Ironically, a focus on the five NIST CSF domains should change over time away from Identify/Protect and into Detect/Respond/Recover. What began as the more reactionary aspects of an approach has come to the forefront as the proactive takes less time and energy. Why? Because implementation puts the basic controls in place while also developing threat-informed self-attack capabilities.