From Framework to Examination

End-to-end traceability for each of the 11 control stack layers — mapping NIST CSF 2.0 function codes through FFIEC handbook guidance, OCC Cybersecurity Supervision Work Program examination procedures, and into the operational control and implementation approach. This document is designed to be presented to an examiner to demonstrate that every control traces to a legal obligation and to a specific supervisory test.