Executive Summary
| Severity-weighted score | 0.0% |
|---|---|
| Total controls | 80 |
| Met | 0 |
| Partial | 0 |
| Gap | 80 |
Key Gaps
NIST-010NIST CSF Control 010 - gap - severity 5 - missing evidence 3NIST-015NIST CSF Control 015 - gap - severity 5 - missing evidence 3NIST-070NIST CSF Control 070 - gap - severity 5 - missing evidence 3NIST-075NIST CSF Control 075 - gap - severity 5 - missing evidence 3NIST-005NIST CSF Control 005 - gap - severity 5 - missing evidence 2NIST-020NIST CSF Control 020 - gap - severity 5 - missing evidence 2NIST-025NIST CSF Control 025 - gap - severity 5 - missing evidence 2NIST-030NIST CSF Control 030 - gap - severity 5 - missing evidence 2NIST-035NIST CSF Control 035 - gap - severity 5 - missing evidence 2NIST-040NIST CSF Control 040 - gap - severity 5 - missing evidence 2NIST-045NIST CSF Control 045 - gap - severity 5 - missing evidence 2NIST-050NIST CSF Control 050 - gap - severity 5 - missing evidence 2
Full Controls Table
| control_id | title | objective | evidence expectations | status | severity | evidence_count |
|---|---|---|---|---|---|---|
NIST-001 | NIST CSF Control 001 | Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-002 | NIST CSF Control 002 | Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-003 | NIST CSF Control 003 | Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-004 | NIST CSF Control 004 | Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-005 | NIST CSF Control 005 | Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-006 | NIST CSF Control 006 | Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-007 | NIST CSF Control 007 | Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-008 | NIST CSF Control 008 | Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-009 | NIST CSF Control 009 | Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-010 | NIST CSF Control 010 | Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-011 | NIST CSF Control 011 | Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-012 | NIST CSF Control 012 | Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-013 | NIST CSF Control 013 | Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-014 | NIST CSF Control 014 | Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-015 | NIST CSF Control 015 | Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-016 | NIST CSF Control 016 | Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-017 | NIST CSF Control 017 | Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-018 | NIST CSF Control 018 | Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-019 | NIST CSF Control 019 | Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-020 | NIST CSF Control 020 | Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-021 | NIST CSF Control 021 | Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-022 | NIST CSF Control 022 | Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-023 | NIST CSF Control 023 | Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-024 | NIST CSF Control 024 | Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-025 | NIST CSF Control 025 | Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-026 | NIST CSF Control 026 | Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-027 | NIST CSF Control 027 | Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-028 | NIST CSF Control 028 | Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-029 | NIST CSF Control 029 | Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-030 | NIST CSF Control 030 | Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-031 | NIST CSF Control 031 | Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-032 | NIST CSF Control 032 | Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-033 | NIST CSF Control 033 | Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-034 | NIST CSF Control 034 | Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-035 | NIST CSF Control 035 | Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-036 | NIST CSF Control 036 | Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-037 | NIST CSF Control 037 | Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-038 | NIST CSF Control 038 | Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-039 | NIST CSF Control 039 | Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-040 | NIST CSF Control 040 | Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-041 | NIST CSF Control 041 | Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-042 | NIST CSF Control 042 | Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-043 | NIST CSF Control 043 | Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-044 | NIST CSF Control 044 | Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-045 | NIST CSF Control 045 | Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-046 | NIST CSF Control 046 | Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-047 | NIST CSF Control 047 | Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-048 | NIST CSF Control 048 | Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-049 | NIST CSF Control 049 | Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-050 | NIST CSF Control 050 | Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-051 | NIST CSF Control 051 | Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-052 | NIST CSF Control 052 | Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-053 | NIST CSF Control 053 | Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-054 | NIST CSF Control 054 | Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-055 | NIST CSF Control 055 | Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-056 | NIST CSF Control 056 | Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-057 | NIST CSF Control 057 | Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-058 | NIST CSF Control 058 | Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-059 | NIST CSF Control 059 | Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-060 | NIST CSF Control 060 | Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-061 | NIST CSF Control 061 | Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-062 | NIST CSF Control 062 | Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-063 | NIST CSF Control 063 | Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-064 | NIST CSF Control 064 | Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-065 | NIST CSF Control 065 | Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-066 | NIST CSF Control 066 | Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-067 | NIST CSF Control 067 | Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-068 | NIST CSF Control 068 | Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-069 | NIST CSF Control 069 | Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-070 | NIST CSF Control 070 | Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-071 | NIST CSF Control 071 | Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-072 | NIST CSF Control 072 | Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-073 | NIST CSF Control 073 | Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-074 | NIST CSF Control 074 | Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-075 | NIST CSF Control 075 | Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
NIST-076 | NIST CSF Control 076 | Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
NIST-077 | NIST CSF Control 077 | Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
NIST-078 | NIST CSF Control 078 | Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
NIST-079 | NIST CSF Control 079 | Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
NIST-080 | NIST CSF Control 080 | Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
Gap Register
| control_id | title | status | severity | evidence_count | missing_evidence | evidence expectations |
|---|---|---|---|---|---|---|
