## What it is
The NIST Cybersecurity Framework 2.0 organizes cybersecurity outcomes across
six functions: Govern, Identify, Protect, Detect, Respond, and Recover. CSF
2.0 (released February 2024) elevates Govern as a peer function and broadens
the framework beyond critical infrastructure.
## How Annual Tabletop maps to CSF 2.0
Annual Tabletop scenarios exercise the **Respond** and **Recover** functions
end-to-end. Every AAR carries a crosswalk to the specific CSF 2.0 outcomes
exercised in the session — including the new Govern outcomes (GV.OC, GV.RM,
GV.OV) where decisions touch organizational governance.
## Crosswalk PDF
Download the [CSF 2.0 crosswalk](/sample-aar.pdf) to see exactly which
outcomes a representative scenario exercises, and how each decision is mapped
to a CSF 2.0 subcategory.