NIST CSF Mapping
How hummbl-governance primitives produce evidence for NIST
Cybersecurity Framework 2.0 across all 6 Functions. Generated via
compliance_mapper.generate_nist_csf_report().
Function Mappings
GOVERN (GV) — Organizational Context and Risk Strategy
INTENT tuples capture stated objectives and policies. DCTX delegation chains capture organizational structure and role assignment.
INTENT tuples DCTX tuplestest_compliance_mapper.py → test_nist_csf_intent_maps_to_govern, test_nist_csf_dctx_maps_to_govern
IDENTIFY (ID) — Asset and Risk Identification
DCT and ATTEST tuples track resource ownership, identity binding, and evidence verification. Who owns what, under what authority.
AgentRegistry DelegationTokenManager ATTEST tuplestest_compliance_mapper.py → test_nist_csf_dct_maps_to_identify_and_protect
PROTECT (PR) — Safeguards and Access Controls
KillSwitch, CapabilityFence, and DCT ops restrictions provide graduated safeguards. From capability denial to emergency halt.
KillSwitch CapabilityFence DelegationTokenManagertest_compliance_mapper.py → test_nist_csf_killswitch_maps_to_protect, test_nist_csf_dct_maps_to_identify_and_protect
DETECT (DE) — Continuous Monitoring and Anomaly Detection
CircuitBreaker failure patterns, HealthProbe degradation signals, and BehaviorMonitor drift detection provide continuous monitoring evidence.
CircuitBreaker HealthProbe BehaviorMonitortest_compliance_mapper.py → test_nist_csf_circuit_breaker_maps_to_detect
RESPOND (RS) — Incident Response
KillSwitch HALT_ALL/EMERGENCY states and CircuitBreaker OPEN state prove incident response activation. Automated and human-initiated response events are separately tracked.
KillSwitch CircuitBreakertest_compliance_mapper.py → test_nist_csf_killswitch_emergency_maps_to_respond, test_nist_csf_circuit_breaker_open_maps_to_respond
RECOVER (RC) — Restoration and Improvement
CircuitBreaker HALF_OPEN state proves recovery attempts. CostGovernor decisions track budget recovery and resource reallocation after incidents.
CircuitBreaker CostGovernortest_compliance_mapper.py → test_nist_csf_circuit_breaker_half_open_maps_to_recover, test_nist_csf_cost_governor_maps_to_recover
Current Gaps
NIST CSF 2.0 contains Categories and Subcategories beyond the Function level. Per-Category and per-Subcategory mapping is not provided at this version. The Function-level mapping provides strategic evidence; tactical Subcategory mapping requires per-organization customization.
Boundary Disclaimer
- NIST CSF is a voluntary guidance framework, not a regulation. This mapping produces technical evidence aligned to NIST CSF 2.0 (2024); it does not constitute a formal assessment.
- Per-Category and per-Subcategory mapping is not provided. Organizations should customize CSF profiles to their specific environment.
- NIST CSF should not be confused with NIST AI RMF — a separate framework with its own dedicated implementation in hummbl-governance.
Evaluated: hummbl-governance v0.8.0 | Last updated: 2026-05-14 | CLI:
python -m hummbl_governance.compliance_mapper --framework
nist-csf
| 12 dedicated tests