From 97af8ee0f702d2e2f5c342c57aa17ff234bd6d05 Mon Sep 17 00:00:00 2001
From: eric-intuitem <71850047+eric-intuitem@users.noreply.github.com>
Date: Sun, 28 Apr 2024 13:37:56 +0200
Subject: [PATCH] adapt NIST CSF 2.0

add tier score
---
 backend/library/libraries/nist-csf-2.0.yaml |   95 +
 tools/nist/nist-csf-2.0.xlsx                |  Bin 0 -> 38106 bytes
 tools/nist/nist_csf-2.0-en.xlsx             |  Bin 35603 -> 0 bytes
 tools/nist/nist_csf-2.0-en.yaml             | 2779 -------------------
 4 files changed, 95 insertions(+), 2779 deletions(-)
 create mode 100644 tools/nist/nist-csf-2.0.xlsx
 delete mode 100644 tools/nist/nist_csf-2.0-en.xlsx
 delete mode 100644 tools/nist/nist_csf-2.0-en.yaml

diff --git a/backend/library/libraries/nist-csf-2.0.yaml b/backend/library/libraries/nist-csf-2.0.yaml
index 6452a17c4..3afa51af2 100644
--- a/backend/library/libraries/nist-csf-2.0.yaml
+++ b/backend/library/libraries/nist-csf-2.0.yaml
@@ -14,6 +14,101 @@ objects:
     ref_id: NIST-CSF-2.0
     name: NIST CSF v2.0
     description: NIST Cybersecurity Framework
+    scores_definition:
+    - score: 1
+      name: Partial
+      description: 'Application of the organizational cybersecurity risk strategy
+        is managed in an ad hoc manner.
+
+        Prioritization is ad hoc and not formally based on objectives or threat environment.
+
+        There is limited awareness of cybersecurity risks at the organizational level.
+
+        The organization implements cybersecurity risk management on an irregular,
+        case-by-case basis.
+
+        The organization may not have processes that enable cybersecurity information
+        to be shared within the organization.
+
+        The organization is generally unaware of the cybersecurity risks associated
+        with its suppliers and the products and services it acquires and uses.'
+    - score: 2
+      name: Risk informed
+      description: 'Risk management practices are approved by management but may not
+        be established as organization-wide policy.
+
+        The prioritization of cybersecurity activities and protection needs is directly
+        informed by organizational risk objectives, the threat environment, or business/mission
+        requirements.
+
+        There is an awareness of cybersecurity risks at the organizational level,
+        but an organization-wide approach to managing cybersecurity risks has not
+        been established.
+
+        Consideration of cybersecurity in organizational objectives and programs may
+        occur at some but not all levels of the organization. Cyber risk assessment
+        of organizational and external assets occurs but is not typically repeatable
+        or reoccurring.
+
+        Cybersecurity information is shared within the organization on an informal
+        basis.
+
+        The organization is aware of the cybersecurity risks associated with its suppliers
+        and the products and services it acquires and uses, but it does not act consistently
+        or formally in response to those risks.'
+    - score: 3
+      name: Repeatable
+      description: "The organization\u2019s risk management practices are formally\
+        \ approved and expressed as policy. \nRisk-informed policies, processes, and\
+        \ procedures are defined, implemented as intended, and reviewed.\nOrganizational\
+        \ cybersecurity practices are regularly updated based on the application of\
+        \ risk management processes to changes in business/mission requirements, threats,\
+        \ and technological landscape.\nThere is an organization-wide approach to\
+        \ managing cybersecurity risks. Cybersecurity information is routinely shared\
+        \ throughout the organization.\nConsistent methods are in place to respond\
+        \ effectively to changes in risk. Personnel possess the knowledge and skills\
+        \ to perform their appointed roles and responsibilities.\nThe organization\
+        \ consistently and accurately monitors the cybersecurity risks of assets.\
+        \ Senior cybersecurity and non-cybersecurity executives communicate regularly\
+        \ regarding cybersecurity risks. Executives ensure that cybersecurity is considered\
+        \ through all lines of operation in the organization.\nThe organization risk\
+        \ strategy is informed by the cybersecurity risks associated with its suppliers\
+        \ and the products and services it acquires and uses. Personnel formally act\
+        \ upon those risks through mechanisms such as written agreements to communicate\
+        \ baseline requirements, governance structures (e.g., risk councils), and\
+        \ policy implementation and monitoring. These actions are implemented consistently\
+        \ and as intended and are continuously monitored and reviewed."
+    - score: 4
+      name: Adaptive
+      description: 'There is an organization-wide approach to managing cybersecurity
+        risks that uses risk-informed policies, processes, and procedures to address
+        potential cybersecurity events. The relationship between cybersecurity risks
+        and organizational objectives is clearly understood and considered when making
+        decisions. Executives monitor cybersecurity risks in the same context as financial
+        and other organizational risks. The organizational budget is based on an understanding
+        of the current and predicted risk environment and risk tolerance. Business
+        units implement executive vision and analyze system-level risks in the context
+        of the organizational risk tolerances.
+
+        Cybersecurity risk management is part of the organizational culture. It evolves
+        from an awareness of previous activities and continuous awareness of activities
+        on organizational systems and networks. The organization can quickly and efficiently
+        account for changes to business/mission objectives in how risk is approached
+        and communicated.
+
+        The organization adapts its cybersecurity practices based on previous and
+        current cybersecurity activities, including lessons learned and predictive
+        indicators. Through a process of continuous improvement that incorporates
+        advanced cybersecurity technologies and practices, the organization actively
+        adapts to a changing technological landscape and responds in a timely and
+        effective manner to evolving, sophisticated threats.
+
+        The organization uses real-time or near real-time information to understand
+        and consistently act upon the cybersecurity risks associated with its suppliers
+        and the products and services it acquires and uses.
+
+        Cybersecurity information is constantly shared throughout the organization
+        and with authorized third parties.'
     requirement_nodes:
     - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv
       assessable: false
diff --git a/tools/nist/nist-csf-2.0.xlsx b/tools/nist/nist-csf-2.0.xlsx
new file mode 100644
index 0000000000000000000000000000000000000000..576c02764ecb736f6873d954d80a08027b8fd75b
GIT binary patch
literal 38106
zcmeE~Q?qExwxy?S+qP}nwr$(CZQHhOuW6fW+O^NQQBk+z)IYeD5t-v*<V$9>uea7y
zK^hnY1po{H0ssJj5WvSK1I-c;0H6RA000>P0!Ulf-p<9;&P89v)4|kPm(Ii1hM))p
zh@t=h=%4-nfBX-=fti#&t04xIu{&_@@T9Fp5!@KY8olfJ6S5gzfwi1XgRGF8^QRkk
zEZ3Mt%A$rHmX^u)K7IKldk#HTGHoG&8=Jw8o^hszQsvD#s24WhDSOQ@MJ>|UW`zb;
z0_=D?`mp6z@R^EDqrppz?_30pwFQaex!}^wsZcR7FIeUSQ_gf|gkZfpv6MNn2FCbW
zFl<=-f+T3<=5bWt-2@PZiKfrlp|xs*CGTQs%t#fQ+K+=Idt46HGFA=ic=eD$k#b?~
z$L_(l+fXg!mLMA<VV^Wu!-!Nwe7c#v-0a71BHWa^Di_G9)aWp-fkp5HDC>X?j6AVj
z30wDV@2_Pe6wC8`%#!bZ5+9QB{d@<VUqtbeM|dJ$`Mo3(X9Hk{I@tZrcta%KW1VS$
zOI9$csAgcF_1$s7R|}*Zaj6u5ad$&>Ok3AmNeH2pdsHml^t<WArSs!9;cRy(mGE|n
zcdic*0D#|LU;u^xi_lh82I8lGWGC|vfYARCs_$fK<4jNYul4_v`9B!P|9146Bw6`k
z2AHrriLda9*VUZ_1R-g6L5Xfc6~6$<ZTQyMViN3~esUZH6|7)jasOVwuc@sap4iI?
z!k0sqnrI{xZsIog+OYHwM^|tvGN&{#$C`r?M7P!F)t5|hDNhQw-gv6&j*3F*$vtAR
z<p+^Qgn2r3EJ);1oG>)r%s{O%S<PLew>rR8A?2Ieu!eT_g3ILjZ2$GNvI|)L2u_*n
zrA*WbXCw1Jbv_d|gwO9-s>&9emJLREPFzHu`X)95k0ROq$lpG+ayb)9L@Y>eO!MO7
zqy^9ZS}iOO)484_?2yCN6Zexr(fAd+|CrT(Lb40_O#$@JpA}#L04x9qKo1-G|Kh~m
z-pSg?-ro9OM)tp%0sP0!{@MFKd-NpFTm7S%vAf{j;6-1@Bs<d-uHG2IdhJ&LGR4D%
z5w^4!a(n({;Vywmx<d3|k}qHWh4Sx%^1BgqFsoeE1X4<fmeOjiEs8geUOt{+g0;4#
z+~x`cfgoW=|91ajIp;5tvS*T_C{oa{KX)Z1O9u6nj(D~?D|Am;#+X<auAXbKQ#`Wm
zOkb-3MrD+7sX-1kYy@(_@pHe{-CcIlK8`2m@oDuM6ZYtHCJ3BSmkR{c8CoRclVp)2
z1ogwm>|vAX22I$*CejRBtcDZk0ju2M8A4q(R%?1eo?573;dEhsP%yF2N#93VFF5j$
z^tZ;8<L;Z`IXgxV(El$5$qwW!_5V|1gTMd);Qx`vKMMNq+9^@hmEU4O@y&1fMR@1s
zu*(KQq{RB(NNB6v1mhuEcf^JspR);X6Z(49C6|@FfDWd3Sa*$|?|s#IJ#<o@*iXc!
zZjnOdj8qsvUCvafM%nqw3^k`{h^vZ`s`ZF!+b)`3Jd;Paw#7r!;s*gJu!(Xyn*uSO
zcG6SuE|RVrXj&;NfGaZ#wYB7!wVCUrCb<<|L_k-eSRo)erN!{-M2V4SsfMc40XFI=
zfji&QNof<M-q7BMvcjukGU=iKG$Jf<*up{q1(mK-m%{E!*nbHd85|qn4v808c-l-J
zaB)!~%ve;T-+>f33VTZYB^e6A2{CZS32rBZZ8(S@I&+wxg4vt2>KMoB3rIX4wg4$n
zwI&VR??tBFb-pTG995F=+mc`}Fnv!(<5NZgP10hY4LQ<`k~6GY|1ua<IZ-7g(U4pr
z2RT^On{x(6p7=(;=uljFXjFqMX)FFw)Lh*-(g}_T*8j36g$dsTgbd_fP)b_}%~ehZ
zPfes8Vn_QL-i9EvY%NgG0c*c(f2(%bs{%C}x=hfb_9^75KP^(yo0PM*Yz%VUR;1>o
zi~U`oHs#a75L)S2jL{E=?qQUyp6p}>jHxHzBc$)YAU1()Nw|r6+bl2iug{R2_*UM=
z*Lyyyz|YIi%MV@rLjY9|W{f0v_=kosw%mjZmp_=<EQ3LoI{gl0zfhSazy?3lZ$Z|Y
zP*ExJI&@6A#an2v-%4w%*?mLbwLPf*CR*i-Wn&vM^}_XLu?=?|@vXfM)}6@NGwOrU
zW2w&f$S4(fOONIJy@-K#o=Ozlh72|vlc&%gZet%V_d^I&%N4((3!+2=!>aAI29aLp
z;AibQG0b|J<cGmIcXjCQC+3f-IrW9j%{zumyH=TCSMJXD+^rvNVj4zq(yZ)0_dG#W
z?9JZzIsQLN{?BT8QAXNf_K(h$vHunN|E+Zw3sYND`hTyC|EiVOnzMG;><E46=iCV1
z@-%;vj4%^{rPB`C9E~=lqHrp8t<n+QI|(ScyHF<^1p<pK7o`Jty(l)pBm(r7${n+d
zWCMGI!jGl2v{Y=!!9LJ&ZD?PQzUCdmy1Z@#rxpkilm6DAs?e(gi8LjMvqWnT=K9?&
zc?FaVX@+3VOHgMZVCro7{PtFR2$PbKLcEwe0k;Q<RQed3iiS1BoS5b%!|cL#N;C$E
zBi4%m;REiZ)Yhm`#ipVx(+FV71zz7AB!q!HvrZZ~OZ80eGb$_5hsfYqERFmzY*?(Q
zLUbbHmMIXP(E_}Wd{fNlQ2;d3pz>IRqB=#cvC-2V#2zIpOS`7MxyqDptlvP0RfCmB
zgg29^?$vsndWq=+WN3}Ja_i2ua}}EhaKH#EQ%hr-)w1v1%v+)fyj~aG%$4d@a(*EF
zu!d%0-@0+@)toSj#7g+q(jKT+$7-!r1-BPK)7KwZ-_*{P8y>_?7-dJh@1>p<n;peg
z7_wl~60i<`@dACuG@1Alhu#Nw|11TVUrc~ywpgkO<5`wAsugwTya*fs##Cbwwn9QK
zj3b2N?!bkBVh!dIyuXCqjWQKVItx9iu%Oc#1n&%k$yok+`Tkm;$1nQN<n(*HemjsK
zkH^F1|5{vfV!Pd^p|kgSzcKgs`)2$&x?rcr_dgh)X8Kvj=X*anoBtM=DCiWS@ALV)
z)l5#`_wn?4hv&Vo4Fo@R&nFux(msK>c}96|26H4O2X^Sg{Q+4v2bTk23x823g|lA^
zX~w6M-7(fpUEuK+us;5Zs|k<9sJ1fvE|$bKpgX6T4P6gtXQ4+5{W`9BZB934y3IEh
z&bN!3!&!F|=UkDsT;O7}CmBI}iZ`4&#5frt^nr_yc({0rR~o15Zb{K`EF5~PxH7h4
zoy3RB5y-OFBCLErJyOoxvDr9#tGjYKQ~u1x>5`a$kl`6}hkTmxz=cPh^C9u#I5h><
zAE|nX{MUeJh^dYm)q{&Hrr1uT<msl9R$wn_+1{W+U9bJFN%E2?w1^mgHap{y$tgRY
z3sTOxeuhPQY6JclLI|apx6bEY_tq@J4~&1`rn37^>9FJTNys65EKcGPV9|c8sA5y@
zTh{WW%V>r|<;Z>1!;8yyaPe3=G8dWD1M^m2!=wFyV~ZH!DjIygyX&*=7VP)EtD7c$
zUd#3j6fNu6Q{SfR*u^rLrz8fq0+N`$^dgxQ2Tc(kO%~X`tmDr@3i*92#Vs5i+QzkD
zP<4ET6dY2HaJ()nu|5s-QlkiGI>T0`DYH)!a?31-WZ^7ZvZ3xgOdFm=jhm-Q`ubG!
