Preface xixAcknowledgments xx1 Introduction 12 Understanding the NIST Cybersecurity Framework 2.0 53 Cybersecurity Controls 114 Compliance and Implementation 155 Organizational Context (GV.OC) 216 Risk Management Strategy (GV.RM) 397 Roles, Responsibilities, and Authorities (GV.RR) 618 Policy (GV.PO) 739 Oversight (GV.OV) 8110 Cybersecurity Supply Chain Risk Management (GV.SC) 9111 Asset Management (ID.AM) 12112 Risk Assessment (ID.RA) 14313 Improvement (ID.IM) 17314 Identity Management, Authentication, and Access Control (PR.AA) 18715 Awareness and Training (PR.AT) 20716 Data Security (PR.DS) 21517 Platform Security (PR.PS) 22718 Technology Infrastructure Resilience (PR.IR) 24519 Continuous Monitoring (DE.CM) 25720 Adverse Event Analysis (DE.AE) 27521 Incident Management (RS.MA) 29522 Incident Analysis (RS.AN) 31123 Incident Response Reporting and Communication (RS.CO) 32524 Incident Mitigation (RS.MI) 33325 Incident Recovery Plan Execution (RC.RP) 34126 Incident Recovery Communication (RC.CO) 359A Appendix A: Glossary of Terms 365B Appendix B: Descriptions of NIST 800-53 Controls 371Index of 800-53 Controls used in the CSF 425