Compliance evidence
NIST CSF — domain & certificate controls
US critical-infrastructure operators and any organization adopting a risk-based cybersecurity program.
Authority: US National Institute of Standards and Technology (NIST)
What NIST CSF actually requires
NIST CSF v2.0 (2024) organizes cybersecurity activities into six functions: Govern, Identify, Protect, Detect, Respond, Recover. Certificate management fits cleanly into Identify (asset inventory) and Protect (data security).
Full name: NIST Cybersecurity Framework v2.0.
Controls that touch certificates and domains
These are the 3 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
ID.AM-02 | Inventories of software, services, and systems managed by the organization are maintained | Certificates are cryptographic assets requiring inventory. |
PR.DS-02 | The confidentiality, integrity, and availability of data-in-transit are protected | TLS certificates are the primary mechanism for data-in-transit protection. |
DE.CM-09 | Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events | Continuous cert health monitoring falls here. |
What the evidence pack contains
CertRadar’s one-click export for NIST CSF includes:
- Asset inventory cross-referenced to cert lifecycle
- Detection evidence (alerts on expiry / weak crypto / chain issues)
- Response history (incidents, remediation)
Example domains in NIST CSF scope
Representative domains often monitored for NIST CSF evidence. Check any of them live:
Ship the NIST CSF evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to NIST CSF controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist