RESEARCH
AI-SOC v1.0 to NIST CSF 2.0 Informative Reference Mapping
This technical reference presents the AI-SOC v1.0 to NIST Cybersecurity Framework (CSF) 2.0 Informative Reference Mapping developed by Anar Israfilov and Cyberoon Enterprise Corporation. The project maps AI-driven threat detection and autonomous Security Operations Center (SOC) controls to NIST CSF 2.0 outcomes, with a focus on behavioral anomaly detection, endpoint telemetry analytics, ransomware behavior detection, threat intelligence enrichment, autonomous alert triage, and AI-assisted incident response.
AI-SOC v1.0 to NIST CSF 2.0 Informative Reference Mapping
Version: 1.0.0
Publication Date: May 11, 2026
Author: Anar Israfilov
Organization: Cyberoon Enterprise Corporation
Status: Submitted to the NIST National Online Informative References (OLIR) Program; OLIR mapping passed NIST screening.
Overview
This page provides the public web address for the AI-SOC v1.0 to NIST Cybersecurity Framework (CSF) 2.0 Informative Reference Mapping developed by Anar Israfilov and Cyberoon Enterprise Corporation.
The project provides a structured mapping between AI-driven threat detection and autonomous Security Operations Center (SOC) controls and the outcomes of the NIST Cybersecurity Framework (CSF) 2.0.
The mapping focuses on practical cybersecurity operations, including behavioral anomaly detection, endpoint telemetry analytics, ransomware behavior detection, threat intelligence enrichment, autonomous alert triage, containment recommendations, AI-assisted incident prioritization, and recovery prioritization.
Purpose
The purpose of this Informative Reference is to help enterprise cybersecurity teams, healthcare security environments, managed security service providers, and AI-enabled SOC operations align AI-driven cybersecurity capabilities with NIST CSF 2.0 outcomes.
This reference is intended to support security teams in understanding how AI-driven operational cybersecurity capabilities may relate to CSF 2.0 functions, categories, and subcategories.
Reference Document
AI-Driven Threat Detection and Autonomous SOC Controls Catalog v1.0
Informative Reference Name
AI-SOC-v1.0-to-CSF-v2.0 (1.0.0)
Public Repository and Downloads
GitHub Repository:
https://github.com/cyberoon/ai-soc-nist-csf-mapping
Version 1.0.0 Release:
https://github.com/cyberoon/ai-soc-nist-csf-mapping/releases/tag/v1.0.0
Reference Document PDF:
https://github.com/cyberoon/ai-soc-nist-csf-mapping/blob/main/docs/AI_SOC_Controls_Catalog_v1_0.pdf
OLIR Mapping Workbook:
https://github.com/cyberoon/ai-soc-nist-csf-mapping/tree/main/mappings
Submission Metadata:
https://github.com/cyberoon/ai-soc-nist-csf-mapping/tree/main/metadata
Methodology
The mapping uses a functional relationship mapping approach to align operational AI-driven cybersecurity controls with NIST CSF 2.0 outcomes. The reference emphasizes practical SOC operations, AI-assisted detection engineering, ransomware behavior monitoring, endpoint telemetry analysis, and AI-supported incident response workflows.
Intended Audience
This reference is intended for:
- SOC teams
- Enterprise cybersecurity teams
- Managed Security Service Providers
- Healthcare cybersecurity organizations
- Detection engineering teams
- AI security researchers
- Cybersecurity governance and compliance professionals
Disclaimer
This is an independent technical reference developed by Anar Israfilov and Cyberoon Enterprise Corporation. It does not represent official guidance, endorsement, certification, or approval by NIST unless and until separately listed or referenced by NIST through the official OLIR Catalog or related NIST communications.
RESEARCHER
Dr. Anar Israfilov
RESEARCH ABSTRACTS
Backed in
Research.
About the AI Research Centre
You can download our research article as a pdf below and examine it in detail.
