The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors. They provide detailed guidance for developing individual organizational Profiles. Through the use of the Profiles, the Framework will assist the organization to align its cybersecurity activities with its business requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk. The Executive Order also requires that the Framework include a methodology for protecting individual privacy and civil liberties when critical infrastructure organizations conduct cybersecurity activities. The Framework can assist organizations in incorporating privacy and civil liberties as part of a comprehensive cybersecurity program. The Framework enables organizations - regardless of size, degree of cybersecurity risk, or cybersecurity sophistication - to apply the principles and best practices of risk management in order to improve the security and resilience of critical infrastructure. In addition, because it references globally recognized standards for cybersecurity, the Framework can also be used by organizations located outside the United States, serving as a model for international cooperation in strengthening critical infrastructure cybersecurity. 2 tables, 2 figures, and appended Framework Core