NIST-001 | NIST CSF Control 001 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-002 | NIST CSF Control 002 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-003 | NIST CSF Control 003 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-004 | NIST CSF Control 004 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-005 | NIST CSF Control 005 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-006 | NIST CSF Control 006 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-007 | NIST CSF Control 007 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-008 | NIST CSF Control 008 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-009 | NIST CSF Control 009 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-010 | NIST CSF Control 010 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-011 | NIST CSF Control 011 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-012 | NIST CSF Control 012 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-013 | NIST CSF Control 013 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-014 | NIST CSF Control 014 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-015 | NIST CSF Control 015 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-016 | NIST CSF Control 016 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-017 | NIST CSF Control 017 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-018 | NIST CSF Control 018 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-019 | NIST CSF Control 019 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-020 | NIST CSF Control 020 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-021 | NIST CSF Control 021 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-022 | NIST CSF Control 022 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-023 | NIST CSF Control 023 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-024 | NIST CSF Control 024 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-025 | NIST CSF Control 025 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-026 | NIST CSF Control 026 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-027 | NIST CSF Control 027 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-028 | NIST CSF Control 028 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-029 | NIST CSF Control 029 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-030 | NIST CSF Control 030 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-031 | NIST CSF Control 031 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-032 | NIST CSF Control 032 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-033 | NIST CSF Control 033 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-034 | NIST CSF Control 034 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-035 | NIST CSF Control 035 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-036 | NIST CSF Control 036 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-037 | NIST CSF Control 037 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-038 | NIST CSF Control 038 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-039 | NIST CSF Control 039 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-040 | NIST CSF Control 040 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-041 | NIST CSF Control 041 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-042 | NIST CSF Control 042 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-043 | NIST CSF Control 043 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-044 | NIST CSF Control 044 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-045 | NIST CSF Control 045 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-046 | NIST CSF Control 046 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-047 | NIST CSF Control 047 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-048 | NIST CSF Control 048 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-049 | NIST CSF Control 049 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-050 | NIST CSF Control 050 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-051 | NIST CSF Control 051 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-052 | NIST CSF Control 052 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-053 | NIST CSF Control 053 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-054 | NIST CSF Control 054 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-055 | NIST CSF Control 055 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-056 | NIST CSF Control 056 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-057 | NIST CSF Control 057 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-058 | NIST CSF Control 058 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-059 | NIST CSF Control 059 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-060 | NIST CSF Control 060 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-061 | NIST CSF Control 061 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-062 | NIST CSF Control 062 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-063 | NIST CSF Control 063 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-064 | NIST CSF Control 064 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-065 | NIST CSF Control 065 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-066 | NIST CSF Control 066 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-067 | NIST CSF Control 067 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-068 | NIST CSF Control 068 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-069 | NIST CSF Control 069 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-070 | NIST CSF Control 070 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-071 | NIST CSF Control 071 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-072 | NIST CSF Control 072 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-073 | NIST CSF Control 073 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-074 | NIST CSF Control 074 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-075 | NIST CSF Control 075 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-076 | NIST CSF Control 076 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-077 | NIST CSF Control 077 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-078 | NIST CSF Control 078 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-079 | NIST CSF Control 079 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
NIST-080 | NIST CSF Control 080 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found. |
Evidence Appendix
NIST-001 - NIST CSF Control 001
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-002 - NIST CSF Control 002
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-003 - NIST CSF Control 003
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-004 - NIST CSF Control 004
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-005 - NIST CSF Control 005
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-006 - NIST CSF Control 006
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-007 - NIST CSF Control 007
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-008 - NIST CSF Control 008
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-021 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-032 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-009 - NIST CSF Control 009
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-010 - NIST CSF Control 010
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-034 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-011 - NIST CSF Control 011
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-012 - NIST CSF Control 012
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-013 - NIST CSF Control 013
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-014 - NIST CSF Control 014
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-015 - NIST CSF Control 015
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-016 - NIST CSF Control 016
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-017 - NIST CSF Control 017
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-018 - NIST CSF Control 018
