The subdivision of a Function into groups of cybersecurity outcomes,
closely tied to programmatic needs and particular activities. Examples
of Categories include “Asset Management,” “Identity Management
and Access Control,” and “Detection Processes.”