Example Knowledge Base

NIST Cybersecurity Framework

Scope: Federal active Effective: Feb 26, 2024 Official source

Requirements Covered

Incident Response Access Control

Timeline

MilestoneDateNotes
CSF 2.0 publishedFeb 26, 2024Major update adding Govern function
CSF 1.1 publishedApr 16, 2018Original framework

Provisions (2)

Incident Response (RS.AN, RS.MI)

Implements: Incident Response active Effective: Feb 26, 2024
"NIST CSF 2.0 restructured response activities into **analysis and mitigation** subcategories, emphasizing that incident response is a continuous improvement process."

Requirements

RequirementDetails
AnalysisInvestigate incidents to determine scope and impact
MitigationContain and mitigate effects of detected incidents
Sources: NIST CSF 2.0

Access Control (PR.AA)

Implements: Access Control active Effective: Feb 26, 2024
"CSF 2.0 consolidated identity and access management into a single **PR.AA** subcategory, clarifying that authentication and authorization are inseparable."

Requirements

RequirementDetails
Identity managementManage identities and credentials for authorized users
Access enforcementEnforce access permissions based on policies
Sources: NIST CSF 2.0