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-019 - NIST CSF Control 019
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-020 - NIST CSF Control 020
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-021 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-032 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-021 - NIST CSF Control 021
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-022 - NIST CSF Control 022
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-034 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-023 - NIST CSF Control 023
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-024 - NIST CSF Control 024
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-025 - NIST CSF Control 025
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-026 - NIST CSF Control 026
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-027 - NIST CSF Control 027
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-028 - NIST CSF Control 028
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-029 - NIST CSF Control 029
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-030 - NIST CSF Control 030
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-031 - NIST CSF Control 031
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-032 - NIST CSF Control 032
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-021 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-032 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-033 - NIST CSF Control 033
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-034 - NIST CSF Control 034
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-034 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-035 - NIST CSF Control 035
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-036 - NIST CSF Control 036
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-037 - NIST CSF Control 037
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-038 - NIST CSF Control 038
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-039 - NIST CSF Control 039
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-040 - NIST CSF Control 040
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-041 - NIST CSF Control 041
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-042 - NIST CSF Control 042
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-043 - NIST CSF Control 043
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-044 - NIST CSF Control 044
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-021 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-032 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-045 - NIST CSF Control 045
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-046 - NIST CSF Control 046
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-034 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-047 - NIST CSF Control 047
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-048 - NIST CSF Control 048
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-049 - NIST CSF Control 049
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-050 - NIST CSF Control 050
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-051 - NIST CSF Control 051
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-052 - NIST CSF Control 052
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-053 - NIST CSF Control 053
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-054 - NIST CSF Control 054
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-055 - NIST CSF Control 055
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-056 - NIST CSF Control 056
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-021 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-032 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-057 - NIST CSF Control 057
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-058 - NIST CSF Control 058
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-034 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-059 - NIST CSF Control 059
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-060 - NIST CSF Control 060
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-061 - NIST CSF Control 061
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-062 - NIST CSF Control 062
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-063 - NIST CSF Control 063
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-064 - NIST CSF Control 064
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-065 - NIST CSF Control 065
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-066 - NIST CSF Control 066
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-067 - NIST CSF Control 067
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-068 - NIST CSF Control 068
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-021 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-032 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-069 - NIST CSF Control 069
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/ANOMALY/ALERTING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/ANOMALY/ALERTING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/ANOMALY/ALERTING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-070 - NIST CSF Control 070
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/INCIDENT/PLANNING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/INCIDENT/PLANNING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/INCIDENT/PLANNING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-034 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-071 - NIST CSF Control 071
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for RESPOND/ANALYSIS/MITIGATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RESPOND/ANALYSIS/MITIGATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RESPOND/ANALYSIS/MITIGATION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-010 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-011 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-022 - respond incident planning controls evidence owner review register policy log
tags: respond, incident, planning | hits: 0
No direct evidence hits for this query.
NIST-Q-023 - respond analysis mitigation controls evidence owner review register policy log
tags: respond, analysis, mitigation | hits: 0
No direct evidence hits for this query.
NIST-072 - NIST CSF Control 072
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for RECOVER/CONTINUITY/IMPROVEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RECOVER/CONTINUITY/IMPROVEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RECOVER/CONTINUITY/IMPROVEMENT.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-012 - recover continuity improvement controls evidence owner review register policy log
tags: recover, continuity, improvement | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-073 - NIST CSF Control 073
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/ASSET/INVENTORY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/ASSET/INVENTORY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/ASSET/INVENTORY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-074 - NIST CSF Control 074
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/CONTEXT/DEPENDENCY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/CONTEXT/DEPENDENCY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/CONTEXT/DEPENDENCY.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-013 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-014 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-075 - NIST CSF Control 075
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for IDENTIFY/RISK/GOVERNANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTIFY/RISK/GOVERNANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTIFY/RISK/GOVERNANCE.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-001 - identify asset inventory controls evidence owner review register policy log
tags: identify, asset, inventory | hits: 0
No direct evidence hits for this query.
