This appendix describes 113 of the major enterprise cybersecurity capabilities that should be considered in an enterprise cybersecurity program. While hardly an exhaustive list, the authors believe this list reflects the most important capabilities available at the time of writing. These capabilities are organized into 11 functional areas to make them easier to track, manage, and delegate. As new capabilities emerge and become important, they can be added to this list or incorporated into enterprises' own enterprise cybersecurity architectures. These capabilities are outlined in Figure C-1 below and on the next page.