zK}<|0iZQdl9A>R0khy7_+sRFaYORX&>}i!6Yf+}sSp}OircXx&7R_7@q%K6zE@;hm
z0HW?RTr;E@$&y>U^WzF_)^li=1Q`cWXnf0VG+z}Kxva4%mKYxX1?L?Kerg9R>!0?0
zH#G9pKdWgC*<N?HJuJ9(XL?JX-bA>XYI1UEg~e(MHT7%2D2F|$Fordu^_FmY>0J-Q
zG-2I^3Xs?@<z&r}>z(Y`KMgfQvZ1Y?K|^x56QL?w8f0uNGu1>O8fIY*#J^U!GhT{N
z8xsD&lxu5*7(Z;3195fMlMWI>s%~zUquYuY0*X@a8i<YwBH|VUV@CMFpRN@_e2A$I
z+=f&^egV}iwziK`v~!|Msq_snb9KgP<Q)|4T%zTfHV0(!=1dvn)U}B4E{{`oDct>3
zWGD0zsZJQb^D2vHkUHo!qMN{k+s9BbE`4o4bSguIP$!VE-avGnGB*Jhfma$Hu!5kk
zlc)Uz;UE38oYKQ3tTMh<`C}3a9Puhd5PyQ3Op5MMj8+e?n@BVTCqz^vbuzUZ!H*Lf
z`sxB<ecQk(0u|U-ODKTB+?js1&xnG-8tt5ZDs$syPaoUBySN)@({}vF^h(sIK1z!V
zE_gp><XNe~>p3^(Jy$lPS_>YmzGuX3;nMjeeghxlqZ0n$lRpJ+o_#84BYv$JY*B+K
z`cAUpNuWz;<AE=5{1L^L$x5-+h`N0l+M?)4q~qGb)Sp;lzi^qiyw-F+ZE|*cc-}dC
zkI~iGXmssde$K#3dNGN*e6iq~z!=ZaZ=K@jc^LF{cw*Ceh|f%VvHAtnc^FJF^d|{8
zZl7b-X8-*sX#J-x%`JqZ()|<QlfVH0F#b;jbG9%wb#bQu_lNmk-jtKP6_?F`5OzoX
zj7ziUOlBiMNX_=A!dv~><0gYpqmi*Scew4c+npf$TIxcy1<Anpt>1r)Id2C)mBgDt
z?Yyoe5nl-icfIwTjr9A+_C%JlG0v4Wxhpt{FSzveF&^Ix+_tR^)ByxCm)7!1M;|2c
zgqFh0cSkr}AIlcS`OS(g@CLTQ3xyJM#4rOiDl#q)BD6EKFk8$)!>Uhtp%Zx|zy$87
zz4rVjv+RwQV|2!C-CL&`57C-1)Elobg+h<VmdkcS%V>9;!ZZg5R*!La@{gHLzmrlB
zwyo=t4+(gAM*Z@9Fpt5PP}kfqnM?{8*ozUxJ~fq}zQp43P?WymB)8!oP&S)%O1C1q
zi~J|Ty1y*Yy_bg1=d_P4f2&9)drj43%MNs#rtr%BFMQOXYwi<J85dGoqM}5_g5Pbf
z^YMY;US@N?*0g+2Y$#M+(v_K7&a|#>?vIc+!z5Y=0^wtYFyOp30#ZnI4IEz9&jXcN
zAn4%i&&=CbHx}|?HJPEIY5k)%TP>o%%frHMN<NF=^95|Q!mE*Ge9m)<{PcoOHkvS^
z@Zs5Xq)iT!DFVgeU$q;LIPmlmknvA^%yZSu)6owkg977`aORUJo|8%7k|}=bSukXO
z|J~pHJGR6m8^Q%Kz=YNdxdDK02@o1b4v0b|-9y6?SG2c_0@u(T_BXou>g(Zey4iB8
zJ!@d|>f8+`G)I8GsJ)`eWtt2UE4e1?=BZj|x8XaZ;ejxB4X!ai4aJ7uO;UKS_%LO$
z=UX+_O0}zT(Whg9hk=T85a3djPQoD+$&wKfFjxj>BB88IW-b?p;6r|Gcm+!+BHc1f
zW?JTQXsZuYq)LW{K!#E*TNN57f0!Xz#Y@i0m{5YoY`(b=$xw)7rtFn(43q4C&ohkP
zVI=MxP*h31Xn%Ma@neFV@42LJL@(h8@q#DU`%nM7ANlu*n<yn@<ez0}q~>R+)g~lm
zsT)<97MRtQD5hlQ0~)3OLJt&`NkK`zlaju7GU$m}8A(|oMwr)>B&6l*109`j{W(uR
zLpMb?FDXmg_*aMfpN#SCbJ;s<0sv?;00N-=7h}#AhEAp?$}UcpcIM9i;%mm&+Makl
z_2w1e9Uj!bqY-d2p5$oKBL^nsR*py}2W<rxo(?QH8c7q0TDA#;uSCu7yQUTYOtqY1
zDJ~FthJ!Y$iYwmt#rUT6_5FpPuP$xYxP9k&_@h1F=lMN7pJm63ZRYcN*q;CW>XTpR
z=QP=@-G2SijkBhE&+qT{4c~kG-uIXJ-mTjwn1A=~_e=7qU;q1QG`(B1XuFkrK76)a
z?A|u~mTLES{8l)<Tej``oO^WLR(+cO*WYRS{vV^&mn-?KKMopq{-2ZU`u@+7&Kj@&
z{4VuR$@;$^SMq+ZH+8=|?Vo$C-MZ~tt?tveTl6pepD)mURsEUn+22K94qH3F{eF6W
zU3TiJ{Cl%)-)8Zh>H5D%uf_7ae!r(L^e5$a=(@p}ZC5||wE2(Gy3F2v!(ML9!)<%~
z>|1`Xg_^BbFNNB!SG;J>TesceXVGP!9T#Ta@6|h^!K8L<!%g|T>^E)JTr?j$P2)+k
z^bJzgsA}e6{3G&Tr&b!TpN3npW$)v6{QjR+ILBKi0XI#atTnGY<G!|3&3@e6H5~`d
zcI!H9)qdiW9R)Bx=V-%DySCAR#_(OwI6}+rY_X=V3v~2ZwyzEvZ5X7dQ;hTXo3`9r
z_zWSoudl-Wsi+6mZs9j*pK_JfFK2b<J=xDV$8u<J@`IOm;f5_N_~YI&tzBP#tJ7al
zj#^zUK5$1?^a+|T*HNC(-Fkh7v*T~9ny=kX&h&3y_E_HJotNzhx!V(R^M9{r$Lsqn
zcWEh5Q(GSreK&o7?%zTC0z-W?SmK*VsHnTbw}*P`-atW|J`1;uJ6)~ac3v9uUFmW*
zCg-!h7i`*wjrs4g+B&V>Gq}t)_s^dD`u$JU6x-ZAOuNT{^RxY0FYax>HTAg~kNau(
z`@=-+)-^1kpiGqgB|_@9b#U3&iuc&A>aves|E51kDE@5LMyxy_PlnR6p%!%wi%_3c
zcM11z&h=Z~=RdURZdn;JOy4$+zTf$ly&p4p<jSzENq=F&`??)tZC%Q?qvA#vQzfIz
zCR3%Fb&UV+7#p{9WIE@xW6BldF1f)W4$A-T&cIE78%DR%|F#9kz|G@^1PZ-P+h;x4
zkhNWg&zNoTw<-9Y5SW4EoTkp~-!@#WH-Hr1**Ivey-gME8MrN^Wt+;wvV9mSNWN*c
z>pwL=G`j(#{P}rrhMfFXeSgoNS8-ET@`RkspoJ%@$JT~k%=$L&w@Kr*nZi43!Zbj|
zTd@#uR5MYxot5~^rR=EZ&KX2a!w$!{0$2k8_qC`P;IB|aOkRtqQ-6TI<XgXW9P*gM
zBZ5$soxCo*Ez~uDb?YC1zoff&C)@SE+&uAH)TuYbF=4h3qqQ;WFHt?2(wQCczK^dn
z`;0zS?Y@2}aot;*x`9K;IUQ3|?z<m{3j)&g-?`QPB7-?s6OVuGZpiNfN;Zq#WLoEm
z#0~)6z-3EVwu6pj#bl=!DCN{e&g<9rUDh$YTBpaBaA(Xa$Ak7LW6ewW)KAav4{`^N
zH-QZN!e)O?T=QSEbKwr6H%J?;5h;6IakQX-y;Wv;-7;j&GLW58PCqB1=Bh2;>!@BG
zzzkUtcI$9;<_5e?zE96#7=`anms1^KoN3t^{BV<B*mQ4*q{m`gu2tNY`7xz5@YKB+
z>>BbMs@^<dj(ISL-8t;t?7b&_+jXEH#YAG3`M%${Yn0{axv^PvkI#wchIPC%fpVc|
z<3M7#e}ncWJl$lQ20Z&!u7Oge^`C_2JL0;AYZgV;w@$)ZSK;m7?-ydfb_hA38?uK>
zIx@#Yvl3wVyM6ts`tdn$Bc6uPOiR9>?P!Ai;rh5?_jv%2TUi~{kBkq&tY|J-<F|bK
zs$j*C;IMJAvVlRD#Y&6;(NTYqBKww}*zda`%qP!@P$~>wS<D_wSU;cY<%q0LIJdcs
z8?eu7gn!`UoJ{3seA)JBJD6k~95$SG+YfETUA&Y^%&QF-{!ZE>DDi5vu^8+^?<k!J
z6Q+-YK1FED6iN@9bbh89^7_+&cGW<=1Iy>eN5EhRfC`p1OCaH$vNszr9G==^f4k-9
zIUu>;SQm<3H$^tz;yHO5JiH@&lWOtD4fqPIdv-Ov=Q`}UOZ(@`9JN+iv7vo06@Tf`
zzAswwh&vifA4(O$&j<mSoa8VZc0k_=7a{&3^V1L#_JEF9ES3U5Sk4%@j;-yiA!$GZ
z_YQq%5%>f!TP7Kd8aE!sO-m2ksO9pSnlXb$z>2=Oj$+6dvFpV!njk<pV2)OVmX)g<
zT*rTBrZfGjZbxqkHEA6H*mEI2E*zy&Z!}K8TnT3DIjgZg^UQC}ChaXkJVN@X<$MjI
z_(!bXaIp^m{Aw0}Xu~i9%XPKYB@!UK1k2^xHf16h*IZYH6Wo8?VJ62A+>wof3JJyS
zsjEQzG-A0E=5Ni2f3k!FZ}=WiqP~>{zk$^}cSr^n{eZsbdM#n}y}*4AEl6bcN{joj
zp+1LLDDIE}M_($AMs8hwQp~Qgyk<KIOcp|&VhiOEs!4vdeom|hjvSD&$H4usG0SN<
z_fAkciCVIGyOS2{Mi}(R25Mn49doO0RTe^sTZ6?b*FhE^i=#I@X`}IV<z7uMR`OV+
z_`nYF2uKOSh*Imxj+@2Vv^jh&B%zWCx%wtg_||QnqPSxiG+<(Q2%{j77eU(n>^)bj
zEQ1C9+VHZLet3qHg6FB)FreWIVSiRahGNR=B}Ex{KTKgvh&c+`M0<vRB5v$uLH2(9
zfRC&8xp{=UCkO2q7dTRv*MO%GMa5!2?p34SP-pQbQQjg<0{GkJJ3~-meBh&Kuxvo;
zz@I*eR8P1|+wNJx2Wdas^<8E=w=LR18+O<*A^e^OqB0zDJk!%scWxVQ9=(r{V%|+j
z5SJ%bWFQ78_Za|TOX|2G0ac$kPO%12mpD^79e_W25}ROP7}IuXC<t0c5~AL@xZ@O9
z6y>*^@EV(cU>rKAr(PV-%LnN5ykBF@r8m6t44|<Kunpce6;*&9Nrr?q5N;2E=nNVU
zd&Mu?jO%xdgT1njTo4LX<3AxMri=b8<|aK(s9w@G>BBzSRmz3SNwkFhq06Chlr!xH
zj1ag$3x?o37Hzg5U9)VI=WXEBIxzn*6TvF-Sw63I=NZJocYChWZjlBuCsuzbGNb_u
ze+7UsTPx{n0QYZ2IC$xvrWYq1%8xXW#KCOvjZ)#>Vp_rq1udOdZhvw3OB7MEUn7zj
z$70b?Aw@t3#WRYJDLB62%E+?_$zAc-qWrn%E5bB_5Cjw|!`p+L09)ZGkgDJj5j=X-
z%_HE(GT{f3paKSm16Ko7Om)pS3{EpRg2W6BSSj*^2cAm7uc-}Q3Ajv|WVJ8FEzD(1
z&g8dfgBCF#8RG#badVJw7r4&*j3MiEiduAmkeO{)=PBNlj2v}&_4koldL8in2V8C)
zs@yFjnmCjY@Df!w(qJ8~+{0UjhL^zNO<V%P17T3UD(X4EY>I3Fo!8P9_!Zd#q;{s*
zlSzj<LSq!r-D0GObvd!2#+}jzBM0yjuqGT@79#hI<Mf_C($82o$kk@mZ20)a!Kpoo
z08-G>lm%5{S*S3<B?YIzgG^$Z!Kpmt^8BEiqJS0*weM+!E7Q1+Fu#nzldH;4pCSCq
z)&<DJ!tY!5QC+61lpNk65&?n1oTO-5)dg|Ti^LIcu@)RiE=hvPp9BK&8<K#*6*4Q~
z%%7G&KFmE~1Ibgtv4!u3|1RM!NNiv}0hW_QfS>@^ASc5-M12C8;DClt7PoPzyXJbg
zXAdwnwdL@F@yPmFS9;>=U}0W(q88jKM|#?PTwFwzt`R{dcS;^7lb9u9sOx#y4-ofx
zr4>Je*zhTzcL~`HrCIlJ@9yX7=JPkwz^IbreS{Zoa~PnON*Y5XH<%F`zD1Ws3jH}!
za3f6cE7-%ROE8kYtLzTTt&R+?omd5AAN16<+Aq}$2GFvPOJJGuUhzlwp!Z67hMPKX
zX{=mf;m*)upK%zOkalndqJ&Pi7m}MWPv;c)<2kT{7(vBEf%Q&bm^O~nU*dRgS1lls
zDBZr1Re|laY&ZwOB69n)<KYoRV4(hjrg1(Ex&?<0KceHY$#-a<)=*4d|3ur2k}zEk
z`RwZ{`LB5}$V@%79w1yp0LY;(b9?uR*(CP#x6vDeIS03m$dLhxwB}`je+s+Mw=(c|
zlf|GinHwC-mYwxyG*2wXqh_s^hpv?*ITBQ&4OP0dkg+B~pc}x+ehN@O37vFCU9fja
z78jlh!JcsQIX>FN6V1!R{eU6-St;}10FU_bLnZFgzO}B2Cbasxz21{-i6KPttSJ1U
zO~ByI2N^XMqX{ZVy&xVT@I9y@<32t3bQm^Z0sv<ekS>InXqeqc5Xy#9XZGM=ke#o9
zm@&0HQn%8O+%J~PWV7J`pFR*OS!gI2b~git8>qn%o&b>}OO@xDlXT;Va~0A9%#SYV
zq_=kZ1}`FDL3oYvnDc893CW-#1pCyDp$F!Y65{w*9y4z(7=DGq66HBZL`XQ3;TK)#
zsTi!z1W>dsSrGKY@$H+W5%6y~-BvrhzdpL*Xi&upM!}v+SY5;gPYXnY#K`6da|#;M
zD$CW3C3vy^)ce1V3>|hBObb$t%#%10csXx8YD1lDI+!D*KwV<VLnm+P_F3v2&f0mb
zB&RD_>E-P@m~oiU2+3|~*b+wOx-Tr-mP7XBaSIU4-BA0E6BG|H0*o+2CdnKUay*PQ
zni7{6#8u!&JZ?0iN&Y@8S6-9u6sC8vuBib6RbhAqoYFi-E@;!U08)iLb*|z`qR}C`
z3tpw_r<I)g!h$d($|5hiLEu=Uqz}rPb3oRrqqP|+xugsPDF-Lsqj%SEB(Q|y(7-FO
z4OI>vDL_VYChXb?u@YGMXHdxn20f8>Tx2BXGqe*mSlbCJ?)o?dhDq%9=U2f;E?}8)
zHq2qP;`@@4tX!}&1&n|_<MrrHGBL=-b^&S^0RaqbSZnUVNs9tW3D<B<(*=u|*J1SA
zd!Ot$LZpGABrS&`2<v)okKl_43#t2O9nrq=sRW|-u;@XK=*3d==jW%=cKCCu6XTua
z_HA!)nfKs@Mn)MsFxPy7KqP_KWdQ2Ol!}2W(hjEEv+KxH>!wt228=}T1CJ-rR39n<
z7@U`<R3w3^e@0`#Q~8BtBRFa`)FQ5N3fR@9OJ5rZV_5^3rMgI)p|H@3pvUSQZbNQJ
zo`f(ZL|yE6)9`m8{M)};?l+vj%~JMo<SH5c%D(_dAldDy9fRUTnJs3B^C6Byo+L4e
zsLe5mt3PHvH_Y+4$x_8Qj1uSFtx?hm{SgDvFf2LRKHAQE>Y_=I12;2lq;Qb5Z587r
z<KPLz|B?n_g&2-~T?2e)8}&&d%UfXqg=;@m5TF5JR{ykwBHBWAMFvrxK4lRG0uWI`
zXQ{93qrP}#y{8tZk$e-5%i|h|rJ6^Q(Xrm4E2D?mt(z>e4AnBVuvP=ws8(u*ou4+?
zJ`o&n_D1PEqi5XDx$!%ek~wHU2KjU-ehR?~tb>?BYRQ9F@duNo1Cedtc_)lk(xqzF
zJ4R2T7qfxT+`pux$=|l`Z?Z1&&hJx1a2&x@Jvkt}#2Ir1bU~`ZN#EZBsR!IE2vwnz
zaTMZx1)q9pz}0XT)S!@Wbr_V7-;TvJs6s*!cSzq7Cz80c*h0OBC+CCtIf2ckLObj3
z1A)gDyc>cQh1eyaBHI##55(IQv?W`S(IMAH#Ob<}Ix;k@pgsxcE!5(F-ZY@84+g-P
z+i_@=uXX$lU<AHn23J$6!+9pJrWUe|kO~i>1PFbst&kp#hS6<qEa#z)N)nF0(Mir8
zvKIsq8b_Q8;&Opx70b(C8uBr<;RQBcM5CK5m?$0@zo!q30*@b#Y|G41=kzSz%xzaX
z01+__p~!*|Qd>55d>^rScf6oY`oScbhyp4WvBUz1<b>UJN#1(j6Uapzqyi2h?)$rS
zNA32*!AuyyhDkn{8at9P)T34+CY}n&J7|(qhu?=xBmwTXpNvHm^}E7?x=GwU+8PKV
z5^Wc$l{A2(Rrp5nQ3Gb1G~*RQVFaFA%7%oX`QydaQvy!`HF2qdL|2P*^n72jux!VO
zvoE;xnuc1fZfMvn26o`f+gFR}A?O?{PQ#GZ8|7_=7wllFs6Ga)Oz~XPC#B<`cA3)`
z-X3<xxHzf9nF&%<;Rs>Kq;678i5pN^5<h_w`#nt{z7MsLpb3H&#XK@t`B=Psu*J6-
zK_PviNUZBYu2I>+A_6QeCqPl8hy!zVwqh4D$p+iZSyvLF9OA*lAp+zXrYTt>o8V@0
zhENOT#H?kHb|y$8CNa4PVK{;!<pd9dy`P;}RIZ@O@rT8XDmUxdEOv#{posPryrcNS
zNf`-Xx4^FA{fXbcu2qJ{)nHs}MG+J9_#C|YtlH)&WjN!GMW5Dre%I6b4rU=^2}djh
zGGs^wbrff_=@)>xUqH72uB4zdoWp}sFSU%Lh*WINZrX}4WNy4RC=3nr4zV*+>gml+
zr8Lv}uX_!gr=1?{gk$II#lY%U+FEh|GKoK9QWi!41A3LICGYoa%w}~KM1B~MGOLDJ
zZ%N4kj2A7)k8bVI-zpel*QR7)aE)do*sAooGFEareY_wpoX7bRNa()26_${~ia~)A
zh^x??>aM87DjnG7kXUDvd=5=+sCw3Z(s){+yJR(*D1HT^`-?1jQ9gCvBrER~=evCu
zwY7O6<uz9(cUaGd?W_~M2u`w2*=({QtsM$LMB%~96d;I*JH)^y<BKbThL-ry0+PM6
zeUdbO5aJbZ@@Q!$UBHS|X}TGr;6|2T0Xxr1i;#I-sbXH=gs7;6Si0!~Xhuw{F?Slb
zA*yOHQf1`C{t;yNogc`3Ly?{5=tJOFcW{C9;*e#=&Y=TFCuK4*^x5anoFkKvGN6;E
z6cmLLIVcCYTATd~d{4nt7a!hX>WL!NNx@9=(t;*>wP#N#QSK7B(1>bJ*lBq$-pRk6
zD%DPx!n4$I(9o-D6<zQ(=F;-a#3UFrlp#%pLytkhZ%RVD)BqASu4cuwZAqtM$C<^O
z#A76N0zlx*;Wu%X@yg4g5&W^tsiqwmVZ$1JDh|{OVi^iNuBvkiuA(R}N>PjA47mm%
zA*%8Wc)D+hoP>%vLf?}(e<!bvFSqFhbDN~pms>$$M-%G(jjH}G{rOU~6FymoSa{7T
zO-LT844W_DQg3dvB2aowB>usgRBg5r2f2Bhgx?QD_jBIae9sZ<kfJuTAje~*wlfC;
zi{0U{z>xR0a*{A3lgt<LHb;YPvG*@?u%b`3py5G#=;gffFI53;O-2%!Pk2UOqc(o}
zTiP$F8N3yYY^gEEJOg&$MN*ifqL-XF%OU41T5~+rXw5D~Y_GirE1^e#m2Zr%N72UN
zbxXo-G0DSpDkhdloK4r=Fw%|`N)$@{Y)b~s>~vLt>4oMAicF_LJ+y4vt;oQ?cX>qY
z{6w@u#=VLJCX)l8rrr4E9<-L)#GoPV()7U|Z%rlY<-^|bvpV|E`%0{uwF?U(O$(TA
zl~N1fb4H&SW;vEp>57f0=+nZqBJ1u|A{Dl9fPD2-$sJQ2u%o+34_qxH(kcc<JQ6YK
z=%H%;kg9>&^kF%<3cK=ew{&z8P6y`LH&GWn{YX-s+R%7Y>^?N|X}R*yoTOGH-dx$w
z0}iHx%8{Z`V1l-LxZ@RW^?CCMzhC@~DLz=`-Wn2Q4#M9K1RQ2~npl$-^^rHrFt2Qf
zU-Na_gg&!D)=TE&Yk`X5{`7k5FWKAEa@Y61oU@92Ma!_#BouZ@m}$u(E+bD+vfg$(
zDY&LfYU}6}RC6Bt7A_JkL{-98skjBLQwvFP#G$bt6-)B6q3e&i%iHkY)e;bE1>{}0
zj;sqgiy=j~1{;b6VtSFL0{}|}C3Nj+jLPU$EMwkG>s*(SG}dPze5?=D!skyw7GhG0
zC2|@=@xYShvj%^}FV{Bo4se>H<E2lu_sSZ3RHO57V1jjobg9N7o*S4?uP$6v<sR;B
z-Jr*~Wz-aS6_Z<o0o!jm?k0%8#JS`>xiY@>&Eh8FRU1>t?1(BX#g;OC^CS~Zi;*_|
zAGh=B14xv9U_6Tt5zDB1v}AvWpp`6^xbz!4G*XIdQ<pevkO4asUw5uO+fradsG;Iw
zUrB^HEabfY8hy0xZxwHeX2NxeJEda!oSWKf7mOc2G?+wVQko}+@fMLbmI=x`2@V?`
zu5jqZ%|y>#XRB0vrKaQy^KR~C@Ous|O!B4w=z17RJ+qQA!GjiQSxTME64BtcW8c1-
z_&P&4K%M=ymyxsz-|^Ur3)REn6MW>A$JjR}&kh}h>@5>HbR084+ypns=a_zrzb|MQ
zp0Rj*_;p)ad;dzDF$m_;)JMj2bhbu1v0<v|aZ#eazOB>V)h{xJP*hHXVUn%KYjI>-
zB{cx=<vbNw35v}Y@+DnBLu$dWkQ^l>e_TzcNNu+wC8MVTBjltmvdMVJC>T|TM*m#l
zgdfAX%H!0cz&9Kx0BbHm6L>RbkBxff9-oT4T(Mi)1%Cuy@`hj~)u+izwM~9;0pL6e
z*io+dts72k{2;w8!cYWq2|4^)FiuQn5{I5_$|F&2hY7*sgY@RN!0z=i5cnlj>T;Lh
z75gr+6kf^|dQPb!2?nQt6nttjgI7h4axquRg`bSX4F_Teu$hTJy^~xu$Z+K1e5|h<
z`DC_@z~ZWIU<H(PdRLKn|B2%&tXMgzr2&3al3;BOWn{jH+2qi$G)I6k-@p=z_lme4
z?aYr^L!P!x6lGFhGA~>a5ZMTRD7sDiQhu&`J~3IF`|Jam#hHks#0~Thv-#m%;;S<9
zwx@Ksr!<rz5fONnumA`Hl*fcPy57fT0jtaxe$G*Yt-zOMXMW|R1w)8H{KzvwIui<`
zkss!%D#Kj(3Maj~+$vX6<z-Z#!i+#<iRJk0i^A(K7hPQ|=v>ZAF)22cwILz!7uBTh
zvVAD_$`KqZyYP(9q$SRxN3ZfgqE`3_u5<o_UbNtXSvjTnv;-qCKP*y|wEc05!lhpT
z@JFcWNpjg0Y~Foyf_2KMNJXfKzYxr5{tkZHTf?Z@x(M!7ui4Um;BlL<+Qz<=7GRUZ
z;kQ>QF&N!+@TDiCqF&Hwl%T`}3gVB=_%Gx~`VxWbZCZKQWD7DkuXE4P&_u%WGJtYJ
zTuk~X6yqh51i;z|_5x9ZD`v&mN={-~T5UPj)NzUO`QOaoU~=gzlG}5`S{4PItb2+@
zV#pvo2rwbD4ZNByVG=8lS}{gpTY{EF&dp<X<FzDK<l4|+W75Q?v)pV1FZfQa4a{n`
z7K7-C50D_j!g$JYGbp{0MK%n^o<9vv)>@aidr$=WIvyPw6-7MYt}|OHP7ankR?Z-T
zwH>lh;N^MAgk@594hh@Ag9&U7%}JrwM;FDkLuk3tvB*7FnlX4jLTd!2t0QXfWKoH=
z9>gItL<vt7hZGn+pNB)Bz!+jyhj(Du6c0$akQxWD{@`cU<1pyZaSPWF<tor6usb-i
zpE#Jm?Mf57rIb||_n@yiYxW?eCI&?AzaHbbX7RAk?9e&R)<vE)EtZGeo;7J8u2|EO
z8Je$5ljLbpz-W>pVlm<QEatddcMSd#vnG?!PF;U2f^?O~h!vu*vX*TO#}r;2BvkZy
zG8U8zh0~u-lj<;kiV#Sw<k4`kg@Fr5X(Gku&Ev$sSlxSqw$ha}|G?;6u9P@9Cy5U8
z8In*QHLAHGQ|>gDqh81)JuMot5$f%<P-vIqG8ENlB@BaU$1?HXyCa-ho6F+c?91J>
z1H|PO)S}H#KC*=DdYSEcC=vprr24Qd^~EnCoHMrKU~=yW;l$3^_B*BpXG#uRW|dT}
zfXoO@xt=43bTXkInlp{uvlNE6s%A9u1}W~&aa8O3YM$VSGG~RQ9Pz0$)D-4P<FeoE
z)FH^97n4>~e&1!OK}C#G;zS_*{hUI4dBU&WBYwk4Y`naP-iG1y652vU5c|N@rl!<y
z?};sSqwf+nx#$%Xy*@i85MnOxeZ2W1<>GO$7<tk<BqLxT@YIKUO%DQsR51n`95oRa
z<wSPpMpK`KFx^1>%<~}Cq@3^-`6U7Pu-sk31mgg0z;_mj*RVnKs{!`nJv5NW<$}n6
z`^J(21YLuGO5wDS)BfPIK9I~8i=GiX#^`uSN-3xl<Bts1fITH$phEU+G&i!wf*<@q
zicjgQmlm;2I~2;zHk`Mh8^gjSur@1Fl1gC1NK)c>-D>e}y(KebVe?G-;h}8EFbp2s
z-sc5Rn{bI!^Ggrrh~FJi!}@Ak5cv>xumC{qAC4}e&vrx(BxGVGMias&IW%aJuO10B
z+!{()6&0J>K+t`+t~iH3{<vgrd^uO9i&q#c1jhd(EH~k-+fN5S`FzFh@9F;?{;Tab
zhrpIfzUy)zU_=_3E?$0=?&HU5<u!%jm+!($`zzsx|MB3Ux^XN$C^-THrg^B}H6d`D
zG}p>lvXG_rbf<Wl+5lLg+cZ4X6W=0zYXolg#9Q1_MHqu3^+$tPE)Id<nOY@wAXKW!
