All framework guides
Help Center · Framework guide
NIST Cybersecurity Framework
NIST CSF · Security · United States · v2.0
RiskIdentifyProtectDetect
Overview
The NIST Cybersecurity Framework organizes cybersecurity outcomes across Identify, Protect, Detect, Respond, and Recover.
16 controls available in ComplAI for this framework.
Who it's for
- US and global organizations building a risk-based cyber program
- Leadership teams needing a common risk language
- Programs aligning multiple frameworks to one posture model
Why it matters
CSF is widely understood by boards and regulators. ComplAI maps CSF functions to actionable controls and readiness.
Govern and IdentifyProtect and DetectRespond and RecoverProfile and maturity tracking
How ComplAI helps
- Activate NIST CSF in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- governance
GV.OC
Organizational context
- risk management
GV.RM
Risk management strategy
- asset management
ID.AM
Asset management
- risk management
ID.RA
Risk assessment
- access control
PR.AC
Identity management and access control
- data protection
PR.DS
Data security
Getting started
- Open Framework Library and activate NIST CSF
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
