Start Free Trial
Home/Regulations/NIST Cybersecurity Framework 2.0 — Regulatory Reference
Regulatory Reference
Technology Industry Standard high

NIST Cybersecurity Framework 2.0 — Regulatory Reference

Govern, identify, protect, detect, respond, recover — AutoPIL maps to Protect (access controls) and Detect (alert rules) functions.

Key Provisions
  • Six Functions: Govern, Identify, Protect, Detect, Respond, Recover
  • Protect categories: PR.AA (Identity and Access), PR.DS (Data Security), PR.AC (Access Control)
  • Detect categories: DE.AE (Anomalies and Events), DE.CM (Continuous Monitoring)
  • Profiles for AI and supply chain in companion documents
How AutoPIL Enforces It
  • PR.AA / PR.AC — agent registry and policy YAML directly implement identity and access control for AI
  • DE.AE — audit chain alerts on anomalous access decisions
  • GV (Govern) — supported by source and agent registries as accountable inventory
Policy EngineAudit LogSensitivity LabelsAgent RegistryAlert Rules
AutoPIL Policy IDs
TEC-CSF-PRAA-001Identity Management for AI Agents
TEC-CSF-DEAE-001Anomaly Detection from Audit Chain
Official Sources
https://www.nist.gov/cyberframeworkhttps://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries