NIST CSF 2.0 · All Functions · DE Detect

DE.CM — Continuous Monitoring

Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events

DE.CM-01

Networks and network services are monitored to find potentially adverse events

5 implementation example(s) · 7 mapped NIST 800-53 control(s)

DE.CM-02

The physical environment is monitored to find potentially adverse events

4 implementation example(s) · 4 mapped NIST 800-53 control(s)

DE.CM-03

Personnel activity and technology usage are monitored to find potentially adverse events

3 implementation example(s) · 6 mapped NIST 800-53 control(s)

DE.CM-06

External service provider activities and services are monitored to find potentially adverse events

2 implementation example(s) · 5 mapped NIST 800-53 control(s)

DE.CM-09

Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events

5 implementation example(s) · 12 mapped NIST 800-53 control(s)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).