z+(TH9y28bn4o!#VRV8%b*}BHERA_&b3lJLvS0)g?bI1xAVh-`h*<yIlQy9{oA14Fd
zLGLARH7XkoGK!=~7yfNt`-?w*$_hYFbdBG>3_><bf>AJK)(Ag3XWd{5R(n^taKsKE
zy#@_(nPuJtfWnZLsMlCjC%wu;EyH?LiHs;6w1zA|O@*S|hs1yfpMM7m+@HcxnwhHw
zAOV7ZlXPb8n>5TlvfC_;BK_o<H(hJ(CWRXfFzJYBaZ=RT)mc~M+>*NIsk`dY#&(8;
zsEwjML6V<s3#oyC)Hd5T@w5>EGDUmxhLIXiwm}^=yM7jRZG;(Xa4-?=Lr_58BGGn>
zgAj*!bIMj6je!X6QJWf()Wz)3EAtqw5y!no5A|RV-P<Alsm!W~xzwTy(N6>02~Gn^
z-CAKHA!|)$&%TyK>SBy1pG4-s<c&Tojw8)WNfyCx;3`h6h4=><B8q<>H!p!&h5oXm
z?cBB*bQv(>$F#fKhW>jqN4|dRWyhR`Yi*{1#JDlM<d*xVV8(JnWFXmx`(jTpMR;4!
zWJ}oGxk6suAS9s`P>x7$eAIQsgwi#WnVm*z#wR%)M7C4mVB&#iJlpVVPzh0;k?kT-
z9@B-so&#;RMXV8@eH&g|+!;E`z9$(s_!60m*={gUY1n^s7OjA7DX4Uj7oCS{u;51~
zrPeKJoPY}Np-h`m?8Inc*iXRQi-loHz$^Y3y|@uWE^KWpIkCwkHOa+OcdsG6@GA^4
z$Zk}!G0zj3*e!<BkVRiIi?Ha^lm8D<B<e>f#;VeRy6wwJx>Cxe+lL$tbR83%Dh4vT
zI+F<#K_vRg6yR1Pb!FXRi_jVmBTp=z!5ef1lFP{0D*G4oJIBoKJ-0K}y*CO;i7z06
zZv;t!lr62N!SPnK(Z<YUN`d>(Y0O`#Q9?LJFa_dJ%~DW?{Xw-<HZWie5aPrIK|baB
zYw>R44&spyQK!gD`a}wNM5v^*Nm8`|l-AfBRMJS{JePTu)rb(5xp5(S&?!G`Emd!f
zwHkP8y}@x7k)F(XtE2}UGEWu|(;x-{**6x!)ebgEay09Ua>i;DJ*wl;Escefh7(te
zb6DAF3AhsdPf__49I#$__{Vy>7|=%!Et@X_c*-rNXlLy$j{bYwy&?hRE$AM!?_^q?
zcqVK{QJ1BCiqgRfyy0-T9l(|DBhEzSqu^8URYrM<a|-o`x!^{tlC;iQK<fJm5^>$c
zD?|^GfK~jhCXc8+Doh`i9Y*}R0pH|TXG5U^&1~&U&+H}6hteSn2OUn&(n!e)3C@}m
zH})lq!jn-=X%Gyg<{{tg)^5KVcdGMUXNRM@z37}_%gKd94MWHm&<UEJ?!Oy)Wsj>H
z9{?R<-dfKb>=4fzqcvWUg?fX)AlB1evcevAIHW|wW&R0$^FujArH3(%Atildhv%TN
z+BYK}O>n}K)oE!U9>!%nvHGgM`8@85r2_Y%LDU1tIWR`Y$a75P&<$s}%^kR?Fe^uH
z0ARG}K9`oWP+L&*Dsiy;tWJ0n3X686n*y4!Ijt4pXLI7i!Lgjgs{r^Rk<>JddMa6o
zPO`b5dy!Uxrh*u^aIQAq9Q0fYa9Q#Rtk8@c+qvCwXqdw*YSb12p=)Sfk|ctBQDCds
zzqAT;Be8iLODMEjE%(e{&X5=TbB>b&fZo!tv?Tp+uG-v`+7^aknk-eoLcare9*Qpa
zLfN+oMQNcecj_x!H>(uz(<{wP@*GuIMrsec4h+*CkVi=B!`nq3%zBOo7Ng#Ea4kVV
zzWNJDknNkeGNOVEN@wTlICWXBT9X%knB0=(G!kkdp`Z4_VM%V#k(E3(tnS5~BoSg9
zFB2?T$aizuNZC9AQ3F&C)C9miCJI^9nIa1nQYyLXjbmz)Rdret$k>-924$5xvmXxb
zBiqptNkAE#80l-VX^{Bk@@0JiS&BwmE>kYmXS(|s(NW73jRgr=jO<a$Agrz%7Gi_P
z!X3j<8hlwd%~9g*>Cp%#y(Hyk25dp-I-eyP*hq463-@ULCNhq;6EP;#>_I5IN2V%L
zAfh6B<v#i=9Y-#tDfQ;-WnHF@bSG_qp6g~f5H;z*Z2HK-sk1p8RL>tPmo%l6;2#o-
zoziHGwtsI|l`%-_6x7b8?UlH{&jE0lmD8!=w#{vPJDMMfH~70XH)^v~lHATD#`c3T
zq>zG7L5l<@d7Dyu<ksajX}irDANequ*N{c%<4_IK+gYhRqt!o;XOP>Z8omM`V_e8r
zLKT%`yk7$*p{yftNmKPk)JY{D<oEjfA<?D2H4;m9VJTcFv$Nm_Vhfk3>9x((z#Hgi
zLqK8+1h~A8u3}>QZE`^$_eIWO3aNu@*`0s+Ka?n~jxJ`)(lN3Gl22&Suen5506%?z
zOH;#Ks&?DAz)Ky_n+Z)}tY>?V_@Cq+-`s`DQR?JOwxi@U1C$IJCY&(%BD4y%3+8Gs
zagmEhvZb&bJL7ZMAPeBFKnreHupBkmDYJJ*(Bk)-vx{m(Pq^GLCB<mcVU$@PYKdWU
zH1{6a^$ObeK1mA$CjwzP;BY8C)AI-xUCk5-(l=xdGJ`xL;`ol=r`gbYl@CV?vf_n=
zve0e0@O7&?LBJpAEd0#FtW((`7BG!2mWjuEI<8dG7>KEHXjP{v6ptyp#^qv(`f|y?
zN_)V|M7Al@+&0vC;nr>HAo4jDifhX#Z4{>|&ZBndDlvWKzemm;gbKt4Hoa@@Iw(kw
zffVc8>lmAo>;i(CcFkup2C{e!hLt%Mns`4V7dB(xjM0b$Ob=ahfV(A^ec2P-43hye
zE20T{K^~e>1T>m9adrXZM%&h~hZwvp&Dhw`Q?fncMJA_I>q#y`Y7WOcWVH#&cLa1Y
z78PjdO1ncyj^wTvD=Y**?mHq^pYt0FIj01e=2{)TF{dVc|Hv6hWEbZ3Z6j9ZJXOAP
zl^s1^MGq>K3`x@6F6l)uRXxKMB5!_Ss0#9Ebu!7k*nlMEJzJ5)pC>f9g61fqRAN<z
zxzf5ATR1C4h2VC>)Cf6JF^O@AcFv&1TGVJsYHjUzdqt<4#S2GgpZ44D>V4ziul#&>
z|2BHruZzDB<51`zNQ;AIVvGw}uswf;Foo72W_kII-V14)f`S`I!hg1q$12M5{q0W+
zT_gx01c{`$R*`w8v1=Y!>DfWSmxZ{7z!&?Z=#)&6D)^*$9Znpqw4gU;`fJ@Ip>b#%
z)>5U9kx~s_)EG7C^lml#4dOk`uK8ekIO?esYX#w;nuc=Zy`dGGD^(hw(<k@G`HhJ!
z%}VH!OemP`LHvSYX)m6cc@UPDQN<Tn^S+u~v}{2xVF?nt0S_SILLSH)jeaRnLrlht
z(DH!Ut2PL8+Pop(^>{%tiqpGu$u&uu=$KUrEfHRqL@ewIr3_>M9hQn+w;?uvG#FFM
ze6Eu*Zo<aXXxW<gfdp$Zb#`faBJ}R3z`gQ))m=bos4z339<d8LhVG%RWSowE=TU-l
zr1M?J$<_!o4XF|RWSQJ@@*<>dIpgtl)u@e`%1O0jRMJ#YzVsShke5FAr1H57iQNM1
zL49jf;-=9pqY3*l<xB&I*xBf>DjGZOn<-V>dlvdb2?us({h$tnHFE4uo*gt!sQ}{q
z2LmVYG7@AB(bA9V`<2p&)6_;B#{ONVm9$moih=Z%Uv<DV2VWwXP^Wt?+Q6QasJd!0
z=G0I!hnFW~Wl7LADOXz;cwl3Vib&={Wvc1K_^zI=T1Wel6);{=F|<PNo4jU8dih(e
z)6#h=s;V<@5t!b%opbTsxPBxkt%NJRs9;(DbriI<EaX+vS}_V?mL7p*(r~rAzs1k~
z$=+(@%A3bUKy-(`K&b|mtJt_2d`T-4EoH4q4U!2-%UMBaLAas;%cY3)#_cR+$%~dy
zNWy4QwCqjVGq;q!Bx?{4G`Bi2%;F{kJ>@k>=8-Dp=|QRi2k)O41*lkZ-ybCg)GM;@
z8%EelP>HU&4DQVP86j2;&6n~#D$RS&VAeZ^!qR~Suw#V7>2sgfI?G1u26}M=Bce{?
z!wS8*%T@0uKbLP|Qw2Y}bAXvYVRA6iPUvc4fG-T&QX@Z^uRUQi#!Z`8FIn`8l@C$s
z0--o+=j1jBR*G__UDBWR8R7J>+poi5b-N;qDPHkIjx5)+9}CW~(wZ>sD&Bd1Rzj&$
zyq%FiG7KVJdemo@*^44n$??b$q_?ZzH1M_Romzo0XW`9Dv<oT&5SVEuSll3)ph&yB
zhCYn-ZISWlCweUYUEeWDXd8E^@5i{vldbEEjHn%eXZW_xtfhu^zG86`^*zTIZE21x
z5RJ#vw_l`1M1iE11n2$^mHWwvm%aodrw6qo)`+y3Ut`B&JWN9SSD2S!r5K{iF(9HO
zdSrLvMbL(x3-ic~sVo%9N)C=S`$KI6_C73kXGp61R8spB@3U%a8-a_uOBDk?6kPh3
z%}0mKWzn^Zfx0?_o)W`J8wDFpikiV@_9`_OdmZkC{t0dtO&Dy*e!$jMSRO+|u?KhP
zv^i|;D!*)``y4{$J`&cbwhsmzGUdkP{3UUW+zRJ1E+^@jS`n%>F{-Aa)J;8LoDZ9w
zB`mF`-z6FwB`zW8Tmqw?Xi5mIi<xx_4<984iqdb6*`p(Dsu%^OLrcJj&c~zE#~l>-
zs>{}rsd|W=sq5(?Nllc}sELcJRLeH~8ttP6RQy9_YhtHoL}>Qs_>E6pMFXwR3U~~w
zDFW7|dT!z6G@~*Z#~e)nE7!ZNPiDNGc3O5UJ?h)Y5n^Kc!;R@`r1BJ?V!c!mY&Bg~
z9HM@v5a2Hx+U)WB$&G)Kd%`4H7Y#fk9V9EHhujQAoB^5N&}#%-1oYdh=IUE+*$dKI
zwAyO)!@}CMkt7%rrstw(onB?A3I<p>p=ixsf{@#h2g&8h{=V_z<V8$W*&~3+*GJM0
zus7>cN~tIR$QzGFsb)-x?mv4=m|H+T*hmak8JbgJYYDtpd?re=5}&lw8GMP6<F*Sw
z5?is?aCN8f7?YJw=1NACWm=gx&m<Vpq>jv<x1D5fwcqXac<K8+;7UD|@FxRxZn|8H
z;_ptaZ8U)#KR-<K_hU6$uWX6XL(v8=zvT3sXl8Y1d^rl%x9lQL<-Iw*+kDc38a?zR
zTSLE#cfd>j*3v-M%r=2j*<J(of@a0oz@*D8^$?4K@q{qtdnxB5L`L@m(U&DHR@I5q
zx}@ABf6jA)BU~N>?=H^f%0~g}VYH#(L;h%6TlsYb_L99u%f%69altY1)2NOs&Msns
zc#2W*eI^*g!uHo}C^vU`iHYKC)k!OyK_Ei+)W9l;h<|w3x}y46sV8IUM0!iCQzhvo
z-W<>BH`b-zfJ^!aa*34uIcOdae0X^A3?4ae+oAc;T$-7-*z+nNDDn33jAcCA8z)7h
z&{(Oy^ehx55z_Pwa;ubLTUt5dc62SobKK)Kxb<*o-vmcNRZzn+7ePtcyrNYXWD87f
z)&}Z07g+Ul2W>OT<)cs#0@*jyY?bQo=u&b!gX_h`X%G+5%YoAJ$OS2Uhwhkf{9m;F
zQ;=v)(*+E+ZTqxs+vaK8wr$(CZQHhOown`i=ly1`X8y~$*%7-cD<gNV%#2-8Q7iER
zG)qUrDCZ+7$b@}y#K;Qhn!yL{V)yU!%{20`_;}zk4HHKGuwVq?6VomT&&M7kXfiNo
z)Ch{eB=~E#-1ho?p6dyC>e>4Kg9@^ps2r(UoDuSqqziUR{*>W_ma`KGr{@6eYuWW5
zX5R(kTL&T+P{u2&fxe?2#t>w>8IK}<M*4$xEE;-Y5H5LhBqeHqrCsUl2o0;<-T?-8
z!SEzb%xK+Y*I{x8{WXUw!bO_y6FIS~mCNQK@6t88=qS_n49TOc(gj|i$(Lu68%|73
z+y-|!>FW4}uE=24y->&|!l|HTX9!+D)=<>w-p>jGi8B00Yw6#gZ8Si@OqnAmky-AZ
z{_RyYwx`BIf{1RSQ~M0k=2Jiz<TM6$jk)@P7a@2Iss3xdn*5w5XTY&W{7d@B;qbrJ
z+?*gSi-%?eW6V0BwZji#fAPG~nZn&p4PP$LY;KA@-gAgDhr~!m$$BW0`Z@LmbW?0H
zbVH>#Q{UH&C}BcFLAeW`fZZ&d;%LuKC|&d%9u>Q}w~hccWoDq0^t|W*Gvhd6Wr*mM
zoj}z63ufD-x{&Z|BoB;)degZ*Z!}-Wx_U$uQhdnkK2)~$P}vPIl7|3+&5{MX&_|3Q
zpp6^2e*aoRgTe#HiT@CXuOMF7tVp+RNlM^YCRh+jHX%m7InNIn`e)FC9TGA>y%sc&
zPEmY&I$v4iZs9g)z=@VgSj4=L3V9Raz@*~69XIs@@~d#RSc}r)aI)8>%u)ER6yg>d
zCHb@MvlAV-2}31=c+@-JUJI?C;1q2+UYE6~;kT8$={@RNzkhQ&p-NNDyx!ZnpV_E6
z4@L1f*3i`DNi!Jjy|Pep>K@YwARy2B<&KoAXTs2$REt4)mA?#e{++K+_OyrsN9PvC
zk%0_I<1%*S9}n=<#;<lfEs1Y$>WGQg)gMSsqOGqvdxOqU^N4&mYD>R(0}D>^l%rGw
zO+VGZ>Cr?JeuPPLmf&cri_DK~*GzB|>Fo9qOjf-xhv7{?@!ew2I<ATr<M#%>$Ju~p
zDnXUy#!52qtvj|W)j?xeJUIlbBEW*WGKgY`Q8PQoqvs<~XrygL0}V=4xh7WT%dRDR
zN5z+lX25h;ADvN`TEL%SjacT5d+J}AHVYnHgnNJ$%0>EKs)rL3MY@yaZJ0rXOw{Sm
zkw)9<_VW;BkVP5_G98KMXp{)3OG`hHQU}J{x6syiq_M*W(){4QMbJYU3!C0|B_{aW
zU&cCOnecv(-d3jtb~lf{{CGy5*9+C8TLYw~cAL2Zf1JyRt&4&u5-VKkU%cLw!ja6g
z)u{Sf{79bomk!(%2oJIgODg;?MLnc@MiR6P+KcrusT9=P#|F*mL3%A$P!1Mz9e5e6
zyiHgtaS=IjrYkRbr+`3{QJ0iP(+BwD9t!M!pvoeYRs?X>_G>-{#1Y{85zHQPOt{ls
zh+-cE^Nqc#u9{gy`70+QE0QQUnQ)l|e6${TP7Teo7f%%(TPPQXYzmf{dtf$7JWgbA
z+W`g$vQe3bsC}9lhZCq;DAkY|A-%Yiy9Q1bKv4?t0WmpA>@LXkgd`;#SChc0{Nn+I
zhdFw%V#K%drB1fi>(oHnfd`l6ZB~_Wqnpp^KI(c;a2T}r5k~0<9-W@YK>}S!4MUh6
zS-93H#7LX7dtd}gj_<h_&T=;EU~>zWdxU1>Gu}tP2R~4|NhSm7upmp?2zI}h$?)`)
zZ~ti_pPKZ*6FD;w=cMNhbu55Zdb#JO9wx?&I`JhG)pd?heSA@{$t+-Hl57wLY`pj-
zipN($AWTDI!wnEyp}&3`HY;mnNnJmo)ILeAx_1CeqF`LTr_rbf3|JAWgWb_OH?Fef
z&_&hoiJZ^IVKw$o*CDSprqDlag~Gx!S*4T;7uYKZA~@B!e(9&-l^#q5&IxwFi@rC}
z2izmJ^&-YKK&%TEvkHm#We3*_)Azi6uXAT6!^&Yb;t<1vr?y-)`0R>zVh(<dmZI9p
zVag9^`RAcaS&NaPMD7_MfXjVelfAz5(5k7r4aD0D;AdyrP#dw${P^7W({3MCPQcoA
z4t`4Cc(KZFMt!tZkNjlXpntblI;t`o<RE&KOh;1|-CLVtb1jKA&k_-p2d`Z|s(0|G
z%VBcX?C%t{`EdtO5bVSOd*X%;BK)#qoTq0ar|FpE7#bhlgb}x;r%bd9q!{?^)#Juk
zi^Pk94r)Y}Nz>*Crg<mnznc+F(S$w$c(S}|S!x2*k09VhCixD4EVPZpz`bd*A;=OT
zIOUbUD}87nRd?jm0&GPNM=AD_{;Y2-Bc}N70f+l`K+#QxF!eH(Z}(n6+W;y^PE=ca
zvV?6*0T*e+iIwC2*F-8KuaqW7HiWm;dT*x$Eu73*W~eo85CnLg8IgnNGo3rA2i1!*
zx|;Yz+Bm1E0Gp<hTv~r2zHi$oL094gwR)9vs9b6gUM{38qt34HepVf{u2Rv`mL+GI
zLPuQ!q&!BIP41N!L2%O`R3x#zWr@|RI<qsRV=E6>6)fzfgBQtl5<Hxfb!gDGzI1f3
zp;wl~2NV+k=iHFOg`b7Pw%!w)DaRb6(Z(e41Nmkvw;E==LO9o9trC7H$Le&lN075z
z3=MDK_mCBsR@UvuPioXj4Y?7`WGrZfq-1;ZR-we~_z;$&m4_|gSu1bn(j|luJM4^R
zt1a&sz~8|w?QsBRRtyFmgMU(>hTnA{xM|p81*Ydt<f<cp%Nj^T?E@zBgC*U@p5K@l
z&s>04P=C0#{n1Y|2A2rk-QY)SVXIL`{0*cF*+HAS#0Sqkez%)~7fs<J-xZ&qFA)83
z*!~ZKg?N^RnNDVe85P+#IPAwMxr>4*9ek{s3HKR;q>O3a8<vlGp`fB4k|LkP@M9V{
zUg{@wyG_vIYjh~(?Cm1vJ`~FITzlt^Xtr*Tl9n^8_Azka`vv)Ho;<fQO9AGWlcSWc
zl{;xW_<*bQ&tm%6=$AApTYun#XP+bPu|Bbv0X_qaz2XX<kYGxx<8P2_%D1$-MB5j-
ziZM;3DO!gPPd&h3^vX`kk@eynCAhfftqG1OAaQ_H7;$kkT&2p#hNj0bhj1|$>Kzvd
zj(*P_M4>|ScWc6Qg5b284gve6uwp!j_)cn=qEi_;wmczmg%|Hz{#*nhg>Viwsi4;!
zxJCp9riemWl3mFs&|@kDRtF3&3|=(CeQ2dP!YSfUbAU>A{xMfVgZgQg;OB3Wl*abe
za5NeN2kJs!=UERP8z2Qhm+`n7?J`=48z4vY+h7S7{E?20AKZpGd6~^wbumEUnY0*1
zVU8gsnM**nT1BXsSicwifcb}*%F1PG%UXRjC^5J4MsaR9vh^Vwbg$UqwsR;lgK&zJ
zVxnL?HDR((=t;E<IgY{Mc=K5wFd(LEu^n6Wr{lE&V<^qRi4lg*Ia7xv;FEksjzvKl
zNlFNhRxE(-?{)$5d4$Zu@eF4tO(LU1(uAqU%Dd%qAyl$#e^3Hl(6@U4wFGh*7@3&u
z5RiqHRyzPoaEND%r`goxi2M|2Fy6;<N&n>`odpAm5<qS#ZX|0oThN3nHQEnVodY64
zBjy335lpQGmC5o`l{v{f*i4AtAeysM?s`r7P%LKI?b=ZQ+#qeV57wi3VE3@O;QM?=
z4pok1mCbM@$T}gM4ahESYh!4ncR(AN^xOGBwx?(RkUj?D_|K85-1kzbK9;-VemFN-
z!suRsKoNihRV1~Hf^|YAU-c7NPxK{NbgS+Of{Hxx)tb=dT9;kCFvd1~m)O7)zgx`C
zl%HE546r30N=<|TOEaKn*RzzNMSGUMfuWdD0w4S(XsPSw+y|>hKzciB#x85fHNIp)
zKrv_Ew0h8&;pFDx9a?Lv8}%X%#7GmF!1DfFd9Yx3(0%4J$ICAC&+4e0M!DRS3vEwE
zZzJ8pM<^>a3^!Q7Fa6b#gC8z(d)b=yr@{vE@pSyQ{RAQZqR;4#t*Y$<&jDx#K4FNS
z3HDxJSP^r5KT*g?vxUf$?P-7s$uu&Q0>3Au(CnT4cO<xipKxbDEMn4FMalD^dZZA3
zfM^Lh<KF@2x{pbB4g}l-xQ-M{g%o|dcP@PhN8V+MwUkgzh0~Qkrvm-m`UOOaIY7sm
z&EPx)2U;qxh9SYvt*J4gVU!0ZqPFOX@p0LO@Tzd#-;<qv>MDkX?BXEAj|Cb|hILjO
zILpy)#p})C==+a(hGhc|2G2mfBqCU}htp#Fc=}N`f-a&{Ah6j71|$%I(x~BywU%g}
zs0MmnVh=-_T>~~nbYWjAa;vm>iI&}g+7;CC4lR_)-+mezq^V~1xncpuo5lvl7Xz(9
z`Ba2LtJ)&0-ud<g!QDVII%mVB7sE<u{(7!1-G9_5^8`0b8Pfdxv`jtV6}#8OGLA$M
z`vl4iu~Em{@Ro_XZsv&LvLpWF$RDM#9+E|Z!@<>xQ2se;k0@X;$|z1-Xi6-H%vZ@m
zMa3#6G8d)6Tr3v=KI!hM28s5)%aj$)twDT&Td)$ih@e4*l}E^*cvRGj7fDIfQn5=2
zllu^@I|ymL?f}<kH|039V~R9lOc~U-3GX6Sc*$flhh5%+kcL)Uf_VPcrg~vOXX~U9
zwT)<}Cyed~t=J8QBxRFFX)6aQm7Q*y=R$EhZ)#HeDNM%xuySs^db-azZ9)&kmkBiP
zXa?Y-)+ytKO@$~LvlhkAHbAqK++iflx3tLfR+qwJQr?1C>p?u3h8-+uWPL@F^%Qf#
zXp0-Vn^0yz%m0)J_pW+FrxCLd74{Y)EU$nhb-)8<Avx>U7jA)BT{evGTVW4eiN6!W
z16KV3U7H~V!sbA22)3}Tyon8W-KsFy){p-Qi2VY24n<wb_e6fj0JIf__o5-z#8EN3
z8}2lE+ECPq0UurGpa4iz7A!0YQ%sRTC?ak5v5g@}oJIdS9GDLJW@GhNIgx5lKX8z6
z@7UQU<8?8s9#zsE&hEZIySn!=SQOjebFBk7W$iX}Rep`2z#>{`KHcX|NHto)|3eMd
zyYj3k=-Qwl>sOn`RQSDk^|gHHM`>%A2;Hp|)y)Egvf`gw482Oiq5>Dl|D6h41KS4d
ziim*`)obTnCC1s$xT9M$u0<6Ynk_rYTdk!w7OYOmEda8116PTF)utID(EtQoG2M-z
zU4Tf}yP5~#i>AX?FHl%_JwZZ_;4vsHyegqD#JWOVN2g1KkZfpcP&br6CxL&~hbf-V
zz=?NQ*Jjc=_?Ywl<`b_#F{$+Q$8VxAl&B-h5}P`Nccj}$qB1OA==09w)FG&LH;S(u
zRb~ffC9rC*j(CXm8cS`}gMhy1L#HA`SgHBqF^uu`efp$UG~2=8eF&Rfbu3G@{=wB@
z^a>yL8s8xdWKUL~WsFD2AZea*b1Vq41UeI_+THun&76KG^%HA%2*D?^wj@gXl@)=g
z1%7;Q`_Ohe2tt2e<l%#FrwAFNTVAb8y|@)u1AUmtRg*&vFw+(j?OA*#tNzFMTEpeA
zBW7>M@5jH>4UthaMF&KW91{^i3h0b|QjZ-+vdKJ#0i~L}@>A4@PB)?AeAIns{x4xd
z6-?xjch+X99A8DHN1f0w+Yr$MWJYiQPap`m^FVnTng@THCKz*gkZl56xT`~Q9oy99
z+76U99d+TnsAbsPXRhj>L;HW*F7D-eGU4d~86+Sq(}F!Zpu`L}FURPKh(DlG>4dlq
zFN(OuMdN>9-|Qx>tc0J?Etg#o+|ly=#3n5w!3$F>sh}Kf{x)ya51o^~+r8MynH808
zk(V$jP`@W@Px_S-&5|_*=<jk%slh(@ZRa=Ggf3^fmEk`(63A;kh%H^{x!i(zV#>XP
z5#_IV3ZC|xll%0y{)NU&Yx%f%M>^6(I0g{&SIHZvMP`ab0QvW?%!@j#Ac)vL#%T3$
zoSv=c`*9H~Q6ltqRvn;5nT_!l0~%Wp21W1&)K=Q5e&1T^+WcfL(T!xF7y}USd9obC
z4BG5(s|x(BwgqqcvfO@gR+co*mPBy`3pfz@=^Igc_!EuFHc4Q&yzi9Pi)QI^nItgZ
zC2}GcwoHUFmJ|!pqOKHU2R&}Po(s3M!i`-j14?3!m=BtP_fF1G0J;llBO&+<_nH5o
zC@!JJ4gdiu_E#lUiAwzs4DdiiBs8z8oH5Uu+qatytS6%4NSsH^%~?!k6PmlfI&7wH
zzzn3;^%tYNv{72be(3w(B(v(w+;TgN7Vo&dtb+8zT5v4!94k^YhGI|Q{M4*Fe$}Ng
zVy@llu4J=hGA;s~fhQlw^~1ImjHeLE?w2Q1e%cc?`{6=eL{c}pK37gbIw281+r6Bf
zrKgUvADl}&&{DNg25XF^P5!}5c@w%cry=_sLo__vrNC1m<Aw~(T|`E-VWHgWijBk)
zGeoe0cMnUtvtB0NvzZW%*^~Qvpcdnf6?sZvrra@LHS(i>6rhnva4aIQi9(Ql5n&|E
z-}|Q7zLbL8JR2WZT{L?n6i52v=L}Y5I|1;dSQkw8#VF(njEcBxzt$ZB1aSl(9?m&l
zJB`W9^0ax=4((FF=X_)m{P1{JaPyCMBqmb?&`qJF!7Lcu3QTo)V>h`g;1`6L1}(CC
z^HRVUa{_x3(wHX}7|oVpROUmh)vu^Br4M7vIVx(XYuHXxRY6s&v<^IbIo}<;xng*`
z43KSYfg?#dHZC-qw9dJgn4Nidii)kUL!%ypBBOvZAG~fqW8m54f<XlE?MUlFxctqb
zf&voJ2Xld#LwW^PT964q^cID58=?<x*NIB(-4@m8PLl38VF#~77-6pmQiEeXVh^$?
z6fpvCWw>yW$$-T((sDIx)J-sWe#gqDSyNV5{1+<=x@VPB^AQ3Pk?YU{wZ7SG&de<i
zBMTaTyw7Dnkms)hR;jS@rshTAN|+VH+4D+AZ*rYIqz_K+EU@q=V}pRbG<AMn)#D-@
z7FL2xWm@f|e>?vSAi=b)Ni%g8g&6u`S_nqKUb&Sq&yJhCzfbvW85xerSu2;UfE~AD
zRaicZqaZ`&>!Y3Ja~O8*^G@0xYBfZUBQHOR^EhDGhC$!RXEIBUo7$&{3{z5Lw-Nr*
zfILl;i8!5g7t2_Ic44UZRT$TzJ<=u+ns}^N4n3GI%oDb?p^#TN4MEP}C?<~PP0qIu
zWbi{8EflGqG2>p$5G5n`jdnxs>w<eEE>yge)d(nEvlV*r8DizJ9jYFZ`UR^pj4eS(
zORN4_yezS3E5B@0K&o@8MILta{<G?z!Zd}(9a;ci==D!!q^c=<2^W|E>0`?^QDZe;
zOVSRiNd2=kp1fcs%KhOrER8B=dX2aiR%_x>8})tSF<id2lZk+jD3rlX`+DoLx1E9f
z5ggweBnLP2T%tzjm(r=I;V=@ALp17Ql!Y138<u1U`vE<Nfrkm%)nVIh>8`?#;F0C?
