The three interwoven elements of critical infrastructure (physical, cyber and human) are explicitly identified and should be integrated throughout the steps of the framework, as appropriate.

The risk management framework is comprehensive and takes into account the assets, systems and networks that include one or more of the following elements: