“…Central to the NIST CSF are the six Functions-Govern, Identify, Protect, Detect, Respond, and Recover. These Functions are universally applicable, allowing any organisation regardless of their type and size, to tailor strategies to meet their unique risk profiles, technological environments, and goals (Toussaint et al, 2024). The Functions are further classified into 22 Categories, representing collective cybersecurity outcomes (NIST, 2024b).…”