National Critical Functions: Reframing How Risks are Managed


Author: By the National Risk Management Center

National Critical FunctionsToday, CISA released the second National Critical Functions: Status Update to the Critical Infrastructure Community to inform stakeholders of the progress made on the National Critical Functions (NCFs) main activities. The advent of digital technologies and adoption of Internet of Things has transformed critical infrastructure into an interconnected ecosystem. More than just laptops and smartphones, critical infrastructure provides and enables critical functions such as the distribution of electricity, supply of water, and access to the internet. The benefits are indisputable. However, the consequences of an incident to other sectors and industries are also indisputable.

This reality is why CISA’s National Risk Management Center (NRMC) developed the NCF Risk Management Framework. The NCF Framework allows for a more robust prioritization of the Nation’s critical infrastructure and a systematic approach to corresponding risk management activity. It enables a richer understanding of how entities come together to produce NCFs and how failures in the key systems, assets, components, and technologies that produce or deliver an NCF may cascade across sectors and industries.

The NCF Status Update details the progress made over the past year to further break down all 55 NCFs to their primary and secondary sub-function levels. This decomposition work is essential to identifying and analyzing where those risks that could have national level consequences exist. It also details CISA’s work to advance federal implementation of the NCF Framework through the establishment of a new working group and how development of the Risk Architecture—an innovative technology-enabled tool that will enhance CISA’s risk analysis capabilities—is progressing.

At the Agency’s first meeting of the Cybersecurity Advisory Committee last week, an independent body established to advise and provide recommendations on how to enhance the nation’s cyber defense, the importance of the reducing systemic risk to the NCFs was a key topic.

“As we have seen with recent events, adversaries are tireless, and they continue to look for ways to target and disable critical infrastructure,” said CISA Assistant Director Bob Kolasky. “Having a deep understanding of National Critical Functions, and key systems and assets within those functions, helps us to identify and mitigate risk across the critical infrastructure ecosystem; building long-term resilience to our Nation’s most vital assets."

To learn more about the NCFs, visit, or download/visit these resources: