Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.
All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, provides a comprehensive taxonomy for managing cybersecurity risk through six core Functions - Govern, Identify, Protect, Detect, Respond, and Recover. This skill covers conducting a maturity assessment against the CSF using Implementation Tiers to measure organizational cybersecurity posture and create improvement roadmaps.
cybersecurity
compliance-governance
compliance
governance
nist
csf
maturity-assessment
risk-management
GV.OC-01
GV.RM-01
GV.PO-01
ID.RA-01
GV.OV-01
1.0
mahipal
Apache-2.0
Performing NIST CSF Maturity Assessment
Overview
The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, provides a comprehensive taxonomy for managing cybersecurity risk through six core Functions: Govern, Identify, Protect, Detect, Respond, and Recover. This skill covers conducting a maturity assessment against the CSF, using the four Implementation Tiers (Partial, Risk-Informed, Repeatable, Adaptive) to measure organizational cybersecurity posture and create improvement roadmaps.
When to Use
When conducting security assessments that involve performing nist csf maturity assessment
When following incident response procedures for related security events
When performing scheduled security testing or auditing activities
When validating security controls through hands-on testing
Prerequisites
Understanding of cybersecurity risk management principles
Access to NIST CSF 2.0 documentation and reference tool
Knowledge of organizational IT/OT environment and security controls
Stakeholder access across business units for assessment interviews
Core Concepts
CSF 2.0 Functions (6 Functions, 22 Categories)
Function
Code
Categories
Purpose
Govern
GV
6
Establish and monitor cybersecurity risk management strategy
Identify
ID
3
Determine current cybersecurity risk to the organization
Protect
PR
5
Implement safeguards to prevent or reduce risk
Detect
DE
2
Find and analyze possible cybersecurity attacks
Respond
RS
4
Take action regarding detected cybersecurity incidents
Recover
RC
2
Restore capabilities impaired by cybersecurity incidents
Govern Function (New in CSF 2.0)
GV.OC: Organizational Context
GV.RM: Risk Management Strategy
GV.RR: Roles, Responsibilities, and Authorities
GV.PO: Policy
GV.OV: Oversight
GV.SC: Cybersecurity Supply Chain Risk Management
Implementation Tiers
Tier
Name
Description
Tier 1
Partial
Ad hoc, reactive; limited awareness of cybersecurity risk
Tier 2
Risk-Informed
Risk-aware but not organization-wide; approved but may not be policy