PR — Protect
Safeguards to manage the organization's cybersecurity risks are used
PR.AA Identity Management, Authentication, and Access Control
Access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized access
PR.AT Awareness and Training
The organization's personnel are provided with cybersecurity awareness and training so that they can perform their cybersecurity-related tasks
PR.DS Data Security
Data are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information
PR.IR Technology Infrastructure Resilience
Security architectures are managed with the organization's risk strategy to protect asset confidentiality, integrity, and availability, and organizational resilience
PR.PS Platform Security
The hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent with the organization's risk strategy to protect their confidentiality, integrity, and availability
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).