NIST Cybersecurity Framework (CSF) 2.0

Categories

Identity Management, Authentication, and Access Control (PR.AA):

Access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized access

Awareness and Training (PR.AT):

The organization's personnel are provided with cybersecurity awareness and training so that they can perform their cybersecurity-related tasks

Data Security (PR.DS):

Data are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information

Platform Security (PR.PS):

The hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent with the organization's risk strategy to protect their confidentiality, integrity, and availability

Technology Infrastructure Resilience (PR.IR):

Security architectures are managed with the organization's risk strategy to protect asset confidentiality, integrity, and availability, and organizational resilience

Identity Management, Authentication and Access Control (PR.AC):

[Withdrawn: Moved to PR.AA]

Information Protection Processes and Procedures (PR.IP):

[Withdrawn: Incorporated into other Categories and Functions]

Maintenance (PR.MA):

[Withdrawn: Incorporated into ID.AM-08]

Protective Technology (PR.PT):

[Withdrawn: Incorporated into other Protect Categories]