DE — Detect
Possible cybersecurity attacks and compromises are found and analyzed
DE.AE Adverse Event Analysis
Anomalies, indicators of compromise, and other potentially adverse events are analyzed to characterize the events and detect cybersecurity incidents
DE.CM Continuous Monitoring
Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).