leeroy-jankins/NIST-CyberSecurity-Framework
收藏Hugging Face2026-05-27 更新2026-05-31 收录
下载链接:
https://hf-mirror.com/datasets/leeroy-jankins/NIST-CyberSecurity-Framework
下载链接
链接失效反馈官方服务:
资源简介:
---
language:
- en
license: other
pretty_name: NIST Cybersecurity Framework 2.0 Question Answering Dataset
size_categories:
- n<1K
task_categories:
- question-answering
tags:
- cybersecurity
- cybersecurity-risk-management
- nist
- nist-csf
- csf-2-0
- cyber-governance
- enterprise-risk-management
- supply-chain-risk-management
- incident-response
- incident-recovery
- question-answering
- instruction-tuning
- synthetic
---
<img src="assets/NIST CyberSecurity Framework.png" alt="Preview" width="1000"/>
# NIST Cybersecurity Framework 2.0 Question Answering Dataset

## Dataset Summary
The **NIST Cybersecurity Framework 2.0 Question Answering Dataset** is a synthetic
instruction-style question-answering dataset derived from the **NIST Cybersecurity
Framework (CSF) 2.0**.
The dataset is designed to support training, fine-tuning, retrieval evaluation, and
domain-specific question-answering use cases related to cybersecurity risk management,
cybersecurity governance, enterprise risk management, supply chain risk management,
incident response, recovery planning, and organizational cybersecurity communication.
The source document describes CSF 2.0 as a flexible framework that helps organizations
understand, assess, prioritize, and communicate cybersecurity risks. It is designed for
organizations of all sizes and sectors, including industry, government, academia, and
nonprofit organizations.
## Source Document
- **Title:** The NIST Cybersecurity Framework (CSF) 2.0
- **Publication:** NIST Cybersecurity White Paper, NIST CSWP 29
- **Publisher:** National Institute of Standards and Technology
- **Publication Date:** February 26, 2024
- **DOI:** https://doi.org/10.6028/NIST.CSWP.29
- **Primary Subject Area:** Cybersecurity risk management
## Dataset Structure
Each record follows a conversational question-answer schema:
| Field | Type | Description |
|---|---|---|
| `ID` | integer | Unique numeric record identifier. |
| `Users` | string | Speaker label for the user prompt. |
| `Questions` | string | User question derived from the CSF 2.0 source material. |
| `Assistants` | string | Speaker label for the assistant response. |
| `Answers` | string | Assistant answer grounded in the source document. |
## Example Record
| ID | Users | Questions | Assistants | Answers |
|---:|---|---|---|---|
| 1 | User | What is the NIST Cybersecurity Framework 2.0? | Assistant | The NIST Cybersecurity Framework 2.0 is a voluntary framework that helps organizations understand, assess, prioritize, communicate, and manage cybersecurity risks. |
## Dataset Creation
### Source Selection
The dataset was created from the NIST Cybersecurity Framework 2.0, including coverage of:
- CSF overview and purpose
- CSF Core
- CSF Functions
- CSF Categories and Subcategories
- Govern, Identify, Protect, Detect, Respond, and Recover outcomes
- Organizational Profiles
- Current Profiles and Target Profiles
- Community Profiles
- CSF Tiers
- Informative References
- Implementation Examples
- Quick Start Guides
- Cybersecurity risk communication
- Enterprise risk management integration
- Cybersecurity and privacy risk relationships
- Cybersecurity supply chain risk management
- Emerging technology and artificial intelligence risk considerations
### Generation Method
Questions and answers were generated synthetically from the source document. The
dataset was structured to preserve a simple conversational format suitable for
instruction tuning, retrieval-augmented generation evaluation, cybersecurity training,
and policy-oriented educational use.
### Dataset Size
The current dataset contains **200 records**.
## Intended Uses
This dataset is intended for:
- Fine-tuning small language models on cybersecurity governance and risk management
- Building retrieval-augmented generation evaluation sets
- Testing question-answering systems for cybersecurity policy and governance domains
- Training assistants to answer foundational questions about NIST CSF 2.0
- Creating educational tools for cybersecurity awareness and governance training
- Supporting internal organizational learning about CSF 2.0 concepts
- Supporting cybersecurity risk management terminology alignment
- Building synthetic benchmark records for cybersecurity framework retrieval tasks
## Out-of-Scope Uses
This dataset should not be used as:
- A substitute for the official NIST Cybersecurity Framework
- Legal, regulatory, compliance, audit, procurement, cybersecurity, or privacy advice
- A complete implementation guide for cybersecurity risk management
- A certification basis for cybersecurity programs or systems
- A source for determining whether an organization is secure or compliant
- A replacement for expert review by cybersecurity, legal, privacy, audit, procurement,
supply chain, or enterprise risk management professionals
## Limitations
This dataset is synthetic and educational. Although it is based on the NIST CSF 2.0,
the answers are summarized and reformulated rather than extracted as verbatim source
text.
Known limitations include:
- The dataset does not reproduce the full CSF 2.0.
- The dataset may simplify nuanced cybersecurity risk management concepts.
- The dataset does not include every CSF Subcategory as a separate record.
- The dataset does not provide legal, regulatory, audit, or compliance determinations.
- The dataset does not include formal citations at the record level.
- The dataset should be reviewed before use in high-stakes applications.
- The dataset is not a substitute for organization-specific cybersecurity risk analysis.
## Bias, Risk, and Responsible Use
The source document addresses cybersecurity risk management across diverse
organizational contexts. However, this dataset is a synthetic derivative and may reflect
limitations in question framing, topic selection, summarization, and interpretation.
Users should evaluate the dataset for:
- Completeness
- Accuracy against the official NIST CSF 2.0
- Suitability for the intended model or retrieval task
- Potential overgeneralization
- Missing context
- Sector-specific cybersecurity requirements
- Applicability to specific regulatory or operational environments
For operational cybersecurity, legal, compliance, audit, procurement, or enterprise risk
management use, users should consult the official NIST CSF 2.0 and qualified
subject-matter experts.
## Licensing
The source document is a NIST publication made available free of charge. Users should
verify the applicable licensing and reuse terms before publishing, redistributing, or
commercially using this derivative dataset.
The metadata field is set to `license: other` as a conservative placeholder. Replace it
with the appropriate license identifier after confirming the desired release terms for
the dataset.
## Citation
If you use this dataset, cite the source framework:
National Institute of Standards and Technology. The NIST Cybersecurity
Framework (CSF) 2.0. NIST Cybersecurity White Paper, NIST CSWP 29.
February 26, 2024. https://doi.org/10.6028/NIST.CSWP.29
## Recommended Citation for This Dataset
NIST Cybersecurity Framework 2.0 Question Answering Dataset. Synthetic
question-answering dataset derived from NIST CSWP 29, The NIST
Cybersecurity Framework (CSF) 2.0.
## Maintenance
This dataset should be reviewed and updated when:
- NIST updates the Cybersecurity Framework
- NIST publishes new CSF companion resources
- Informative References or Implementation Examples are materially updated
- New CSF Community Profiles become relevant
- New cybersecurity governance or enterprise risk management requirements emerge
- The dataset is expanded with additional records or record-level citations
## Version
- **Dataset Version:** 1.0
- **Source Framework Version:** CSF 2.0
- **Initial Record Count:** 200
提供机构:
leeroy-jankins


