NIST CSF Mapping

How hummbl-governance primitives produce evidence for NIST Cybersecurity Framework 2.0 across all 6 Functions. Generated via compliance_mapper.generate_nist_csf_report().

Function Mappings

GOVERN (GV) — Organizational Context and Risk Strategy

INTENT tuples capture stated objectives and policies. DCTX delegation chains capture organizational structure and role assignment.

INTENT tuples DCTX tuples

test_compliance_mapper.py → test_nist_csf_intent_maps_to_govern, test_nist_csf_dctx_maps_to_govern

IDENTIFY (ID) — Asset and Risk Identification

DCT and ATTEST tuples track resource ownership, identity binding, and evidence verification. Who owns what, under what authority.

AgentRegistry DelegationTokenManager ATTEST tuples

test_compliance_mapper.py → test_nist_csf_dct_maps_to_identify_and_protect

PROTECT (PR) — Safeguards and Access Controls

KillSwitch, CapabilityFence, and DCT ops restrictions provide graduated safeguards. From capability denial to emergency halt.

KillSwitch CapabilityFence DelegationTokenManager

test_compliance_mapper.py → test_nist_csf_killswitch_maps_to_protect, test_nist_csf_dct_maps_to_identify_and_protect

DETECT (DE) — Continuous Monitoring and Anomaly Detection

CircuitBreaker failure patterns, HealthProbe degradation signals, and BehaviorMonitor drift detection provide continuous monitoring evidence.

CircuitBreaker HealthProbe BehaviorMonitor

test_compliance_mapper.py → test_nist_csf_circuit_breaker_maps_to_detect

RESPOND (RS) — Incident Response

KillSwitch HALT_ALL/EMERGENCY states and CircuitBreaker OPEN state prove incident response activation. Automated and human-initiated response events are separately tracked.

KillSwitch CircuitBreaker

test_compliance_mapper.py → test_nist_csf_killswitch_emergency_maps_to_respond, test_nist_csf_circuit_breaker_open_maps_to_respond

RECOVER (RC) — Restoration and Improvement

CircuitBreaker HALF_OPEN state proves recovery attempts. CostGovernor decisions track budget recovery and resource reallocation after incidents.

CircuitBreaker CostGovernor

test_compliance_mapper.py → test_nist_csf_circuit_breaker_half_open_maps_to_recover, test_nist_csf_cost_governor_maps_to_recover

Current Gaps

NIST CSF 2.0 contains Categories and Subcategories beyond the Function level. Per-Category and per-Subcategory mapping is not provided at this version. The Function-level mapping provides strategic evidence; tactical Subcategory mapping requires per-organization customization.

Boundary Disclaimer

  • NIST CSF is a voluntary guidance framework, not a regulation. This mapping produces technical evidence aligned to NIST CSF 2.0 (2024); it does not constitute a formal assessment.
  • Per-Category and per-Subcategory mapping is not provided. Organizations should customize CSF profiles to their specific environment.
  • NIST CSF should not be confused with NIST AI RMF — a separate framework with its own dedicated implementation in hummbl-governance.

Evaluated: hummbl-governance v0.8.0 | Last updated: 2026-05-14 | CLI: python -m hummbl_governance.compliance_mapper --framework nist-csf | 12 dedicated tests