NIST CSF

NIST Cybersecurity Framework 2.0 is a US-government framework that organizes security controls into six functions: Govern, Identify, Protect, Detect, Respond, Recover. Less prescriptive than CMMC or SOC 2 — used as an org-wide maturity roadmap rather than a pass/fail audit. Free to adopt.