The Cybersecurity Framework Tool (CFT) is a novel methodology and dynamic web based tool that provides five concurrent and continuous functions to Identify, Protect, Detect, Respond, and Recover from cyber threats and vulnerabilities to critical infrastructure. When considered together, these functions provide a detailed picture and measurement of an organization's cybersecurity posture, where there are cyber security gaps as well as areas for improvement. This strategic view of the lifecycle and posture of an organization's cybersecurity risk management provides a qualitative and quantitative basis for more efficient cyber security investment, finding gaps that can be close in absence of new resources as well as medium and long term opportunities to increase the overall security posture of the organization. CFT provides an easy to follow set of cybersecurity best practices, policies, and procedures to improve the cybersecurity posture of critical infrastructures. CFT also facilitates communication of cybersecurity activities and outcomes across the organization from the executive to operations levels, enabling organizations to make better cyber security investment decisions. CFT provides owners and operators of critical infrastructure a number of timely and innovative features to realize the cyber security investment and risk management goals. CFT provides a common taxonomy, methodology and tool for critical infrastructure stakeholders to: describe their current cybersecurity posture, describe their target state for cybersecurity, identify and prioritize opportunities for improvement within the context of a continuous and repeatable process, assess progress toward the target state, and communicate among internal and external stakeholders about cybersecurity risk train stakeholders on cybersecurity best practices Implements the Presidential Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 2017), which calls on Federal agencies and critical infrastructure owners and operators to manage their cyber risk