z**G)Z{lqcy!7VJeq#m`!N;2ILFvb;24(l|<3~3<5$#JZRY=3ZcqJu>R<R=`?Wdn4l
z$#nXNI^5d3I5vk!A^W}w+g62-+hBgfT%@ZWIgqFZHr_{4XFQeR)8sVjVY##PH&T+-
z`{-l@T$HxS2nJ~KQhepeJT_@ih7q?R4SQ;)XZM_;)(XDv-9Y^Fikx6H5FkVhiK30|
zS89{f8)2~E$hu<SA4dz=lAXkzLKXDZFj-KaIhS}=D?KYFiA>#fh=H7xd#N<&IjO8N
zZ_5bn1N^6x_E5qi3c?ZS_V%!};cE}r3I3T8#V|i=df1zYZeGxZV4eu`Ah+j0l}|4W
zbar2#yZ7Zu(=W<wk8B(f2|pgtfV-<cQ1g%@N7UeC;K?a%-};Bh#2Zn(aX0?~B971O
zN>Y_f`@3rsD%m(jZ@*xU#XAUsR5Gd65T-#~7Pcki&QytqRyHmtUMnC>dGdy}_s&DX
zyZ+LWS88X%%r*`}eM2a_5m0tvIKA`usVc&zy;}w`V^XCXc0}p3E_xGJn)ka{Kdx4C
z>l6Ro#<)`3ooKI};67T~!%@YAzpQTE5%tERM-d!UVq611VAQT&J+-I3tiEFN8F8zS
zxLq^5SqqS&ZZNdcdQ8wOjQMQh1||*P>BE3i;@za%bR-@hRJ4m^y(V1fyuf2vuXgZ6
zl`qZM6ne4inv%jnE{9o>!84O{H2i=>K)DzqXzJUL=|WXsdZJyAH80|{c`AT7q(TE-
zdjk{EQ-{$)Viyh%V5K1L1g~YuqMQ5BFIR)I@>;0wsTco%RV*C6U}qvQH;a77^Zp(J
ze32BCv1Baj(G94jDSzbfY!)z`Ir%7;vXJUgl5|mrw3R8A6owV}_{Voll?*@YK!_ly
zxB2%;#$HaoWFkk$=*ps6I7Ju$#r$dT((k$n#p>+)hYA^{&mRW2!Z$ubUD3#2gk>o;
zr2RSktRPWx5R@jPmre`?NX7gD61#&Hn;ZVQ-6g-!rH2)1b<&cV)ruuI^+mH_fhEBn
zJUBh5bYZ4lPw|9h7j!dMosWua=ko$aY}9ub;{I;JzS+@O+ajyKL>oJTqgiQ!wSX8c
z%WPuV92%UQPA-?>!_2xPDU0?6+3?O<>g&cz^^eB|t{OV<-XJz6w5@$Xg~!20D1RbB
zy9&_1tuZ@wZcNwSQF&Cfiybq!2u(Hdda(BfugaSQYTaqpC$z#`QA{Bb-tN8OXEaQJ
zfSJB_P;fqwcA;v!YLzYIifz6wUmUT6GbhNQCVg6-Tqe#K<^+QSvJZI5mqyo7UKy}{
z>1<M>n-VY4Ka!~Wi^D(-QJx|OE>2ne86ZwyMpr;%9DnBcgW_Z~<EEu-y;_ymO~?0O
z@P(idn+b$V6rs3m3SO%KH5E2_<efyw%Qs^r>y`bc{~iX8VszB3xIm569<B{<qLN$*
z*+xM%wsCsn(K{?=__S^{Z3L!SRWq={#exujg`&<Kq-6LK+b*HL!~5&<dg{r#t3>Ap
zNx<awgHoEJ2Hsl>$^H1A>|GaME+$L;p7UZyBeum3YPp?kk}rTY{~b}L@63e#+k>1)
zMDVXwWlNR?)flofQZh3sHr0Ey=`~=1AuAq@N+#2M`U3=BOWyXp>CKGP^LAra+#Uq@
zf-<fyB5d=%+1~;{a=`DJqCRYRqr>FDSt>=YvNMk4=4&_-sY>v7+bs}^woTJ60mCP#
z>NAN}OXB>zC>tM2An@_R`=`IEtx&1$;v*v#W%-V>0EJ#mf;A9(Nwgovlf-e)r9u~<
zURBm74uh8Jc#JWC?W$N6+-D-yn~|oll$z<`s`-hD{Emdi2O|N4vn+8;RL+f7fuuwg
z|9DXl10WB97+C$X9Usx4b924CLOH#deT!OdMZHQxrWMn*w>l)aqkFhLI>nK{{3qD>
zivhRLH!lq3U9|MIGE9q>ZqT03{&I29AmWy!_DT5V`QIA;YgDJJJuDEjW@+)t8p}To
z%-r%~oLIrT#`8k3+iDssrYvX?r-f7pVV{6@0ImAVep}K9rRV=LfMFnYt^*pNRPvL=
zC6n@UxojZqH;%THXrE*VgIek~1%aB3<aN6ramU8e2TE(3-Cu&NhxIQIg2gH|i`MLM
zz%GPqZ_}t*<whP}tQ;(xvmcuT6KnBjQ8iQIAeebQ=i|WrrUl>U#K|4i!JF3jr**A>
zw{Inxl$zoplQYnH9Yw6t(gm_W;mWuoVd{9NnnA_`aCuJQh6KZ*AmcvaCQLX2pDjid
z1U#Ep;@hDSh#HAOZVR)%bpc4f4d-1Q_>qVDwsWgy2l&B{rU7ituOq4`AeICBr);kP
z@Zkvcr&;GY!NO$dS|;Q!OF=m@x5dIcH0>cET>AdCgree3t#xBo(!b;>{ur=S@Sxyr
z>pg8CA@jj+fze#-OADnI4z=a(`>B>|F;RZb%xyq>27Xg>FSUx&P_a)29BA<`&hwZZ
zRLx4G@!uz(AFR%Kaa0cEv@AnTzAQpQpZypi$91zF`U46c6R=0q9VkzGdk-{}5*tom
z&ej4qOmx^L{ea0Oddg4B`6*Y25Pu9tFhR+J&xdm{_nV3x2z<F_L-=KlXT`q6rgc?z
zt?P7Mi3ZQ~GDBbl;`t~ChBf>-f4zhk>?k6p5%V{7bNI3&RAn($032>C%QZSQ_@JA(
z^w|r%sLXkaIUf^0OQE`yjQvk^4A3#|r7Sg>y8Dc;%I6C0RNxHu-ek#{T&ohvCA94<
zy4$)#pIA3n#SdG_6+GB#zmGu#;tA?`7}iTCY+c<#U|MVYu7;P5i=9OvQ!rK)fW1yk
z@&a6W*}m!wz5Z2AVbHMZseTPxq5x=I9>asYw1GO>AicI*_{n5h73mw^c47^O(vBmj
ze`wkM@ct^AAWkJa0s^#8b+Y<vFI(B3tE8=FV%^oA%01R9WYonl@p1jzV{c>_ZTQYW
zJz0QI_lKW&x?i^^i>ZP9(Jj-=Yj(Z`+yGth8D<=Dx_gOLiJND>76Eq&3qtN#$Xabj
zKFE)F>;5jR?ZZA?*aqQ^`?@)~-S7Kv^x}Ana<8(@e#KdMpCnM5mEPH6NM-qHtgo#P
zjfoGdo`mkTr~#~3*ANa(mVOzf{amA)L0}gLFD+{(gaXd-4W)zC<9L(I%1<fa2GmbF
z&^*&sM3h|hj>YAFnDylsFO+^5C+muh*&)fReKzT?9BMCO%{1*4nrnVC8ah)G*lqIt
zeC|xfp<lC?q!Dyb@mx$z$1hAJhSXDHil`B4=0UL2(^3kksADUaAeW3vME<%|0F`ew
z5w4~@PAV0aAY7Pz)Axo0bH^HwNg|#>XiH!!^Rq_N8)`j`I0R(h9T=vmb)_z$q*5R+
zTh!-s7Rd?~4>yh)oytI?{^c8X4{_I<!PXZT({1%K9l(js+jN6MfNpYv$@qEPXjAn<
zS8)?p>AAVkVTm?EB1yH*j!4XpLj`_dJr5dwRVS$8$S_Z|Tz{Tb>Ztx^j#&SYB;p<6
zCogX1IByS7Aa&&KGF*_a(N)XOe{l)1rR`IVVB+24xHjab5$TdYiK)<Dvs2tP-)kZW
zS>;};?IsXA!(&*emaiHcuv9A&IBqz!%vrabikn-U>ZW(*1@jGN?Ia#(P33c-1OT-R
zR#bM4EAXROU72bhnIFK>g$rN~SWCy602eFdN5c32x^Q_(B=ONP0Bcw*M#pK_ml*?(
zh7X9(JTu3_H)wgc+KYC<9vZ8184mN}z~~N{n>t&rSR`I?3At;dq$OHpmBfk?2~Yt@
zvyVl6No)SYvIu892%OVOogh-5UQn;k@#^G0-H{EGM+n@QQ=PyS+Kc1!Z|Ore+X&z$
zip#||xi06U?_H@nO|7QMX4j<-qTmp7>un7drobQz3D4t;HrV=^+LslcTy7>VM@Ep`
zF+xgl?DpSa!aTBZMX(GXv%@JG;yxRFnA04pnt2sXbKIuVcQ~9#aPkSo8@bE=su}ef
zNSFw~s0*b>FJLEFCet<1np61%5!23=PNQ?GHiBh6Txm?oqE5l0*Nf6^IsvS6`7nus
z-%zIUxJ+VrrfVX6U2D*#{@iH9h?M<_zq8?JvCJQv1yP%UgfdO~v*9c*msb9%mdP`1
z%h?@-aR&)WijkPmAN}CEHCLGrUD@yr*wIW$gMA5$aN{5o-DR5Gc`4fvaPm<hA3#x<
z!~&dzo}a*iEOz*3^y8cY3|AM2XA4Hu`wikcEub9ta|o_{bC3NE)3rbp_KIN2uKpF(
zA}8+8vbQ5r(c~aIMNIn1x87ih$yPf)WoWg0c`y^Fi<u4g{c1CuuEa~3Hn66~?)$M<
z&ACWOiOs9&W1HrWTQ*_*FT$bNEN9oV(F!D3@Wn9rm`Q!7f3|EwK!5nUfjjROviCIi
zVn9L9eUFQ0NR%qayu)?K!;@-aX?OHV{H$8+iVo_ycsVU8vvw1dFgJz*!wk65kecDS
z?w_97zNtRoxyf1g!X%TBz(mqawhf?f$Wy~qbaeb7b+yq|eKE8-C>pxF?C*Hg2-sPT
zc36aL(S0t!aV1(|jQ}zXYu+gS;@X7#+a6yK9AW>ci)i~e*!6Qjm#NhLaSRH9ciYMR
z@I{wnNp&*OI1Y8RB<IUr7kWG6jog#Odrj^y*yQ_u_t6`v$n^ZGHT>{Grn-YoEVJEm
z=poqdW2kZY{79@dz3}#Oxw~4Jjk#^a@8-?;{Bm2>%81=rt>I}W4`vW!VgI^7(B)4E
zmK1FrO!1b<`#g7f1rEnPbHlU5E>*>l5uRE3LA;BkMP#CKH%x6FZc5>9fT*Z&pImP%
zY~5tRE)w6A?fE2}@5bDCx1EdJ0mLbt!A<^bNK#mk8W8s8Z^*zIRYvr4^b4oF!-vd=
z7H<}B;9%JqZK8m^+fEhri`m}Vc-kmYK`Y<W2&r7Y(mm+6`z2y1ZNVqRqesNm^<n?#
zOTy;H*U5_uy^9A!QPAv&Qfi4D=F(BCpMq8@+Ia||gD{rav(%l)?AR_aFvJpR%d6ce
z+n);Clx3_SAVI=4xzSOCVpYZ~W6Z}d=*s6d<%o4zAS|qKRbZw4wLr2lQtx#;9UTWU
zD!c0^cJrs9#qe)&yYxSB-PkJ73=X)F1%}eT<U*d(sHF-s>1!y1`HC>=N>>s#>jZ<*
z6!qv7>L>|(VjpzWq7CGgmKmKl(=-lK?j^fFspLm%>Ll}$Od%QSAn~=#n^G<TmC2)q
z4u3O=d7z;y32N`n_f#sZukl&LyZnCQc2#g)q2}}=06HONr#q1pOK>yU%ion{FS!|e
zF1tbJ!LkmG(Jt;TR9;8Au)%P>a8SdWxePdqwnclT#^`iAGY>U@T&2NOF*Pj_hP3t?
z8u8gid_8M3n)T3itr2O=pX7__<`4#NN*+`c2LQF{3HibHzK+~OWo8c~zP7)=W_<x8
znpcsJtQSbu$c*e<Z2|Krc5-pN-$1jWph|n#BE@YCj=Le_>iCBPbQ;8NF|HsxYfdBa
ztF&gzh@L<0BUP>AyRnC$)>XysTjCHE3+08+i|5`!@KOoszj5>xRQXAQx_t^m^~q@c
zcubp6YWhIlCQBY@bFVSHZe$>Z^tx;M1z`Z@MaPu|KoC^()<>=-e~(oQT^}LkDA&^V
zuadLPvAUzc_BO8W?J(uY4bO{AW9K_Zm=JxV?tpy0m3COBxaA}DCfU~G*BLggkXYP>
zY3^f~QDm2lo?6pGNjyZflaRyYB<x$hXrME%W4MZ%S+qHBG?JtCDh6&RV9t+9$mW}l
zcR!|r?PHo|qS5K5Bl58G6-kF;<Au>03#N9x*L`j_dtThBrvT>aCi5$x_Nh}m&)bR^
z6Avu*u8B)k-Wb6OH$&NM^;0BPGY3-5K>CfSFtT8f8g@zh%k&U%QKDE^!MWSIB@px+
z2Gt;zdO^?ZZ)36m%MVxLTwuO!6_;eil<Q_i_>PVsq^3F2Pets1lya<_<P*&S`U7E6
zJbbw4w%=l{jqDOYOpRg^ub6;f)BhNXs*fFRaeM-h8Y!F809@Ggn%Rj)2G#C|?Y6S@
z5>HrT!8IQ2dVEoa=-Yw<gB!h3;81|M&}51}oTM4+c?FLn_g&pKntXs(?p*?Mhs2HK
zKXBGP>l-Xrh0bxPsk$J=9`JrW59Vs|`t2hFd{rdNY*Qe5*Yy-4H524ljSV9tG+Wtu
zR3Br@z_U?&RL@WOdVzae!UWW?k%{?6eG@$csdGbt;Nzetc?9ny_Bx$|T6W-49X09^
zZb^21ffNS2E|iRSGW}Q-Hhl*jx1lqh7eBu2r)b_Eoq}d$V#N<6B)+%Aj;bSc5yTs(
z3g7B$@0Et{R_baVaV=SZQGLGxQuHJ#mPdqBT9je58(T9UfR)62(=hIqMZdzWe|T#0
zi)K?_804+8d2dIj;d)V}V35l%l1+=e(<Od3s0}6AJHVEDyDpJjHiqQ5T9<BMSx2zB
zWw&ems~(Ro#h4h8xVL17Op660*yJzv>;&Es8xq7n$h&(EYfaJT*Yy8`1leWmPQ$8V
z?Z6nhwlMcgP(P<M&rJzk26pCxas~(*PGPD8+DbJTr((EILDV>eI*-4TpcNkmaxL>`
zIMbWzp*o*&qAR4M&@QBgYXe2zKJoxDLQXM^bR&tIGCPU}Sb(mF`^o<+zALg6I}3dj
ziVx53+#AM1CoL1|5~b{rGWc!#>#LLR^Ox%U|C^+_9yVEj7YG1=>30_P|4q{D<ZfmB
zKX&FK<xQJSdKm9Nb-oCX*Ap%W)R0!_GK#>UE&BXSdbJTWWP;8N#Kq2>m%C!??QN%Z
zHdj)_^Go{#@WVx^)hMU_n3K&Dc20-}LrUdTHLRH5J(K|yqAT*s^7*Kfw>j!w>As(F
z8m;J;Hj`;W0QpuSzl`mUf>!Ou2^-Mc^q{&H*2K<s%-9ClgJ#BGBoyK}A;^Rjs%>Iv
zllQv(#4InJq~y(3WrvouZJVxY7~>8;o$?!V%>WhF%q1iih2i1ymN5dH7m@4<siK<N
zozQ(G9X0ObIt$tHnEA(;ka4>qC?v#DxyL&hY=qI_`tVzmp$|<f6Y5Im*$()m2u~zw
zyHsCgP(S0?p0(V~a;N@Kb;4;!=H<bxWByKm+h+>OjJiizP`#|%Tr10u40baOZBLhY
zUnSt0UqlbwanPVs+Yrc9>d62?xIy1=m@52$IWJW|zy_#JoA62=Jcm6EPkAE}`#~2#
zrxu%8QJtRK@x&B!pj5c<EnZD7R7<g6wJlHhzqqT}x6MR?<%+>MtnsrGAni{&f5g6E
zI;-P1#sxbzDF<(3ybxnF#gFQ)?%o4O{}eo}0k0vVT>R+EYv$hW+GEd`AbwEwvq?7e
z<lm!c<nt9&vwlJ<Jn|e(u0zhP+z@_Bj)@6nqFQ$DJU2hgcK`{FgLQB#9xLe{VRH`Z
zesLq+GQ+V5Uf`m~RPvDnr73%^us>pQ@@aBD$;tDdM=U#$ZJj?d44!<UtK4O0Wq0-5
zfnRZk!Q{T=dQ*ua{{d$FwA%mbi*N}seLa~zShR9i9O`G*k`BBJBk8ABrw%mo>Q<wT
zRL2Ni?FB==#(k*99>X_a&d~%^oWn`rDROgdF?O>%J#*y&XbRmjy(8|DETAVB)kldU
zbHb7)D<mdQAlH!{iOeh#2ir<yo9T}emgke_c{93hGYY6IR1pgfQ9*!=@s$X`Nyb0%
z?fhi>|4CQQDUgFP_}dZy9OnPACBXmM)np}V+Gf(DjP8<MapCtmG7vM15G-RwthAbM
zAFrng)des#W^b1Gyx=C1mZOwcPy+Vs@BZNA_MW(UuDff_iI(w_F^7eL^QbnTs&c%&
z6+W5{F{M1QTqwbFaQG3pM$YE`<0@V)0j<MB@<>cv*&u)x8q|!N0<rMJQ^hJKX=Goj
zoP)tq<FQH5#t@Uok|gzTAU1mEfmvn_5XyfQ6|{{-fW>XZ=rteKlVu*?4NR1-Wec25
z#zBw|mt7l#AjvseKdeyAP{#e&U5Y%?-917!!p1Qk^`I)LU{@VwVdZypi}B$6-nwr+
z_L}aL{nJVBgk-S>rP>Eg`K>1I<Y6+5u68e=<`L3<xUep|#POC|Vy=J!UoQ8jq&Sy2
z(bG2ttz0)n9#O`G&7NB-cicb+x~gt+VsY;12zoljNpfJ=i+PR?kn5r1MqPzR0DKE5
z;_tzivLvtlKMQm+b{C)OB#qAK*jK3_B$KT@VvJS;XsOeVtgS`t$Io2(<tKSYZp)tQ
z+{elJ!`&uT24Jb>FSKTB28b>x7G|r(^&5*9)S-%IcCO(@JCliXA;6HrNQN|g7e+1T
zv7uVB;Ld0>!InRp+lZKA0trL%f`&y(dR7!T32t77RS9JK=qvF7!8jCaJ%7oI0cFVK
z&&fydwlKS=``)8rtmL9z1Khac?5587{ue_3dn6@W+62-g1l0zx^XpsRqX<kK5{3~z
zscL{GHMP#tMmIbUiLd(-ME!f%ILycEdH3ONHr!lFz0q`8KTa|ol=H-UU0pd@r&G3W
z{rcp35?ak2)z<N8>ni7pzgD08f%){Zu5eI9UoD~S7~KqHm+`5%dt5@9@)XPloX}t?
zLdrWJ{;R$K6IJTrDYybg&yw|zFAP~)oR&x5*sp=r&m-+`mYt?)9yD-LGhh=?89RXz
zI$HMe0)VkKfHr_qmYrwn*_AeCUKMN}m0tw1;HvrQ#(#6em4vbY&KZ|xo@`*`mZ<0S
z-3LK)>G<;Ic@gY=20mnTQwjfQuu`P0QI_KeA>?#yb#NL`62b!A8HN+l9h6aKEzd|J
zCdSXEU+Ku)zZ`lpp3^ML$s*pz&yL;fkU@{}Z%5Y#XN|I{K}iqxFmzIqE9lo64KMfW
zt)RZN{;%`i|J?ik|2_pkM&!eBr~m-<DgTd&&-j16K%`<f@exLElHYL=UN8>1Gnx;o
zDyBuZHJ4YfllSbS1_nXzEtYR~>KkQMCP*|U!MOWw_y%DbKLY2Cz<J3{p(hfPkm?qa
zCu*SIA4VPMi;0ExrSh|b1MmpuKHf&*8@nGe{{jmKfM7#ujIJF;fvN{064=A4WtC^K
z5gyd)HqN;r7`Kj_r4*k9VdhiwAUgO$4=N`o)Y&;$_KhG91)?E-!8cn7$}!!eWg+@B
zT7xa5gCSBCD|5U2m5iFoU0HFjU%+_rj}0OQkF^c?z5ai8sVXTdaT8E!5MbnT|Hk>r
z<uV$?omg|&3ppq@H7MH**_GGu(mph5s^a1gy9=3_rGI7r=2bZn@GYa83;5h+y&$zX
z`&Ia$UQRz~tu!R0JU7ejJ0+Uc@K#lsrwjGGKmB{>X2vVEKt_cXQ*i<9bfR6R^A<8#
z(Fkk~e^Y?~s1ujlZw1tQXnEhY_P#;u)`=O{H={}8lKR<Y3!1L;{QG=d62#5!T|K#e
z#4@P0EJ)JIxeKFo+$pVCC?|j8;)t#F2gpKOY%5@;CguLV%@4o6ZT^^8=+F0WDgXKT
zzYNvBios!n^Gfc6M~E$YgTVpjTK7g6RLAdi2wfW^vGp~Qn`MqPm>=}*)GpE(Oc8Gx
zvhaR?9{u=uS*6?U_4<BX_5FTX)a~^#`{VQeyi4cnli2IS;q`i!+wyb&l)C%l?fvuo
z^fi0a>$CQ?#rL~FSwvS@rN%4q=jXfY<MHlhHka2&yS{Q5%b-`iis;#*-hVA~_!<7P
z@bPp0>)Y$4_Fd@v`;v={hTCVU-+9JBY?UK2`(P$o@ML6x!!&!hC|K-drp6Jivu#Gb
z$~qQGx|NRGJ>L7VkONxhMQU|>@B>z9>&64vZZYV4+|0|xNC#dDy@jD6YE{)-|DqXq
z7hnsI+i72oK7Pyr8CM9|KjM!rKmwo(W!fo9hPcKaDUcnuk6wXezcAsXj1!y;2&GSw
zW?iDZ4@KH3(*Fb+^ma+X(#ozVc~yei<BKSs^nGg1aPcI!<yeKstt^B2?NIfvLUL_4
zz}QgpvR@xm>`v(@v)0c4-H>Uj7hiLKV>7R}a)iS-9jt9mH_EjDp<iVulBa`9n)p(=
z-Bv<e5Iq2jZmx;Oz%zuspMjs^Kh&aby+%Tj!9V^xE(Nzp4uO`nojY3d;pLqRDC}*?