NIST-Q-002 - identify context dependency controls evidence owner review register policy log
tags: identify, context, dependency | hits: 0
No direct evidence hits for this query.
NIST-Q-003 - identify risk governance controls evidence owner review register policy log
tags: identify, risk, governance | hits: 0
No direct evidence hits for this query.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-076 - NIST CSF Control 076
gap | severity 1 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/IDENTITY/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/IDENTITY/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/IDENTITY/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-077 - NIST CSF Control 077
gap | severity 2 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/AWARENESS/TRAINING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/AWARENESS/TRAINING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/AWARENESS/TRAINING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-078 - NIST CSF Control 078
gap | severity 3 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/DATA/ENCRYPTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/DATA/ENCRYPTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/DATA/ENCRYPTION.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-016 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-079 - NIST CSF Control 079
gap | severity 4 | evidence_count 0
Ensure NIST CSF control coverage for PROTECT/CONFIGURATION/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PROTECT/CONFIGURATION/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PROTECT/CONFIGURATION/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-004 - protect identity access controls evidence owner review register policy log
tags: protect, identity, access | hits: 0
No direct evidence hits for this query.
NIST-Q-005 - protect awareness training controls evidence owner review register policy log
tags: protect, awareness, training | hits: 0
No direct evidence hits for this query.
NIST-Q-006 - protect data encryption controls evidence owner review register policy log
tags: protect, data, encryption | hits: 0
No direct evidence hits for this query.
NIST-Q-007 - protect configuration hardening controls evidence owner review register policy log
tags: protect, configuration, hardening | hits: 0
No direct evidence hits for this query.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-080 - NIST CSF Control 080
gap | severity 5 | evidence_count 0
Ensure NIST CSF control coverage for DETECT/MONITORING/LOGGING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating DETECT/MONITORING/LOGGING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for DETECT/MONITORING/LOGGING.; Recent review evidence with remediation tracking where exceptions were found.
NIST-Q-008 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-009 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-020 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
NIST-Q-021 - detect anomaly alerting controls evidence owner review register policy log
tags: detect, anomaly, alerting | hits: 0
No direct evidence hits for this query.
NIST-Q-032 - detect monitoring logging controls evidence owner review register policy log
tags: detect, monitoring, logging | hits: 0
No direct evidence hits for this query.
Query Log
| query_id | query_text | tags | hits |
|---|---|---|---|
NIST-Q-001 | identify asset inventory controls evidence owner review register policy log | identify, asset, inventory | 0 |
NIST-Q-002 | identify context dependency controls evidence owner review register policy log | identify, context, dependency | 0 |
NIST-Q-003 | identify risk governance controls evidence owner review register policy log | identify, risk, governance | 0 |
NIST-Q-004 | protect identity access controls evidence owner review register policy log | protect, identity, access | 0 |
NIST-Q-005 | protect awareness training controls evidence owner review register policy log | protect, awareness, training | 0 |
NIST-Q-006 | protect data encryption controls evidence owner review register policy log | protect, data, encryption | 0 |
NIST-Q-007 | protect configuration hardening controls evidence owner review register policy log | protect, configuration, hardening | 0 |
NIST-Q-008 | detect monitoring logging controls evidence owner review register policy log | detect, monitoring, logging | 0 |
NIST-Q-009 | detect anomaly alerting controls evidence owner review register policy log | detect, anomaly, alerting | 0 |
NIST-Q-010 | respond incident planning controls evidence owner review register policy log | respond, incident, planning | 0 |
NIST-Q-011 | respond analysis mitigation controls evidence owner review register policy log | respond, analysis, mitigation | 0 |
NIST-Q-012 | recover continuity improvement controls evidence owner review register policy log | recover, continuity, improvement | 0 |
