csf-mapping
Installation
SKILL.md
CSF Mapping — NIST Cybersecurity Framework 2.0 Posture Assessment
Translate your security posture into the language every CISO, board, auditor, and insurer already speaks. Distinct from the audit skills (which find specific issues); this skill assesses your program against a recognized framework and produces governance-ready output.
NIST CSF 2.0 is the framework that, as of 2024, replaced CSF 1.1. It added a sixth function — Govern — recognizing that the others can't work without governance backing.
The six functions:
| Function | What it covers |
|---|---|
| Govern (GV) | Cybersecurity strategy, roles, policies, oversight, supply chain risk |
| Identify (ID) | Asset inventory, business environment, risk assessment, supply chain |
| Protect (PR) | Access control, awareness, data security, baseline configurations, maintenance, protective tech |
| Detect (DE) | Continuous monitoring, anomaly detection, adverse event analysis |
| Respond (RS) | Incident management, analysis, mitigation, reporting, comms |
| Recover (RC) | Recovery planning, improvements, communications |
Each function contains Categories (e.g., PR.AA — Identity Management, Authentication, and Access Control), and each category contains Subcategories (e.g., PR.AA-01 — Identities and credentials for authorized users, services, and hardware are managed).