zWXi=OXTLo2*Kn%iP`f>$gY9aJ9S;bJ8K8_VPxMPjTZ6*;p&ZCB1Zd@T9xMo)?hi2Z
zHQyT~)7<|2X0EAPSo^n^pxGsm7zi?|bNi`^7-LmzZC46)x@JO7I-X428;JbUg2ara
zn%Crd17;hRK)x<j{yE+H!BJ*S+|qEG(-xp}dqqb%^_85LUtP7Z)BC`m==r>&c=!4B
z?~P1T0PgxEkKDS~N={3l_SFSd)(Z8*<?n`EtzOGGPk2K2!KMg%R$#g9Di^oUdQN*l
zgzZhaEjlxfs*3qdAPciQet(CmS0_Yhi==nw&c1#nup?-4QTJ|FtDMzQLwmfgGrv<t
zV4l>!y)vUG$|>;Pym?^I;=oxYL=t%ir3Meg7`(EU{%p!T@D>Dx@pG|^WoWDos1$oG
zybmxLJn<x);^PeV%2ie*P4!3dUnNzOWp<1;2g#U!Ip2dY<&j9ljO|5(2JMq+XHRkQ
zdN0M1{>iK7$?p%T+#$h|<9a6vCkc<ss~02g&#9boM(^l1qB?@2?(*97cx%Ko?R=an
z9H`1OZm0dj&$EJ4X?Tw}dHNqV*<K}3GCAUI8>;^w8*xGN$QZ$2lB;xr-}ca%8&Ju!
zz5b`&o1_x`SG&1Nt*hH-19E!cM}#f<Z;bu<+!%2oN{#FxJl{n_B%wIyX(G&}8&70$
zuXMVnDA@VA1D>^7%{zE|sXs}bT;FRwO`q<MIN2@D(Verq)hvE!@&_b`l>3M{LEpE#
z{T;oj<6&e4r?PzfaEjNNn^RFayJS)}yO$nV>`8ctv@@%8D%ZKGTaPfR2>rESe@xyC
zdo%hogR;N}4#<PR@%HcCC*>5+{~-`5hlohBfA%{>h{N;OI#5i4pUw)sz9Gj^eAN*I
z)*2MMo>wG@l#ZAim-2#x5NCr@dv>0So7(+9J?gXa`$k&B7aVy`ck)QTAiyU-;UL0U
zC)b>u;<9SSOF#Wj<QD@EILa%pigP_AGWg^w-5?>$Vk%CL(5u#~G`2G0=TPQ)bmpv(
zyrzeB%9eJb{ChR~A3~gTsm(oE=y_Z!?lQMm!}ER6=&4}I&hmGFjjeby_o`PnM7ZhX
zcen09Ozj~u94gsgJd9A7nbFCwyw+T-6WYA1+T8yW>2U83e6t>+z@hTd2}X7t_SvC$
zyIk)lcKSn=qZ1_LSe&DCqvwO|2!*QZE3Ms~w|^=~lFQ%8D)GpxqSXx%`cG23d#67w
zk|Q{xlCPxZ*W+4cN2(cGnZ$m%lr=g*M2_azTgyZfP)V}MBp!$>KCf7!)`l0M<w70H
z{l9I-M8Ol+-6~%Hn|UWeu^xO}w3XmolLH1%G`Fi50z&;aBQt0Any>JpUKJ=Y#;I)J
z4-q;@7Y*tGZfL~{OIg2{Gy)_b<mjJJj@*H&pqE+V11^ano2-UEkl((bmgl-QHB1@&
z`<^#2ei~s2NSUsXzpOP^La{I4sBF+r5d-SL;b`LrmoS<`S<nBU1L^^irJLt0Xw4Rt
z?(`5XNzk$m)$mi19SJ7RgJ+VPbc5U5L83{CDANP-GushZgSpLWB+1!F&3m<Grh>`G
z4QEkRYX`#H4OC+#OH9mI&~084#@uV#eskC>wWXg4HZ+0zS<C*3GAoVB<*CeQB1FY;
zzk?5Q?<C^C1koz5T;;+r{7*)`8-1UAf1Y(J`%|MXu=L$!&P0UkWa7RDiYzu6Wj`>X
zd_(;Y)qoM`sh0X4`u=Tw3H0ZGQG+{X)unXqqLh{?H8(a|u+U!%!IdUFBX!)&|9@zh
z<9pyY-YHOQ{}uo(`!hJobfkjKQwMs9Qo3YVo&SOY?dBAB>Xh*8vA7|$^7ms7c(jxl
zm4z$Y^JEmafe}9y)`wAlZ9Su{+0p;77CS(pO}5rTm7PMhJuFC|Al8@$wax(g!>mez
zqID3h)t)6I${#yLp``Ui;{01UdZ3eHeAF>EnNj)8Y9cCo5muDX&qc;#Xb(^}Y7Q>Y
z&3SuJVyOQu#UM+Ga@Dg~O2*(wR2|%I#?aRtc`!~WO+N=Ctx(GLUMbYp+F7yvWm1-<
z>IceXITo9-L7m-o35q6JRqO=xB7}6=RPOpA%#Lnd`{80yymM;B7WP9voV}zZ$P0Hu
z0e<wbVDpoU8f&Qx@-JCP-#*~qTaxwp?I=s!*Q!l|R_0{Y%8W(Lw(dh%Ic(86!5Awk
zc0(>j_0Pn{{%!ft=WXpUYOAHP3X~;z29I&yDu2VhAcZ5#ev2|mTYqqbO3;HR69=Mk
zpiD*oUk~*{__oTw>mg^M^J{m5PL3?lEhul*OEfyzv!^8+fZTOqWw@({+!lb5tH<!b
zmIgP|P60i7P|ZrF5fd2_RIqxiWY^>S_p3y(pe@#D?;tv25?hv$Yk2ZbpwRw5%hGo%
z+cpU7wA6c0=r3=v!ptLE%POy)4HcMa%XTazN4#JCP{}HTui0J2$<=fv3KuQOCwJ}z
zf_m+9;TjP*RMD%pCoIQ6nKK<rFQ|9C$@K17#f1~iG*d_14&sJ)VNDj>OAOm$#0S(9
z$>hD!c0NxYtb~BqRcYlEH_z^!$3wc-)J@oB&WdwQ8`JyLxHR*=nc|`5%CZ0|&C^xc
z$}G)D;BN7<gtYpAg&MmuXXFU}o#pHUWBJ0{C*5%SKx}y*Gx5NCGrZ(Wl3sfvoQ>Gw
zIQ)>;yb6=x+*U`Y(IV|gG;N4Fbvkk<<-wkXyoC+rTMiC&19#lb{`ugu81^ZcspJFE
zc0o_Sm_omZdW%xf0-U(c+^XQ+CGGob*edopvqQI`cHA~sN9|Dz3jH?>xP?6#B~`W8
zvJg<Z2S2rIGm*I>J-nYIoOgv~YSp80)YGh}5jinF7+n|o)NvI_hxg1bB_@S(K)Rrh
zFex!qVe&CSY7s8B<v>_Jkgo{XY}1q41m+vs_>_y3-G<0puQQtk)z`fkuHjLP0A|-#
z0yMR^Q#yrlS598Rk!3uBYI7$AoO62#sCs>O1Sn9QIZ^f@6f!2jXH)dJcfypM?9c7l
z$L#<B-rjg$R>Hk|!gQErRuw&*2)u(K9lo?}6V^zsT7b<qz_xO+egx3g$XTv(fJ3(+
z5hA8GTDBrny=1|LkLUV4U#L=mSLt*b<*&nSDg)rELcdJ;d6@d^WlgQhAPa9kP%V4{
z*Jr>Ym3)Fp)8hk=;^Jf@8PK+oZ7)#Bz+T4S+!su$ZMO*}KijQovE=`J)N|d&ktMsd
zKr1RMX%m!OwJP(-_J^lK4sJ+2iAp{Zd!O{;X{nrFk3N^!0lvMVa@!%GVIZFgtl7q*
z{Msc@74F%%K&619(&<uZVfyNrG`4*a{t~riKsiN@s-##ND%1tI*(Rbw<u_4&{WNjk
zTwQfU@k*5H?(qfKmPtpt?^a2lIBfHF{XC(SlR*0SqNL;8hRy9z?~km7<R70Mz#5q2
z_1|e$yQB~Qw<stn^~)4AHVT|rw#t?1){JWx;4E+9a^<oq#+|WiR)?&UJ1{Aks+9_5
zj7fu5FIP`v=GjBo&z|zuj!jtm78K=tmdNe@1QUPLQcF)nwR%Wf<?L1l=5>5qNu|1f
zcfaSr{A~DNl=`@$qR-ufEegk=I(8%(cozdsDT|?5OQr&`lOIWnBN4M{cMhnp9~X_M
z0^a?D%VhaXv|aX7heXDdYxc_cz8#vKl+%gm>x>6aGd2jA#<NlZcWc%|l^y#Ie|2U<
zY3H^cMTECkd9vFqB`&GVn03x?gk`7jB)84dknvIBY{CKsQh5Gn^sge2Q&EgL4<1}w
z1dJ)M{H$5>E1O#G6LVMWw5jbSmg<?c{Y9#(!82hR8kTCU)3av8)0wYJ!D~y$S8l@n
z<N+_VarG7y4u=6JqA2rj8}7VvmX28Qp>;v)aOQ0YOO0AnBBVVZlg2{9td!c~QY((&
z!E~74I)PQ~B9!G_SDrk!NQvvgPs}fO2)ie187&ENmcmqo8gm5}-@k;leHHRwGEtw2
znl1ci<E^BCWpq;6r&mdWVlno<<b^YnoJ{rne?eYchNRtr*wdsV_q%k^YZ~%PGn{eT
zVWw%|&Mi<CO7Z!(upd~NDsjxt_SzsHI8CN6LclAc9$%`2L9dc>pWZ%!zs?)7p}uf>
zQC>T<XO>Oa`uI5DV{bf3z(wO*%IC34uP?sG;m){-Qc+u;!RTwSS2Xc;!0hSw)CR$;
zo6muE9$U&&EqiES1Jpdx8_T(NuA78Xh&XuDREt15bHW(JDDbRLgM|o8=1^vxr-po<
zx_8AllmEpo`6U8i!)6az|Lg2RWo-Zv%GsjX(+RtD@t@?8MZIPZT603}$(_k^$p4|%
zVxmQ;*P86lQ|<l#YVTUynQr^|q#R0`LlR0(q0u@q=N`)8b$FVbBZ}rUw%LZnqlByw
z(Ht^|gq2!hm@E{9JdCuQC#5GXXCkNZ{^)&Dd%E6#;C+9)uHSFJUH9j6fA9PL-1oif
z{(i6Pt8;zkNWb41$@qo1_T9#e64ZtmLm}o`xt40Ukj=FZ_0FmoaADvv&6%5i8}y_s
z+AaKsQ(jZH3y<>o*4@-!8wSEXqDtq!U5wWxd{y6vVv^RU8v)yUX3DOX&LS?b_{P3W
z@Yhup_NNTQ8xZxiNmfkJ`AW*jFgs9MprbCkd2eQP<AF{oZBkWjie!&E*&8C0U`7xs
z==fwHFXF}azFNQ%IN|)r%SZ2NWY(a4t}l&rp8{;k1fl7(sJ4-uhR3R%3-d>^z~#=2
zE|c?ZCCd4hN3-Akl{aeQ*n5Fx`C<MHEQYE=F8zFYb$%sL$&EY{XNKs4&Ut5O#<x<N
zRb=8}w$iWV(7TnbA3`V#KJ<HdaqSfQ^Dl*JBeP}-O4;Owj0u+q=!x{=+G5roOf!GA
zA+_$NykS8*G4OPe^O8w%X;Syr_k8+aDYdK=>cacMBQurhgk?O<Az|_5yMRO1(VjLJ
z8o{8CF_sKhUewpL6K*&y!HO!QF^Re)v981~`oOH>*N>tY^@odGh8t)%YWwAAeoXEH
zlf8<GjVz-*^1mxlQtdPjyRswvl*Y;viCFpzdhgv;S*iO>X*pf{4E$;y!_XQ+L1EqP
z=cnV9@tD<u=_lzTW15BW>>RCxWDSqo=60lm?@&;RB17^nE0U-$XjjNgoqL*<zkND!
zsk2jWtfuch#vZBYQh4pKiNx%OI0qEX&Bh5;!bxE>H4~CEU%AQ!yV>bv$*`qgV8vcL
z=vYH$N@_R!scgDr65;Ei^Q>i1Z6KwQRV%6xWHF4eYtizUo>UsL-IpPriJ{F@R;3?p
zZW*lZXdL{o-QLVQ|K$x+;aZj}s$^>g+ZL7}rWudv+UFXR*|`+Sn=$#^GpNED8bI5@
z{xB1h*(209axin^N{jGp_Z?Tg%JfVYsl!+ucCa<gin%#>vBv>h?xyv6*b|%Pp6i@>
ztwCRvIXF^Pe7t`Q64DDLu>*UZS~YML(8`c$t;}8d!PjMFzN%s7+yw!{gDASB=#-w@
zts~4K5=$L#iVU8n$l*JiI>VQvm-tPOQmNU7{+6aifiYB>q9D)_T^=2;;4L$vBlZ2#
zL`OgfyR`-A&S~jwsj5xdB;fx9oh}wcb3Gy9E3*4R$6bdmV2k==nNgfnL&l3U>+wc1
znz~)ID^ZrGu2w)od(o5X6vc6w-^O;2<W#uIp<`K>P9DskgwR6Er8i30AWN$Uji`}-
zAk7FACHjl)WfqWh)}Dt&#|AG%KT!|*voqHo_0<n{U$Y>2u&Dc)K`0Z#ZvqTd80T4X
z9=S~AQbY7YT+`lYI5xG~@|kR7cj(I1e1|u^VNLy=D^Eg5RWSR;-l@d1uY9s(CYND_
zqhy6Xz2D0fqD5S8$xQCAZ#UP}_8aJ;;`*XQTm;?C+OtN=v2^lF9^XZ_8ZBQeA-lvY
zTVJ$(;?5(^j&$@&DJS(&&C>Gt@FMNe_(gMGdbUQOo8B9{{JNJB%2p?mc?USQ$S;$<
zvg6}#-D<*Crslt$zWtX|T$tUrbh9|~sV#m)A)<KFl!f^e?pbpj^Z8Ate4=m8`_iQ)
zQAyLc43iqY8Wp;hf=1bM;Wb8H5Zr=yqd15UBmlh2f&4$o8)X2AXpaNueqfLQ&pEUQ
z9E--_pl30d)zjNOxf^*@azLx8YX7G%QnD2q@abL|=be=mVo5)4feS@EaQB9NDRSpY
z3TlWTvK{Zr@06ETT%5V%e<ZLcD`>DGwll%3$7PguyX)-UZ1;SISN^^Om9~o&_n4f8
zhHeKt@UaJSc?6=)o_mnR`DCY$%(I>ewglrm^Ri}^5fZD8ituc|-tKd<e}ly>n2tt#
z@cHDvX$ghl*pesA3a>bg4lmX#c>ML)T`P}#GF@6tw+$ate%cW>Tsg3-=t+BjNUB)=
zl~`Sj0XDaMt~yvUE~_aH^RP|dtCinbO5dub$?z$1KFWU&Sc-G%08M~1mojkJi8}Z~
zco*3vaRtKr1pYz+JbQ-NV>k<T0)=*`2?cy2P&t`XVr2wNlh`wA!tZQ#<2gHYWjBhF
zHit%v9G4;!kgYsy2WnKaEVz~YoVTt~_x;9|G&$Mj3UR~@y-oV^y1oVvk}Y<=t?`#k
zg;&2@U=ND1f`{?EaZub*^;>pZb|RhL1V9@uKPKK7YRhn;fnkm{-u<wJ&=ARsn?u93
zAw&5xPxCy#4A1vo1O)j{&%AOdU(ZQEu3mt5UgSqXd!Vt1|0{ZZ5=SMuAtMinzj({P
zD4Y}=UtbO}R3AB!eM+*qxR|E)*dHNvEQzr&x}z-c`qtUBPzEP}q4e^zEwNwO+lG0_
z*cvRqP4SVj+*j2LjLv1zkorTaj!qV4)?4@}CByflAWg`v36=Ia{yg<KMIRLhRUOCs
zD)m=nbKLi0gxSweQy`u!oAF}zrN~j9<O41Po7Kdc5B2f<p&|Ner|KNR*7Wo&=-I)W
z@Q6}AQ^Tm5DhWJd+2s@QDs`XVeHSvWPt|$CP==*!6IWm0b9wKWN5zszI181vP#7*p
zcMkZ?NnYzOsWeJp$Be`1J<Ex6UAv0T)uULH;7x>H&Cs?@Uo}VO7&2DMbF@0^MNwX<
zs3G@Px1Sq_Tpb^q)@U*_^9(l&D{1_f<&cOH41M~N?BeO>v+zuhB@5F0xpY&J_#wPO
z1{iwjK`Un(dCu*-5P3GJ13A0@UR%Tb(j<HUDdubffyCB3{y*QGkD*a`1PbqF8-hXL
zPOnN6Zt*igncV?}FF<iiK+8Z1@*l2TV7Yd~BK&aB{i}CwV80+oWdl$%6DTJ20}KRe
z-~)lq`$4~9gV9)|I~t8#t^1ceR!>RoH9+N;0o1micmxI4cz$HyHiBKCRN)B#ZKS!I
zKLa!dFaqz5@JD>RuZ0M36ENChw(kd8kOTzTNd8oNoap!3aoz|79tT}}9R5`&a_3WD
zCz=4fmw*}n$ga+92Y0Z~Is*~?jp2Lf4>y!MI$|A~js0a4e%TS+uGV#yw4h(ItT|q}
yZTWetU*`aUT;o6>?v0-t{qwr|BO03U1N!e(7H+W#7<v#$X!Qe(Va1Krw|@h<D6O3U

literal 0
HcmV?d00001

diff --git a/tools/nist/nist_csf-2.0-en.xlsx b/tools/nist/nist_csf-2.0-en.xlsx
deleted file mode 100644
index 850428a2efcf78dc1f93edfd0fb8f397b0ef5de2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 35603
zcmeFX<F6=Dx39U3y=>dIZQHhO+qP|UFWa_l+eYv6-gNqQ&ixP0ok`95GBT4Id45AR
z<)wf@kO9B|AOHXW2mlb#ceafI0RYfJ0RWHyAb_-l>};J)Y@PL#J?u@KbZFgetnmv$
zfXMR!fd1M4-}OJ(14GHPwgdFgBezK}uqw4mSbOv`NFjqi*lfiO;A5CVL<_``FhQ+(
zSo)czu)+KrB??%dpS})8aHE$arc~kPT~s2yXA#ia$IT9pid}Mfk6Z}^6lE#Tu#ydc
z$cOXK%k~|R{upLl)FLv-Hzh-rp`r%+!0bC2?`z}-tL$k4Do`xo9B0qACdW7dMcJA#
z44AwF(lj(Ca#lZGBoX=w#&DZ`D^<vpAXbzj(v)hlzmDT>u%Kq8=+!cPSR?R_iv`>7
zoBC<56D1L%LaYi2y2^v-jyA_-aZzx$Xu}2xu#$XP8GoAUQeo8c```sEssYOzL^PvB
zF<MV~_woW2N=y6<;$OTa-h^ZO`5fSPx#G_~d?^yA5`u_qsP{_z{1ACgw5uRKVhG*N
zh5>yo@ecMrxgvP+-5i4#tLp8RS-Ie-K@y<7*{oJeeqE0!>|NIja+olk!&;@CY@Ytf
