NIST-010
gapNIST CSF Control 010
Severity 5; 3 evidence expectations are missing in the current public sample.
PUBLIC PREVIEWnist_csfAligned: 2026-03-14
NIST CSF Readiness
A cross-functional readiness pack aligned to NIST CSF 1.1 style categories, built for teams that need an inspectable security-baseline narrative rather than a generic maturity slide.
This page is a public-safe wrapper over the real artifacts. It shows the review shape and posture of the current pack without making the full pack the default public surface.
Who it is for
- Leadership or security teams that want a broad control-language view across identify, protect, detect, respond, and recover themes.
- Customers or partners seeking a practical security-baseline view without demanding a full audit programme first.
- Operators who need to bridge technical evidence and executive trust communication.
Civitas preview document
NIST CSF Readiness
Public preview derived from the real pack. Includes the reviewer summary, representative controls, representative gaps, and artifact posture.
Pack ID: PACK-001
Public alignment: 2026-03-14
Public source: Canonical public specimen
Verification: OK
Total controls
80
Visible gaps
80
Claims
2
Verifier
15
Reviewer summary
The artifact structure is verified, but the current sample remains gap-heavy: 80 of 80 controls are marked as gaps in the current public output.
The declared in-scope statement is "Vendor security control assessment", and the declared out-of-scope statement is "Penetration testing and red teaming". This is a public preview, not the full control matrix.
Current posture
Verified structure
Public context: Curated preview over the real artifacts
Boundary: Full pack retained for customer delivery
Sealed artifacts: 6
Verify model: Local confirmation of the complete pack
Representative controls
| ID | Objective | Severity | Status |
|---|---|---|---|
| NIST-001 | Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence. | 1 | gap |
| NIST-002 | Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence. | 2 | gap |
| NIST-003 | Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence. | 3 | gap |
Representative gaps
NIST-015
gapNIST CSF Control 015
Severity 5; 3 evidence expectations are missing in the current public sample.
NIST-070
gapNIST CSF Control 070
Severity 5; 3 evidence expectations are missing in the current public sample.
Sample artifact block
Decision preview
The complete HTML/PDF exists in the real pack. Here we expose only the cover, summary, and reviewer posture.
Integrity and verification
Verifier OK: yes; 15 checked entries; 6 sealed artifacts.
Public boundary
The complete control matrix, full evidence trace, full run log, and raw pack.zip remain in internal or customer-delivery context.
What it helps produce
- A readiness pack that frames evidence in familiar NIST-oriented security language.
- A structured review surface that highlights evidence-backed strengths, gaps, and unresolved areas.
- A deterministic output set for repeatable buyer, partner, or internal governance review.
What it covers at a high level
- High-level security governance and identification of critical assets and risks.
- Protection, detection, response, and recovery themes grounded in actual artifact output.
- Control and evidence groupings suited to cross-functional readiness review.
What it does not claim
- Certification, federal authorisation, or a complete maturity assessment.
- A replacement for organisation-specific risk analysis, control design work, or audit procedures.
Full artifacts in customer delivery
DecisionPack.html
Browser-readable decision surface for reviewer inspection.
DecisionPack.pdf
Print-ready decision pack for procurement, audit, and leadership review.
DecisionPack.manifest.json
Artifact manifest and pack metadata for traceability.
DecisionPack.seal.json
Deterministic seal metadata for integrity review.
pack.zip
Pack archive delivered for local inspection and replay.
verify.json
Verifier output expected to resolve to a passing state on a valid public pack.
SHA256.txt
Checksums for reviewer-side integrity confirmation.
Those artifacts remain real and unchanged. The difference is only public exposure: the preview is default, not the full dump.
Relevant next steps
The public preview demonstrates the real product shape. The complete pack, full mapping, and full delivery remain available in customer-delivery or controlled demo context.