ID — Identify
The organization's current cybersecurity risks are understood
ID.AM Asset Management
Assets (e.g., data, hardware, software, systems, facilities, services, people) that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization's risk strategy
ID.IM Improvement
Improvements to organizational cybersecurity risk management processes, procedures and activities are identified across all CSF Functions
ID.RA Risk Assessment
The cybersecurity risk to the organization, assets, and individuals is understood by the organization
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).