Meet ComplAIIntelligence: Your AI-powered teammate for risk & complianceLearn more
All framework guides

Help Center · Framework guide

NIST Cybersecurity Framework

NIST CSF · Security · United States · v2.0

RiskIdentifyProtectDetect

Overview

The NIST Cybersecurity Framework organizes cybersecurity outcomes across Identify, Protect, Detect, Respond, and Recover.

16 controls available in ComplAI for this framework.

Who it's for

  • US and global organizations building a risk-based cyber program
  • Leadership teams needing a common risk language
  • Programs aligning multiple frameworks to one posture model

Why it matters

CSF is widely understood by boards and regulators. ComplAI maps CSF functions to actionable controls and readiness.

Govern and IdentifyProtect and DetectRespond and RecoverProfile and maturity tracking

How ComplAI helps

  • Activate NIST CSF in the Framework Library to load its control catalog
  • Assign owners, track compliance status, and attach evidence per control
  • Use risk register and issues workflows when controls fail or deviate
  • Export readiness views for leadership and auditors

Sample controls

  • GV.OC

    Organizational context

    governance
  • GV.RM

    Risk management strategy

    risk management
  • ID.AM

    Asset management

    asset management
  • ID.RA

    Risk assessment

    risk management
  • PR.AC

    Identity management and access control

    access control
  • PR.DS

    Data security

    data protection

Getting started

  1. Open Framework Library and activate NIST CSF
  2. Review the control list and prioritize high-impact domains
  3. Attach policies, procedures, and technical evidence
  4. Mark controls audit-ready and monitor residual gaps