z@AnrNK>q(H&Sn*QqNjhvN&nLx)IV|RIht5I(b4|b{(nXJKUj(X+oxA2%E%4ULx<jq
ze}#>`E^o)f3re{Oh<6ew`}#|4!8OMe5o2xll3~LuV+H|>`E~n#O>Ay+$6SmNyc{rB
zM<F6}5w*D0gr<EsxPViVI;M&`RPPTVxGq00zhsC>dXT$z$5B?bl@~~j?-GeF-U~Ot
z&(f-4LL!x5hobUi1Za-PXzUoi)dDUHDqYuv*0-|dUnI?D`K_jwp2P5kb4Xt;WT1>W
z8JexvdXHHXJilYAD4BCu)EnkHauRyz8C&-~3TO2qeS6c$W{)WnG9$h*&Weqa<Ujjq
zHZk8%=6DRTK@L`p-HiuE;g#?F%TxbdB$5@S1|R=CA_fcqfC&Hr=x$B-zjWee=V)bU
zXJ_?aIqd({4B)>+_V1Mc*{dsY+H!~<I`}rECuqLgA@N6kg42s4q`PGkoW21uOvc)%
zg3seKGx>(KzBp~Jh?x12VaoKA<LLm0$YqCuyb&9uV<T&(`H$|aoZ2gXcr#PSD=bR1
zczq2m9qa6xm8_g`CqH2YyP|%^U{JEM7B;g9Z@yI8$f$r5rV&+8EnJ6)#>sn5bT3PO
zrbT3q0=(M^=8!M+_`99WF0)QdT#ql-+&u==cmz~Zek@I6pv9Liss<3KM{a?3(*EEm
zu!b<N1GXA*nN&N7(ihW|A!Do6K>RYoG}NdvFJ}pp79EMxUrOjWpNo$MD&}dv7f03K
z3#k7SIqa0tARYfgt05Qw0Ng(${*m*)GgGXhW4A$%?335@3;)jJlK8M(USKHCT5Kb@
zxxuSC!Z2iMXtpW~sPcW=DGL$uu+WUa-eAYhd%EK^eY{*c)-47oYMBy$M~$B=uU)2C
zgXs8Zb^#Y|My*6K*^CIe{zs@bG>=cGmW7+T$@dPPKO@+9C6%Eh)T~hdL^@5-z__A7
zAGNH$uoR?UF$vNjDqB=wt_U<Kk{N=b3si_MEio$MM1>&PhM)gviqI!%e4)u4)DKF#
zf3JYjr#1?a0F^P#RVxUwZtvc@gt=ZMwvo+XbrZnX^9=?VyU>*kI>%Z?9CqWZgh$AH
zBc6924~!W)PO+Y2x_>jC6M3k}nPuy5;0~9@^NV^nT0Q+6y=M4IWjCVH!%oD?wo}yD
zog;;l!>0PGk;!`!O06Qty`$-s3uTQs(!ywkZd4Iy`2=0c6ayxh!5V>cTk9jXePA=*
zv8unJYIJj>c{9#)+(zXHt{JAx)i<Ia6(o=sI8Csly)m~b6q6b2Bjp&9pdIu@5fJgL
zMzj8!How*@)`!Z5-EyF#Mbm6_LajoLlam6)sd1Hy?OA}rx`o<Tm<onlMqzr6sKDbF
zrxH2H!Ah(X6fW;9>23pY?>Z4GgiZX-huaCIy>A`+(EhiQpR*6|Io!yPGxyD>LLJi`
z_+fwZZs(a?kOCXJ4#+%HWPt7zOO<s?Rd<lAI5?CK;zvKL4KehAWGNkUZs7KD=Vw(x
z3=dcTO>$?7p^dKgLFvwkY^8FYmB{8xJ63*=3r<^7#WbSh4vzDS)o!r1$r$S&&V)<w
zaO|pJ?1l_x>r(f3TXsVsxU(fQiiOJC+{*8~Nl^N=oyU<@ch64XRTE4(>hNt-dMP2Y
zt2?tTYB*gOINg|w!d5MZ)JG2Yn-h8kVA~-ofU5)s+71%4#Ftxxw|^A>_W;SDSPnb=
z5A)%Fn8W-p%$=M)tWBK$D=-$TY}#(pL;K*>`@uimOt>CWLt3NBC;@}E81QrH*G1Bh
z3A!*4lQ?l+?TW3-9uyAJUP}=xEbSA(O&6=xAe+xdA8VShcR(;0RxY8aWkLJ-kOyLj
zt|+J|6rfDr1!#Du^!lY~y1`%hPNoY16j+D0&aglUTDO}dZa{6*gR(WVCUUZ8!ZgGf
zG&TMtAQQt5QY0i(Z4pr$ztiC-W{&D0C2O)S-Ls%=;c!w%8@IP@lG~hV0xYv;&LK9>
zFAbHmjN<1!i(rpS71h*kgYF^ftacgGozIMC&pkwgjMWK6A|j5=I@(QBC6Er)^SnOn
zbJsLGqNaG3VTVHs`#_?`N&2aU^gfL2P{~~*Z72bzLL_n1G|z!?#KTgqY9OanzqS<w
z*1^2mvZQEZdpcdg<ZJ}x9m#vy5$BH9tGf?{us1~V0MZ{(jGd+{fMU<p`>`{_>k5=T
z)938!b+Luw7P4dT;Oq2p>sToXnB`qMFdtXwHv<=j+O_z)bOh`+yTUHbE=DfKs4BlH
zd&Vz<El^~@zxI6gF3;9)Vpil(7k5@MLhmNf4LCqWKyTvK@wtC7XvXmbJ`aERsV}XN
zeX(_kHdzeqYu?2qR@;?xhp3*#nODL11tR;vy*s)BH9f~85;IgT{pHMI6zv&i{92cT
z0G#Hm7rn$mi>=ySf}pQ@(SDvAb^fusePS00I8duD<=V%UO~c^5<!gw%J^DI&4!Lc<
z#Ao#0@q3y^knw?D>4-z+#8ho!;vVF)O~X5>+9ZTE-FHNlrqw{4N;;+#CuN&lu1pVe
zaDQ}ScG{tL=s<w<ftNv5?bBuyY7~lmHPZ?e3(NH_`!k2@lsCF~#~Cq@-v(Wz&sg$T
zpS4>$kTBw4*}1VxCenC_$K%-ej|B2F(@c^aYOEA#8>gj<vbi;A!rogL@t6Xn<InH7
z-~X{NI4>n>GyTWB64rmUw*Lw5&gLdICUpPV8UBm@D~)MeEH?Nav@<SvFFES<L_>@O
zV5!stRtLj1$w=%99m_NXw|0CAt`3y(2L6CTi+QPl9Z&KNFmZp~g))b%LYaUr!LTDq
zO-*HMGO!Oc9BZ1_!>?KU&<@XQfr&W+gv5tx6lFR!AmPS%G3F?({v6-i1yBFt0gYgc
zS#hd#cns}L@89k!cOepD5{MTwN8r{#;R<gf6OqvR=wp-IB<LNOcJYQlF@!o{AUweB
z<eF+#%9s@7MQVNw*?_C-{rFIjXO?k&C&{kKJq9I3x?pK+^M#>xgZlaMN(4tjF6n%s
zDNVq;h&P2iZh1gMbxQa7Ka?j()z-Q?{aC}KrKwjm*OwV`4RveqF{&_f2ymv-Ro$A8
z6ED#{fb`Abm#&>Twl1Qx0QTsCrK+in)0%eO8@UVA0avRc8#$8Qica?=A68I|Y@64v
z-5O(t5t#Acnp%BzYM9M6D&ThfsCs&Rs~cK5vV;9t@xyGWcimLeqSM1z@&o3qn*3H_
zFP@;!7{+7kv1mQ8ch8c5c}4h`rt>8l&>p3!!<vz|PV>P2V2st~p-aSMLfC@HZuXq;
z$W~zPL3;~WoyZd*B-2pi@^jkFfpAXH7z|~v7w@lixqKr39uD8PtG9i*(KuWjzOVTO
zN7kD?YFaz*_iHmh-*1MG!*ez|Jiq<XNyeX5Jl^-?)7fwSvHW&nx*qR`&A()HJs(f6
zx42$=T0n3Ucf2wY!mVQn8>bX!rqG9yvS0_^Tpy67GqBkJHgM;)lGuASkfyxaS#2Yo
zRQc|2{;Q*}I2v$>45~|m@1lvEeL6E5Sx|L=w&uDdP_LsJS7x*$CR@BCVZ1vy*&Mak
zu}<Zgi}}vhyAt6<C%A(d0}SKgf*&||2nX{wxFxYVZWiQiM?xVt3QHqPR*Aeg>;cTX
zO+rd{lS5@pZ5s{KH#$ovQ)SPr9L@>x@aZ1Gw@4@H_nf#?*&pIB4igh#y%8!0NDumi
z1B|s)DDIr3(M7hx#ZTAmH2k}Xi+1|uYPzkrjS?4xA%#SE(^=_{jE-4xoRG3kbyLhz
z6Kils5Q4}>Jhk3;Iya`_zF>TN))k$%iU)0<PlEPgBeCL-0P}Vuh2<Nv-!c|29fnin
z%7<>l?w*`B{qsjs5jjXC?ie?E>h7)g?3+aJmr>xeogJUGH(<Z-9i7x^vzj)ips1Ng
z9(vXtN6r>W+{Mv2<&Z>dCFe;b*r*C{s4~EIrETkT$z*rU<TtRisB2dOfmLzklCX%`
zLUB4QM0(Uv3k|{?Y4n>JCQROmNKMo15(U$&Nd`Kz&@H&))vg}KX{!@|_oJgTkd2u9
zWHD+ifXqx<T#v8QRce%_rcWwWSqd{0Ps>@AFudE!F{x*&A$1@EcR;JR{1J2}VgEv!
z5-+&6Iz2AYWIl&<h?BAthQu}PMDbQ)lF1mEV2a}6opanG<E6B*u&lT4xuTM#tS_h5
zXL;V*bTQ-Dp6V`mcoE`gsLINw78I$@RoATmBOi33KpRwt)LFplrghv8QipaH$U|bi
zl#%|0Ty1B|`l+uTkO^u23>=Wf84FR~R3~L+o~j}QQ8x{>C;GL-netTlvnK8bOtG>;
zfd0cu(HC25HEu61sN(8sF}$UK&aWW(u8!akFDz!>H)4nv^yyL_$cvC-&t*Uv=<8p_
zY-95{K{F$=kV01vJyUCxO4df+$|+KoVZBcpXU3RLMpc6V=lnQfo6OZqNqS5tp5lo9
zJF7f@3aO1&EwTYjuyyn&+PS9%h*o)^;LkB6j294XyY#icdBCN*JB$G6>-b48e%MFv
zG>6n+F^ja1W!{LmJbRonA;fx6qjBLavf=W<RU@&6z?iVIgm#8j1Nc#VeNSxwj86+V
zd4N3IaxpnDm>c8I)+u2SSc9$OPeo3g%*kU5cn4QKP3pGah;Fee<wr?T{yER5v>Xc+
zcpb;utjE$uWOM$#<@c1B4Qv{(_;0{tTx9$@9@$gC#_6ZL7Q)wx{w5WOg3mZBt~i>w
z7B2W4`??60bY`-RdgRT^z$STH0xjn@hThl$+qv_s#g&HBNu!hF{qy$ed$f-FT7ygb
z;&VD?;)`+Q#fv%T82V_sUh@PW_kF*Q{S&M9eOyN3i{&q%_I-b{fgiE|(Z4E3i|zMc
z(e>ZUv4Q9$yqbT#s{Oy71pWW(I-JZ+Oq`wQ{`2}zZpu#DjLo8l551*&#)-e>K!=zv
zj90-zb-Asyg<Flq2t<jlxX#vm-sU1LlT1*Zm-Lr=`!wV3HH-6F_t2UXE$_i+4i5+C
zQENU^1AYIgc_<rVN_}RzRE7iP@F$3Se7!a0Dp@TBt;a?5REl5OAb=AZ)QX=1vGm7P
z!z>~B%f3`K2aT!DW1FahE~bDgN$TlHeDr}EYKhrjpzKXl&?*)l8mke#+hj;@mU;BL
zN4$7Bz2`&%E=(;#c4ZKZDEIK?u}n3cigVIkMsc{Kdx&(Hm2EQejzvPzrYg$9%J1kN
z{m%Lwc1K|RCD<|jOA9R{1f#Y8$6aLD4k|*Hw)*Xl)DFZXExnsI=WcihzF#A?)WieD
z<N0FoLlW`#k=$R#$0|z7BIgf+*s^s!#=K=9s;kBaW@gZL@kdY@3HH1gunz)#v!6?^
zR2sc}U|T>D@_Sz@5<PaO<|rg=u3p*{&CZzFH>qGm)2%&X^j1SCs58#8<ib<G9A&Zb
zyF!jUolmoG%cnQAYnqIJkPF|)jTUr}of1sUmh&sM=1*wDWzFoIJq>oI<L3g9!TDiy
zY52~mwu|@(J-I(_So6Wwd@Y?sjIn{l5k<ix;u?VsDfZ$A_c0BUxgm1ZM4(U{iuF7S
z<RyU93*=77MsPRLx@P*{qF^m%qTV81xZ>=l&;Kds{~_}Go19{08$=HuTo>r=KY;m=
z9JIuYCV*VgyFe)_;q`g5KyD=`F!6K9kU48KA{CA|NT1u$U^RIBsHzPctBugx;dE5x
za~)}C+2Q;9<AiC*mpvL(rQ2mCM7N-}@{lz4y4q6VTF})}aCK`JcfkB!QCb>SYP<t{
z0VBUsNuUCNLKZNQh^n7`aUNVPqi@N6%omA7Ow5;8&%m#d#cw4}F56ZEHJ1W7u>rCH
zpqvd~2{qYsya8Zh1Ed3}oNe#5`ncKoA5*q}M+MuS7H9z{H$x)FMY01fS^fQcy^WDy
ztx`Vv5{V>;7Ac$(KzRTX^_|mIFSXH1O`TDyz#7Y~>i*#QuorKFAHhBzMU&eVUscFm
zXTqw$n%$Kf-Mdd*_v@o)<2BP9O*V0ov^wZ;Is;7(7veX`V|nFS@mr$zA2<GIYorjD
zmV1_=mYkiUQXP|!p=wZJoMTc`B%hF;^>2`Rfa)tOmHZ>|PD1kDPOmF!X((xl5N=jo
z9G{w}2XuJ0xqg;*ie`dlR$Q98_FuE4|1NRn_S=X&B>;d_Y(N0ye-{4+3r^++jwZ%R
z&W;wgX8&otrhKgIh}K=M-GG1KLf+wL0T#HeM_oycz#ZK-Q4buTE?z(c;I)&-64h-J
zMIH&7zb^l-_-3o+6pmrQ*#{VJ6_!^%u9@+z=z8VZ{Tv=zu5-I?>hM+jeU7W;`Mpal
z)|d@;>G6HNB=z?E4j$X_TDX3?^4O&fc6?rw&2HZ${l0C>`8`bAw%XmbUT)j*X<WT#
z)%Cs^vS~S2xxT*FpRc@4f7k0YdwsR}ycxExyIy;@o^^a%z7Nm#em$t^Rd4uyOE6)<
zUVhv0y)V=GeM>m0zxwex*F7ca{T!&}ecfc~{C3*C^jf)f+O}HVrf#$8UHQFEqkSp+
zG2OC$ioEZ)bpHB%cYQf;*HZfRWZ8U9<2upx{*2y==5>AFOke9w$nDZ~fH7IGe)DPa
zo|<)<zIcZ{Uzvv4^!nMheBTKDwOqXxYQ0$TqCRQac7vNmlX-PmoPK#w>x=@E+OiHc
z;q$WHuvv9hf9f=eBgxX!Pf?|+o`LoY&wHC*uD^L5Y{8OwjNA43c~RjQYaIvJG<mdC
zzwM0s+)y_Cc6C*E7&P0iZMRnaj!kqBz<8UZ2|e!GL<Jtjb-v^XF1@wJoV+Q}(PiGe
z*{`=|keo^}%H40?bZz0&huFNi4fCa<8d$x8-K2TRQCz*6)tUETyW|+lp~lV)T;7En
zG`HZ5eMPr&c|TU8yQUbix}1CB3a{wpH(joyIHSArd=F*A+gvtXzn+-w-MH?xy~{f(
z-4=AUCE()w9?y!?^V#mwlBcA!IwbmR`uy5|gz^T4dapOfHIYzOb%tvX@zS}6f;f5+
zY8`dFT)FDFHsZU~W^YK!WBDvtw+<Wi-C?nDTD_rnnQH2vz4Y<>ovJCczP+1pjRWUp
z`?g%%-~9O7<7_zYr|atr6R}m>Fo%phR{9eUq0`>ZX<IGUYqO%mHhOzZcbHK4)vSe3
zaY&X3rDaVi>=G8CI-}+i=G&0tx4p-AXw%uUJfNStZ4~vm`zif6Zg9t$VO^c}#)SKE
zHOA7ioMlVJi7KW-N|#BhLOE?8_uDx-V(Y+o%5KM$Ey`7VjZGMs_tTw$llnP`YNhvM
z1CD`{%LM@(a(Al7cDOEWz5JRn-Qs6m@HHVY1<O7~mC?U#uv%vTDZ0D9*HnF<BGTJ`
zl~2PqnTu)tG@PG!*KFH+W_D<H4MyJh{b+`i_!;%^$d^}fRa*Rjn8=`oE3C`bf?CM(
zIqJJk?X{N7Gh@QkN6B42?|)D|R=bgz@WQ2Jujj@dL`BU8%eMqj4G8-&Cm-M^UqeV*
zgP>D)fVSjQyL}jZpUoo-UzwS>F0?Jw*@t=M8;ZB2vv(`q^}EzO`CZtqJIFp}x&y7X
zHsmW&HIdSu8S%P@r!)P6HeKbqekgI-Q<AcYgU>!4Q&Z}_ABO`1+W6D4-TEejK35Zq
zd+TPv=K@MPjoEBc>w(Ay09DUrjbFBnifF}XtLrc6)IrMa*ZbDdKCn`!#~OcQ$SlW$
zdM9ngP4L=F&F2St3x+$62=vZodqGt5TfKee3ZmCX9i<T=eOhriCy%*RW`5H;Xvy54
znOsIYFQMwJDc0+tRu#YmQ4w}!e|h2xv_-a0$6*kO=Sr7T8E%wr(HZo7otxi$tB<7j
zZ?2_P)Ryrzso3|>u@K}E@))evJZXl0IE&da?A7eGFLl?wuN%okY?}VD->_?xW$(VZ
zUU-Ykf#-&KurrQ)rfY3atiN}U_98gdY?BH+^IN8lQmOfqi03`xvW8<CMcT7M%u-w7
z>D%uYV!O5vF{l%~i%mQ_%T2xHuYc6O{#y0)nztTHO<<}e+sAe|#`<)5(y;w92*|0V
z2I@z~3vXIDlc@e(x_w))q>sN}zgW@0pv`P0N)K<Zw@8t7S4ZUcSs&(|>xeHI2CFD$
zhbg3+NA-L_+9R0VT*d{^?={3b@P0z7@-?z#bGjKwG71J0MzigQHsmT=LM7(ef(`p9
z<sKA&GhAN;ey)3vN{9j7%TAjtv|;>550iL)whH3*+kj@pK&=DI`^uYNe*l0InmJ1#
z{)N0Z3os0h%42t{_4~m;sn19UicUL4CfDLIaT+|VGi!rtzVRAt1;#b23eIC4=F+A0
z>s*dfv#e0xu9t?d_;lABt7yaxm8A!{68~!mA52z!2oB4?_lOf8_mJsz5D{}gM>HB!
