Scope note: NIST CSF 2.0 has 6 Functions, 22 Categories, and 106 Subcategories — it's a taxonomy of desired outcomes,
not a prescriptive control list. This checklist gives one representative readiness item per Category (22 total) to
quickly map where a client stands and which Function needs deeper attention, rather than auditing all 106 subcategories
line by line. Where a Category is already covered in depth elsewhere in this portal — Protect by the endpoint/email/infra
checklists, Recover by Backup & Disaster Recovery — this checklist cross-references rather than duplicates. Use it as the
executive-level cross-walk; use the other checklists for the technical proof.