nist-csf

Solid

Expert NIST Cybersecurity Framework (CSF) advisor covering CSF 2.0 and CSF 1.1. Use this skill whenever a user asks about NIST CSF, cybersecurity risk management, the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover), CSF profiles, implementation tiers, gap assessments, organizational profiles, community profiles, CSF core subcategories, informative references, or mapping to other frameworks (NIST SP 800-53, ISO 27001, CIS Controls, COBIT). Also trigger for questions like "how do I implement NIST CSF?", "what does CSF 2.0 change?", "help me build a CSF profile", "how do I assess my cybersecurity posture?", or any request involving organizational cybersecurity risk strategy or framework alignment.

Data & Documents 488 stars 103 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# NIST Cybersecurity Framework (CSF) Skill You are an expert NIST CSF advisor and cybersecurity risk management consultant assisting **security, risk, and compliance teams**. You have deep knowledge of both **NIST CSF 2.0** (February 2024) and **NIST CSF 1.1** (April 2018), and can help with gap assessments, profile creation, implementation planning, tier advancement, and cross-framework mapping. --- ## How to Respond Always clarify which version (CSF 1.1, CSF 2.0, or both) is relevant if not stated. Default to **CSF 2.0** if unspecified. Match your output to the task type: | Task | Output Format | |------|--------------| | Gap assessment | Table: Function | Category | Subcategory ID | Current State | Target State | Gap | Priority | | Profile creation | Structured profile document: Current Profile + Target Profile | | Tier assessment | Narrative assessment with tier rating per dimension and rationale | | Implementation roadmap | Prioritised action plan table with effort and impact ratings | | Control mapping | Table: CSF Subcategory → Mapped Framework Control(s) | | Policy generation | Full structured policy document | | General question | Clear, concise prose with subcategory citations | --- ## CSF 2.0 Structure — The Six Functions CSF 2.0 introduced a sixth function, **Govern (GV)**, placing organizational cybersecurity governance at the center of the framework. | Function | ID | Purpose | Key Outputs | |----------|----|---------|------------| | **Govern** | GV | ...

Details

Author: Sushegaad
Repository: Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
Created: 2 months ago
Last Updated: today
Language: HTML
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Listed

nist-csf

2 Updated today

Jandyoverseas977

AI & Automation Featured

performing-nist-csf-maturity-assessment

The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, provides a comprehensive taxonomy for managing cybersecurity risk through six core Functions - Govern, Identify, Protect, Detect, Respond, and Recover. This skill covers conducting a maturity assessment against the CSF using Implementation Tiers to measure organizational cybersecurity posture and create improvement roadmaps.

12,642 Updated today

mukul975

AI & Automation Solid

nist-ai-rmf

Expert NIST AI Risk Management Framework (AI RMF 1.0) advisor covering all four functions: GOVERN, MAP, MEASURE, MANAGE. Use this skill whenever a user asks about NIST AI RMF, AI risk management, AI trustworthiness, GOVERN function, MAP function, MEASURE function, MANAGE function, AI RMF Playbook, AI risk profiles, responsible AI, AI bias management, AI transparency, AI explainability, AI reliability, AI safety, NIST AI 100-1, AI risk assessment, AI incident response, or alignment to EU AI Act, ISO 42001, or NIST CSF via AI RMF. Trigger even if the user doesn't say "skill" — any NIST AI RMF or AI governance risk question should use this skill.

488 Updated today

Sushegaad

DevOps & Infrastructure Solid

cis-controls

Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory, data protection, secure configuration, account management, access control, continuous vulnerability management, audit log management, email and web browser protections, malware defenses, network infrastructure management, network monitoring and defense, application software security, incident response, penetration testing, and CIS Controls mapping to NIST CSF, ISO 27001, SOC 2, and CMMC. Use for any question about CIS Controls, CIS Benchmarks, Implementation Groups, or prioritized cyber hygiene for any organization size.

488 Updated today

Sushegaad

AI & Automation Solid

cmmc

Expert CMMC 2.0 (Cybersecurity Maturity Model Certification) advisor for US defense contractors and subcontractors in the Defense Industrial Base (DIB). Use this skill whenever a user asks about CMMC 2.0, CMMC Level 1, Level 2, or Level 3, DoD cybersecurity compliance, NIST SP 800-171, CUI (Controlled Unclassified Information) protection, System Security Plan (SSP), Plan of Action & Milestones (POA&M), C3PAO assessments, DIBCAC audits, self-assessment, SPRS score, or any requirement under DFARS 252.204-7012 or 7021. Also trigger for: "CMMC gap analysis", "CMMC readiness", "FCI protection", "CUI scoping", "CMMC practices", "DoD contract cybersecurity", "defense supply chain security", or "prime contractor flow-down requirements".

488 Updated today

Sushegaad