NIST-Q-013 | identify asset inventory controls evidence owner review register policy log | identify, asset, inventory | 0 |
NIST-Q-014 | identify context dependency controls evidence owner review register policy log | identify, context, dependency | 0 |
NIST-Q-015 | identify risk governance controls evidence owner review register policy log | identify, risk, governance | 0 |
NIST-Q-016 | protect identity access controls evidence owner review register policy log | protect, identity, access | 0 |
NIST-Q-017 | protect awareness training controls evidence owner review register policy log | protect, awareness, training | 0 |
NIST-Q-018 | protect data encryption controls evidence owner review register policy log | protect, data, encryption | 0 |
NIST-Q-019 | protect configuration hardening controls evidence owner review register policy log | protect, configuration, hardening | 0 |
NIST-Q-020 | detect monitoring logging controls evidence owner review register policy log | detect, monitoring, logging | 0 |
NIST-Q-021 | detect anomaly alerting controls evidence owner review register policy log | detect, anomaly, alerting | 0 |
NIST-Q-022 | respond incident planning controls evidence owner review register policy log | respond, incident, planning | 0 |
NIST-Q-023 | respond analysis mitigation controls evidence owner review register policy log | respond, analysis, mitigation | 0 |
NIST-Q-024 | recover continuity improvement controls evidence owner review register policy log | recover, continuity, improvement | 0 |
NIST-Q-025 | identify asset inventory controls evidence owner review register policy log | identify, asset, inventory | 0 |
NIST-Q-026 | identify context dependency controls evidence owner review register policy log | identify, context, dependency | 0 |
NIST-Q-027 | identify risk governance controls evidence owner review register policy log | identify, risk, governance | 0 |
NIST-Q-028 | protect identity access controls evidence owner review register policy log | protect, identity, access | 0 |
NIST-Q-029 | protect awareness training controls evidence owner review register policy log | protect, awareness, training | 0 |
NIST-Q-030 | protect data encryption controls evidence owner review register policy log | protect, data, encryption | 0 |
NIST-Q-031 | protect configuration hardening controls evidence owner review register policy log | protect, configuration, hardening | 0 |
NIST-Q-032 | detect monitoring logging controls evidence owner review register policy log | detect, monitoring, logging | 0 |
NIST-Q-033 | detect anomaly alerting controls evidence owner review register policy log | detect, anomaly, alerting | 0 |
NIST-Q-034 | respond incident planning controls evidence owner review register policy log | respond, incident, planning | 0 |
NIST-Q-035 | respond analysis mitigation controls evidence owner review register policy log | respond, analysis, mitigation | 0 |
NIST-Q-036 | recover continuity improvement controls evidence owner review register policy log | recover, continuity, improvement | 0 |
NIST-Q-037 | identify asset inventory controls evidence owner review register policy log | identify, asset, inventory | 0 |
NIST-Q-038 | identify context dependency controls evidence owner review register policy log | identify, context, dependency | 0 |
NIST-Q-039 | identify risk governance controls evidence owner review register policy log | identify, risk, governance | 0 |
NIST-Q-040 | protect identity access controls evidence owner review register policy log | protect, identity, access | 0 |
NIST-Q-041 | protect awareness training controls evidence owner review register policy log | protect, awareness, training | 0 |
NIST-Q-042 | protect data encryption controls evidence owner review register policy log | protect, data, encryption | 0 |
NIST-Q-043 | protect configuration hardening controls evidence owner review register policy log | protect, configuration, hardening | 0 |
NIST-Q-044 | detect monitoring logging controls evidence owner review register policy log | detect, monitoring, logging | 0 |
NIST-Q-045 | detect anomaly alerting controls evidence owner review register policy log | detect, anomaly, alerting | 0 |
Query Log
| query_id | query_text | tags | hits |
|---|---|---|---|
NIST-Q-001 | identify asset inventory controls evidence owner review register policy log | identify, asset, inventory | 0 |
NIST-Q-002 | identify context dependency controls evidence owner review register policy log | identify, context, dependency | 0 |
NIST-Q-003 | identify risk governance controls evidence owner review register policy log | identify, risk, governance | 0 |
NIST-Q-004 | protect identity access controls evidence owner review register policy log | protect, identity, access | 0 |
NIST-Q-005 | protect awareness training controls evidence owner review register policy log | protect, awareness, training | 0 |
NIST-Q-006 | protect data encryption controls evidence owner review register policy log | protect, data, encryption | 0 |
