ControlMap

NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework (CSF) 2.0 provides a comprehensive set of guidelines for managing cybersecurity risk. Organized into six core functions — Govern, Identify, Protect, Detect, Respond, and Recover — it helps organizations of all sizes build and improve their cybersecurity posture.

100%
Coverage
49
Controls Covered
0
Gaps
49
Total Controls

Covered Controls

Controls that have explicit mappings to NIST CSF 2.0 requirements.

Govern (6 controls)

Gp Governance Policy
GV.OC-01, GV.PO-01
 Rm Risk Management
GV.RM-01, GV.RM-02
 Sc Supply Chain Risk
GV.SC-01, GV.SC-03
 Rr Roles & Responsibilities
GV.RR-01
 Cm Compliance
GV.OC-02
 Vr Vendor Risk Mgmt
GV.SC-01, GV.SC-03, GV.SC-06

Identify (6 controls)

Am Asset Management
ID.AM-01, ID.AM-02
 Ra Risk Assessment
ID.RA-01, ID.RA-02
 Be Business Environment
ID.BE-01
 Da Data Classification
ID.AM-05
 Vn Vulnerability Mgmt
ID.RA-01
 Ti Threat Intelligence
DE.AE-07

Protect (21 controls)

Aw Awareness & Training
PR.AT-01, PR.AT-02
 Ac Access Control
PR.AA-01, PR.AA-03
 Mf Multi-Factor Auth
PR.AA-03
 En Encryption
PR.DS-01, PR.DS-02
 Dp Data Protection
PR.DS-01, PR.DS-02, PR.DS-10
 Bk Backup & Recovery
PR.DS-11
 Pa Privileged Access
PR.AA-05
 Fw Firewall / Net Seg
PR.IR-01
 Ep Endpoint Protection
PR.IR-01
 Pm Patch Management
PR.PS-01
 Cf Secure Config
PR.PS-01
 Sd Secure Development
PR.PS-06
 Ml Email Security
PR.IR-01
 Ws Web Security
PR.IR-01
 Zt Zero Trust
PR.AA-01, PR.AA-03, PR.IR-01
 Mb Mobile Security
PR.PS-01
 Cl Cloud Security
PR.PS-01, PR.DS-01
 Ds DNS Security
PR.IR-01
 Wf WAF
PR.IR-01
 Dl DLP
PR.DS-10
 Ap API Security
PR.IR-01, PR.AA-03

Detect (6 controls)

Sm Cont. Monitoring
DE.CM-01, DE.CM-03
 Lg Logging & Audit
DE.AE-02, DE.AE-03
 Id Intrusion Detection
DE.CM-01
 An Anomaly Detection
DE.AE-01, DE.AE-04
 Sg SIEM / SOC
DE.AE-02, DE.AE-06
 It Insider Threat
DE.CM-03, DE.AE-01

Respond (5 controls)

Ir Incident Response
RS.MA-01, RS.MA-02
 Fn Forensics
RS.AN-03
 Co Communication
RS.CO-02, RS.CO-03
 Mt Mitigation
RS.MI-01, RS.MI-02
 Rp Reporting
RS.CO-02

Recover (5 controls)

Rc Recovery Planning
RC.RP-01, RC.RP-02
 Bc Business Continuity
RC.RP-03, RC.RP-04
 Ll Lessons Learned
RC.RP-06
 Cr Comms & Restore
RC.CO-03, RC.CO-04
 Dr Disaster Recovery
RC.RP-01

NIST CSF 2.0 vs Other Frameworks

NIST CSF 2.0 provides 100% coverage of the 49 cybersecurity controls tracked by ControlMap. ISO 27001 covers 100%, CIS v8 covers 90%, SOC 2 covers 100%, PCI DSS covers 100%, CMMC covers 94%, 800-53 covers 100%, HIPAA covers 94%, GDPR covers 96%. For maximum coverage, organizations often combine NIST CSF 2.0 with complementary frameworks to address gaps in areas like niche domains.

Other Frameworks

ISO 27001 CIS v8 SOC 2 PCI DSS CMMC 800-53 HIPAA GDPR
View NIST CSF 2.0 in Interactive Dashboard