NIST CSF 2.0 — RESPOND & RECOVER
NIST CSF 2.0 — RESPOND & RECOVER — 75% covered.
4 requirements · 3 enforced · 0 designed · 0 advisory · 0 deferred.
Source: The NIST Cybersecurity Framework 2.0 (2024) organises cybersecurity outcomes into six Functions; the RESPOND (RS) Function covers incident management, analysis, mitigation, and reporting, and the RECOVER (RC) Function covers recovery execution and communication. KYE Protocol™ governs whether an AI-assisted response / mitigation action under CSF RESPOND/RECOVER may PROCEED to a consequential incident action — under a named accountable officer's authority, with the incident analysis pinned to verifiable signal sources, chain-of-custody recorded, and a contestability record. KYE does not detect the incident, run the response tooling, or execute the recovery. · License: The NIST Cybersecurity Framework is a US NIST publication in the public domain; KYE registry paraphrases each subcategory's intent and cites the official Function/Category identifier for mapping purposes only.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Named-authority on the RESPOND/RECOVER action (RS.MA / RC.RP) | 1 | 1 | 0 | 0 | 0 | 100% |
| Incident-analysis source pin (RS.AN) | 1 | 1 | 0 | 0 | 0 | 100% |
| Contestability & post-incident reconstruction (RS.MA / improvement) | 1 | 1 | 0 | 0 | 0 | 100% |
| Threat detection (DETECT) & recovery execution tooling | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
nist-csf-2-respond-recover.rs-action-authority |
An AI-assisted RESPOND / RECOVER action proceeds only under a recorded named-authority decision | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:cyber-resilience-incidentdictionaries: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
nist-csf-2-respond-recover.rs-incident-evidence |
Incident analysis (RS.AN) is pinned to verifiable signal sources before it is relied on | enforced | audit_events: kye.evidence.tool_call.v1, kye.replay.context_seal.v1, kye.evidence.pack.v1engines: internal, internalrule_packs: kye:rule-pack:cyber-resilience-incidentconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
nist-csf-2-respond-recover.rs-contestability |
Contestability & post-incident reconstruction of the response decision | enforced | audit_events: kye.evidence.pack.v1, kye.replay.context_seal.v1, kye.replay.proof.v1engines: internal, internalrule_packs: kye:rule-pack:cyber-resilience-incidentconstitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/21-DELEGATED-AUDITABILITY.md |
nist-csf-2-respond-recover.detection-recovery-tooling |
Threat detection (DETECT) and recovery execution tooling | out-of-scope | (no enforcement cited) |