify function into their overall enterprise risk management processes.