NIST-Q-007 | protect configuration hardening controls evidence owner review register policy log | protect, configuration, hardening | 0 |
NIST-Q-008 | detect monitoring logging controls evidence owner review register policy log | detect, monitoring, logging | 0 |
NIST-Q-009 | detect anomaly alerting controls evidence owner review register policy log | detect, anomaly, alerting | 0 |
NIST-Q-010 | respond incident planning controls evidence owner review register policy log | respond, incident, planning | 0 |
NIST-Q-011 | respond analysis mitigation controls evidence owner review register policy log | respond, analysis, mitigation | 0 |
NIST-Q-012 | recover continuity improvement controls evidence owner review register policy log | recover, continuity, improvement | 0 |
NIST-Q-013 | identify asset inventory controls evidence owner review register policy log | identify, asset, inventory | 0 |
NIST-Q-014 | identify context dependency controls evidence owner review register policy log | identify, context, dependency | 0 |
NIST-Q-015 | identify risk governance controls evidence owner review register policy log | identify, risk, governance | 0 |
NIST-Q-016 | protect identity access controls evidence owner review register policy log | protect, identity, access | 0 |
NIST-Q-017 | protect awareness training controls evidence owner review register policy log | protect, awareness, training | 0 |
NIST-Q-018 | protect data encryption controls evidence owner review register policy log | protect, data, encryption | 0 |
NIST-Q-019 | protect configuration hardening controls evidence owner review register policy log | protect, configuration, hardening | 0 |
NIST-Q-020 | detect monitoring logging controls evidence owner review register policy log | detect, monitoring, logging | 0 |
NIST-Q-021 | detect anomaly alerting controls evidence owner review register policy log | detect, anomaly, alerting | 0 |
NIST-Q-022 | respond incident planning controls evidence owner review register policy log | respond, incident, planning | 0 |
NIST-Q-023 | respond analysis mitigation controls evidence owner review register policy log | respond, analysis, mitigation | 0 |
NIST-Q-024 | recover continuity improvement controls evidence owner review register policy log | recover, continuity, improvement | 0 |
NIST-Q-025 | identify asset inventory controls evidence owner review register policy log | identify, asset, inventory | 0 |
NIST-Q-026 | identify context dependency controls evidence owner review register policy log | identify, context, dependency | 0 |
NIST-Q-027 | identify risk governance controls evidence owner review register policy log | identify, risk, governance | 0 |
NIST-Q-028 | protect identity access controls evidence owner review register policy log | protect, identity, access | 0 |
NIST-Q-029 | protect awareness training controls evidence owner review register policy log | protect, awareness, training | 0 |
NIST-Q-030 | protect data encryption controls evidence owner review register policy log | protect, data, encryption | 0 |
NIST-Q-031 | protect configuration hardening controls evidence owner review register policy log | protect, configuration, hardening | 0 |
NIST-Q-032 | detect monitoring logging controls evidence owner review register policy log | detect, monitoring, logging | 0 |
NIST-Q-033 | detect anomaly alerting controls evidence owner review register policy log | detect, anomaly, alerting | 0 |
NIST-Q-034 | respond incident planning controls evidence owner review register policy log | respond, incident, planning | 0 |
NIST-Q-035 | respond analysis mitigation controls evidence owner review register policy log | respond, analysis, mitigation | 0 |
NIST-Q-036 | recover continuity improvement controls evidence owner review register policy log | recover, continuity, improvement | 0 |
NIST-Q-037 | identify asset inventory controls evidence owner review register policy log | identify, asset, inventory | 0 |
NIST-Q-038 | identify context dependency controls evidence owner review register policy log | identify, context, dependency | 0 |
NIST-Q-039 | identify risk governance controls evidence owner review register policy log | identify, risk, governance | 0 |
NIST-Q-040 | protect identity access controls evidence owner review register policy log | protect, identity, access | 0 |
NIST-Q-041 | protect awareness training controls evidence owner review register policy log | protect, awareness, training | 0 |
NIST-Q-042 | protect data encryption controls evidence owner review register policy log | protect, data, encryption | 0 |
NIST-Q-043 | protect configuration hardening controls evidence owner review register policy log | protect, configuration, hardening | 0 |
NIST-Q-044 | detect monitoring logging controls evidence owner review register policy log | detect, monitoring, logging | 0 |
NIST-Q-045 | detect anomaly alerting controls evidence owner review register policy log | detect, anomaly, alerting | 0 |