z0U$Jc1Wen;de(p>pn-FTF1QGM0+=;}6h@U37vrj_i*?9+d0owrUc-M$S5!wKc$Coj
zdJt6rAPgW!D_qmkSr)GCrz69OZdIqVyO@f&4iM}ipAQF)La{p%Ct#)+z2%a{NRMgu
zyLz4a9w81s?aN}m20`>YMt87Khi`5*3sAUz5T50t(&`)$5LSZaY;BV~0i0{5qudep
zCw4!bV-WVhT3(r${OZg_AZ`kw%n9R2BjT4dVb2q`7nHDfY0kHADc22xfkoH9_n}rx
z2z5VTk3$Ork*&hwHgvGZKKc(=aKF7b6-Pa%jvfg{_h@dTtpqwVfp(F(QZUsRFIq1<
z);)VR$jF`l{_m*y)T>(uD4j$#>8$N>lVv>&+EW9SAeoM-Wv4O=0mQZb{Ef>1i;wxi
z3$CQ$=$cZmh8GKI3{sqbr&u_oI6-)c<z(me+)Uamt|pRT@tACFlLu_;HcwIP0W=yA
zAsnPpAjlIx^?ugAi)EJn9B*}4S#u98!*Tw@R81)GK)H}F3jsqB`R%fTG@LJnAO_?t
zxpcf8!!IEh=CS}=KVHE5Ma$eQ{OyCiX0!_|vGcS4W3aq@kssHJQFpMDShEOs5e7co
zUGt*>h!7s|X%tu%09C+Wp9IQB?4?cDte}ImuZ`Mnv#qNZt-y6#Oz03^cLNb=j#%!A
zDXCl6HCOkpCrB}`rX+~7Gb>UMedL>Tz|aL%?2v%UH*BY9{irkS$?P_O#_sqg7-;&`
zZE6bqrlI)A7f!BN1!j5KZ71CNroR|__G-!3hjVfPdfcx!ShK11&)of}to&?!cg;oR
zASV*RVfFZ1gP_`dhQnTQOE#mrougpS%%kV{f>pS$NbzYRe~Y+CP7|t@w2XT(Pqr0v
zU~}TlVgBl{YaC=xxB|lmEYN@<c#lPy&P!G=8s>TGJ2ef=K23)+3%{4nYu&mBa`0YV
z=(L)rfy{{39*7L8L&M$zqEA&z_!z+bSP~3ex2EaE3I_8bjVH1*>VG0vxVD%Sv;2XQ
z%qz3K-ait7m+04sAjGkl(^p90*G6`a<f9LaZMZaaFGO;cKeZ@(>HQ2h4krKs{gdJ8
zPKJ*qf9OwHa0d?_HR|T!e`Oy34S`<)jm?g&4l1g$<`W919vDGliVCC{amE8nso>k#
z0;>pIszkipm*N`gJR)oSRk%(KpNE8Tj~%};$hQqt=XJr5c{D{Oyhy;vwypgbYfMIl
zyj(XiTSu(}e)NgQu0xf*VL%&;912pd=1dZ(!<Bt-&Cu}VpTCbsK(HqO!dF4L;+IL8
z#jp2N+zhiNmygiI7<V#mUxROm0=`v%5VayLHqf|JQg2`nRt{c|OUq2)oO_r)_)Gi|
z;{v(TpppfXv^hAwEg47*Qj#*Sj4uNfBDkR7=zoxb?=U!)gIHM<c3bG*g0B3wfOKgb
z+aBtj8F+MF{^8S){m?oOxmWOhygIGNaGsjW-A5wG-<O>b?x;2|0&<x!<RRRO3&Acy
zIR2G@FZ@L2-?v0!E|}}5<BJP(i{C)<kbhwAv*EWxunQXFpGSb@DDKbC&(+7yFbh!^
zPsTr>;ho887~-a}-tEx~Oi5)iyl6DCdeNC0zdBfu7Z$Gtcf_8SIvX1oUa4(Jkj|Ns
z$Id8b4j<xj8TJjtc~N1-M=v&T#^+T`HbrjQdE&S8y}J4Oi`74*=<pEXh20besHu`l
zAI=GGgo<n4X`W1bffQ5^6Z8gtKja*QsOK!R%W|bHgKaBT4$%iSb*cJI`HT*<;O*jH
zs<c=1)j8m`T9)pn%3Ts8SCGFuxYuVCN+zfoSb-p}lj(`%D#+bF1^#pi>>!3;K9+B}
z(;KRZ?er5r*4teJKqNxDYiN~kJtY&yK`@8d{_1de3hD2!x2R#5M}ub0q0I~LaBA`y
z+^;ndo!c|fI;AK`n?pMDeol5g3kI34ht>sztq%w})M;w#HaVThmijq-XE0;$x)wgt
zPoCPiB=Ada7yMBM_F*y~SSEdiZQioI@?z$J$#C*lv-z%LDN&XfnQ&d1HZ6Fhkss(9
zV4|M_)K@|~m0kz@Rh-3zyPUr#%ygcQI{sYa>To|`5O+q(><I84H*UDZRnn)%CBcM7
zSEtu&k}V;aNR}CeFSr>Ptobmb+I%Qp1+fdnBN(;^C3w`k8<!Tt8jK&{gdD<|038jZ
z>l9K^U+UBr3>>oK9S|d?hFj`N5|ZoPVu@@zG~nGEQaKY98Qu1(Pk#d?Fv0^MVq~%W
zB4d(n6n?%!a)9Z{C5`yrPEY??7%ULCJ{DtsJt964B!pmxvLWQqOk6??_ts<Tr3t;K
zOi-dM`;ZV3do1+26Ezuw#gPDtx+M#Ob||iWlOzJ}1E<4sd+X@E1C|C^v|tGAv6$Ie
zjQ_kqBv6cW20y!?KDDA$%}AUF^H;U+_fX${d(JpN#n3E~Bc7Z6-lIC$$)=4lTnfZF
zhBRdIzD|#=&i<r@+e&<@f`wMjuALE^2^F98nwl+sXr|-JqHQsFR~EYf!PFI{?=W8B
z0K?x9J$RhdAwJvPP`xpJX;DlWZp7nCJ(BqM&V1!L@m79f2kVj&FhCiGhu<mHedvrj
zH489V&_m}kmN*I(vNQi#vTjPrsV6iLJ-jUZsuKi`Ia2DNtT7vOr7}{Bfr3j)pPzhi
z@-=dI9Y-8fFcuZ897|ti|Bf7VD0|Gd1s^McnRgb2RG{A-Y1>&^d?sBhUW28LpyIZN
zoqv$nZf9;4eDoZe5og^LS}V3MDbdmyGhM(4$URPv?kF9dOmrKdW&se;z?!-G7L24Q
zfS6z%$2d)(h-nQ*udVmhjy+fs2ui|yI0C=6`|1R)kRYF`f7Su*6PHRLatD(Z<d9Z0
zC3k*)I&F(LyDC1;Np8pb9*1!sPH=dLz7u23ClEv&h)o)>c1)=ds3LW5qAjbAEV*t{
z8N1I=7}x)F5>5H30)WABX<9`bi0W??1{|eda3;KiW<xdnItRa9ZK~w0fe@w@fLXG$
zlqm``wJ=(=&i)qUro>qYV|?V<P8SVd7s8M2yTyLP>BlsAFGseb(U<Hya5$3fj_Lsj
zPL%0fx)?9Q802{pqp<1>y{PJQ)?@uFx2rT|jQtQ{-t7uGt<Vo45Doo;z4f!ryoU~&
z1SwE6!+J71amz*_b`mxof9#PI2n)nu^!qyC2ivfB5^3%dGYD+!nSuZ{2&3w^1r*T+
zvNIB>($qPN5D=iSA}VuTc|X<FJ@X@#7>&e-P;4G&Uo_<`qKvlX4qYiN^mgrdp+&Hk
ziMf?3@LHwfU+DR1gUvI60VhwC_6s`t{hVvx14)^^mJ`r-`=XZ+O#fQQ3B;ycSY<yj
z8Cp>3w%u3!C?y@rzq*I0DRiPX5bAr^6f}8TcKyv(#a_An3h)ji7|Q4S_*Xci&Hye*
zmDs6!+n}`o`vt+ubkg>MJa6FB&-K{qPW&1avMmn%vT@rn7zR~{$fEXXTVjL~H|872
z4{&6BFkeT|*;HsJ9etp%m;#T3(87@0_*A4D{ICId+x#|U%hKAUng}?ZXOf5d`V~}X
z0bTi8d@q{@G_`?%7&BY;^|Cb%$ACs)J7%!e#o8Pfa;j><8}KQxkV*i5PPG)$BGE89
zOpW9`RFO%-a5vjY*+O;$A%bIxl0jY05G|v*`AS0GC)PZ{Mha=P69p2)BI5S-fKcFY
z!;oy4IO-f9M4P$nN(LaqCm<A<5rV5rM-Lt%)*lWRw1~f%#N$ywMI#oN0T7)q+s;W_
zAA18hi2_x?AjG_nTX$8iz8p*i0c;p$1F5hg7(zU1#A9M9fjtAq*>(85sf6QUzxv2n
zgpq$MEGV1AT%)XjA;VF(5u1qvIGP0S6`nL;Hi$ExAryvSIi+lf@f*LMo!uqy<dNf-
z8;G?vIYut`6$;9>4cYsGif?JCRO<!?Ok<!2K0Up)nC=2kFyqwqnY~b6r?|oPCkkt$
z!As>YG<;IpeyEo@eBkV0c8v;?+8r4og%u9r2aIdSRFyaZlqB#HC@??M1Y-M8>Iwcr
zP$Qd#2PvJ3l?}G~G$AOYE)<D&+{xA}I#`5*rDprf3m37Yugq3#LnPT?nmTDqAe2Ge
zyW59@JV5_V6wkuH9-AT1L^(2T+M%8aQjd;LEJ7Fvr$|1+MQ80}BNCA-XtZy%m{R6s
zxtzwVaOxA*x`DG7TRbi$2IvylmVZ3=+tIelP`~JlZ7wfj{4+KWr#h>)ent_-uxrty
zd6L`xxUz$h&rre<4S@s^l0g~C(PZ)qXzCl#!H**@-~{Jzr`Sa);~*>*UA>*UEC`Vk
zrv(Z_!?;7_$dqz+zg;fLw0d-_j`Oh9r5S(dn6(&C^-fbm21q9UV@S-x0AN6?Jh|Zc
zk%iH$#)7~L16pcXKjkSQF^KV`3Gvmb8FH+GA$nm<76w~yI*h4Imm^~(tKGv5;=+EC
zCxL|O%~N3kA*2u#AdavC#i8bcLZs4;X$pyTI>zhJ=!&ds<tv4&1+qg{qmJyCFTA(N
zk{9V+>q)%)QhvJAe_mak7gAb%X?%nEaL~>&*$wX`?U=<X6WrXP07MuXxJ&^G55G$U
zWHP$2DxhzH2PGiUGutmg?FS)R4kwG6X50ZJPnD*fE&^s`@e{E1pg0ea$CWJV^?{Fq
zQh=qCDu8ClxD<V>eif{u3L{xcO6V6scGK~V)HfL3afvnzesc@!Pb&slX5<($XmnI6
z9Zj2g`N}am4j}_NaZW*zFP?+Em#w+px5)PpNO}I|8LAd9Qk59QC?_dkqE~(Kh#cuE
zj`IgW?GZCI@5wXq*r`JGcquGX4I2%$vPRwoPklBu*Hl!TUR@EwL@4AG6#Tv<xJwNn
zUj1@PRLh!VI%bSXtXV8tLOTEi))aOVXA!ro6biu)(~NS`o&h?n;j4U4H9v;F!2O~!
zyWk>{{Hg@GC{CZV9|EE(SD(A%j>u84kUjV#iQ_0~eRQc^FObtDrMA=x3Nw;G?{`S~
zxa9A9(N^e09YX#shZF%>gc3}ifJ?2Z%`$)S4UyOv6|vfMB@RN<AsL@PxbEAui`A(U
z=00UjdO?o+P<2}lBs#O}VZH(Pb;USAMh3CZpX(eA=DD8ljDd=7<-&$L^`Y03YCoBZ
zKbB-9{<#E~bk%AjXU9^0NsVBw;A9K+(Prr|doB`!92H%pL|G2mCz0yoDMqWd$)Y<g
z)mZUe{LH+gyj}9v4o_PWwsVOd##1rTgkr2Zt_BfyB!5Kys9kJIqnaMA2rxZSKl~xp
zu2&5%n{+MG_w8986+1Z-DVK4rB!Nz62dr)}e7^;$p)xV3Pdzh!w!>Xjj(mEvwg0Y)
z`Zr&}s#!TRCsa3w=};~)2fkqNiD8swDVD5QkBmGkNGr1JS|w6p4F$+kO_A6&(FQ-b
z33tcQG$O8KpvNT<m5dy&(haHVt4<x3lPk9^{c%e}CE>7VivARF#?uWa(WwcJGr{Ud
zBb|~f3(iSuLgdMo`99=e+$$d`8Ui9{y@5Sk;ZmJ9i}3rx-JIlwR_v`IL1ZU5av)$g
z#Z|`~H?Ir7Uxa>U-T#@b-Ng5q4zyY_8(R;M7xSajTYbygnwGnK@Zp$M;44~ymLj3B
zO+-&k5_TDS_#^FUx1Ee_ysWl@N<lT_zGLnp-b7d_Xqkdt&^$Gt7)ux&^IfqZD;=`_
zoU^<Q=T#*Exsp%Xg=5dMm@^k#bfv#8pD(5xZafIMkY7yOlFFcnR>d;n$+*gS9!_I*
z0m{q#L?w9n3T!SaDPJt7J`f8eQ8sJvOZawaO=l0ME<9fHO7ozku}e8L2M5kyOF)}q
zDB`h!@$&4<MOo_Z*47Dfic>~Kj#oam)$hOgQR8Zia3sbl=gyV!p=%a57OUKlLS{=?
zZZ5i*?wuzQZ&HM`{`0h*SLaWn_yz4=c!*F&)uSbS6oOVfSM1Vb=+HnerbSiaq)rB8
zUv$&C{%B2s1)+wFjdd##YCo6#bTs^A)!!=C8pVj?9Ct*?^fouS)50G&erPa`%A`0$
z3gaa#WhfJrdlVQtI8@=#g`I(xv(8o_|4v207v|a2%i#AAT#)2L``vjrkbGe!ZH)Uz
zxOpLYB1=S_)0S=PcKqW6eh+!(csD(93AXdT1qZ5|-8=BaE0?}+RF)Mg3dvI@V(2is
zpRft8kJlmf9&ca3AS`44<nZ^pxaRSlD5D?DrLl*U@!({Icw*gH-Q&Dib!}UxwX0Wn
z6uz*O8pAkKm&g3jx>BkS*3)S!pd1v7E#yNopN80+VJ<OJNcN<PPJz;HSyEb88CuX$
zRd}8LkU=1-4wd$$!U;E;V}-}5NuGBgRsh;mg2w-D)D{!v(k(UxXSrg#xEt;Sy!aK~
zQnE*#n`)Ev`W(P<1hBJA{#PfA$mm&WON5~i<P2i?y<n7(%p?{y(S%2$(iQ`P#~bm*
zcaGKbz0dzgsMz^7-ZT0`VllLsE98PgLjnv=9x?FDWE!`U6#0Cnm=iA%i3=9g7GNzM
zZ+bVWvY-CY+3`eAC*sv?1D?fM)xZiU@#vu<{^1+PMNpw)QcDBuq$J+b63WPQ0i)TW
zeqjb5d8VEv821@|J<5p>qlPSXlQ7D-ws=;sA|SjT{7__@=DqAf=W=qqI_K2~GLs`7
zM~M^Y7kd56sn|z(_+>|NZ%=6;Sv=hTB4G{y8aS5`eq_C$%^X^hFYJP&22-9d)7JFH
zNfR0$p6H2ZoOmV#S|c~qLs^C?{~b<hWw}+Zq|(!{Hkk>Y$Q;w*#RrAQS1ziuM!>0z
zhhkiGGILFw|0l9h)p_$k?3q0%T4wPPmq|;MS&vrvo>(>i30&v2kxsbaoKZ2Q=&S_8
zKQ}Bwn56xAo5Hz=AFwgR_&llf5<1teIl(G<Shyls*iR5<D0dex^|gLTbyXPWrrUIJ
z$N#ilNOgTjQVXETVeiMQgb<u=BJkRSK|wEQC{jRt92vfGJ@yyriLON8Vv9x&Cdq=#
z)$_zXBqV{LtPHSJ9|waj3dL}VBp#qTf-PS}|B_KYrh<b=hDJ+{C3#$;Z0?u|99%AS
zMPh4yP}3rxoq1oOPz(`-2Oc_js-8!^HB5X7LNmrNbc5f#$f;@EZls#Tic}K{d{mOq
zWR{DK;0f2Uxt>YY#=IXj;TaM{NDxmcb{e@WyvT;$(EYE$@k-MYR}Tt*Purb+gS?0b
z>_vJj#qr)k$MOk8pr%6>GOR2QnUHkK&OUxSco2cjo+$~`>d2y)Rxk}G8Wx%R>R)u8
zx8Q04$*PE&2N`4{t$R_33=#Zug<%DH_t)VNC@}iyrJ-FIR`~-GPQ>~FtRL8!f4}=_
zQLziw5o9Y+#j!d#GG90tf9y))yQP$r8TO!VIBIqwB**)NZ+`A$xu$TjF6>a*PgjH=
z)y)@&+#b|vATO9xlj#56m?X+kqkvN<hDW2r@mb7pw(J`G#Al8tq8&N^od@YGjTXyC
zU1cd-ABZlv*^e*pai=dR6AYt0pC-{^`Vt`!U&^KCWDN!5mr_TJ$(_ZHd$YQ62W_P*
zX>7!3TdI)QKOv3^^%)RX95Jf7B30}#lA~J4AU-b|v=;2@uuy1`<<b|{XvPnNX~8t{
z-Mht~TAj({UF*x)umi;A5zwN^O**xJ=zgB+xi1t1Bd2^fFZRJJA(%6=<Y08|2w}&}
z*z`T524_kNU1XL}senumNxqyTgK#pT9hx-`-?tEiv#O#u@&YO9%5hNb{b-!v`(wro
zLow=8tFJD^lg4Sg(Wyg_J0~Wks`RnTQiBX1rNj<Ta`c))bal?B+ADU)L1?tRh}Mqb
z_!QhigdhFH)uO7{W9xw>b*<|hHn!ju6uCA#E)Z-g>vg*MF6HdLHy3{1JS4-f&;QVa
zeM1Kdida4Z5*Rfe8|g@T<4Rqdi7-)5^n!CQ*{B%*8U7;y@U+-f!US#qN1yK`9JgVO
z@Jk*1$#bYbp3?=M_x_V58R$<n0y4SNTz1Qo&&og&ZwzWi%ov0HH3@})PK+-icmw8?
zRK5!7gW>GZ3NvotGYKw*k6v2%2K8_VC);4|ymmATC;!Tna7i-04Lxy*{Y|UItL3)L
zfVuSp@wbPfKEohbOnbi<EOo*;cFh+pxC3r?L=E$sNkPO@*xnofrEe6PgdXc5DUgt{
zr6_eUtN2jAah_@f@L)>_K~+?Aasxrf!>ar|-q`c9nc?+(nKo`gv=BINV_0_lX@{>4
zZsO&t-Ot0%2i&iY?+iR^3fYeHKEEMJM4DLHVVbuui>2oTx^JE{56!Q*FW$$!y~^5=
zRKLU!G?>PLUdI^!P2x;5L-Aau>eH>lNlHCnxlZHYKv!Io)Qusy=@U;;Qzbz(vgEot
zk!&nH{xg+wOkap(qnW#q09CoO5iP1V^{aA7-?LS<MTy|v1}7jEI*xPzT>F3}62uI`
zp_BRGuBQ;B9Upc&n!WBz?s8-nDr6*ap$^>JtkxG_+=L~7uE+|XT`7c2rZ|H@^0Xmd
zRQ9U=1dP^>P{EKbKw32_<RbH|F#x#%4Pm#Dh;~|~yK1`Cup%j88fZ1Czp65MnK!XM
zHy+>4A8<c%2Pr1bCV+Sdz73M8nQxL%w}?*DRPwarXPz|8mFr|KRKUbT!ufF#Cl@Cj
z;WG=WuBXn*M{AoYV!{^k)_4g%)=k8Ed=i^1n}m}Fc*ta}@oNSuT$y?`l&rdGl$9YS
z%>Moa)DHoEIr9XYO?CooqKyd~F;sd&*heiY1QKV{1J8^j)CO#~YF(85T{JKIxTjLf
zLZ%Y)4g_CyEJs*%L^Uh<vG~jt>0P@TV#)In?mS}Yed9N}&{+0VPemE{p3%!#(I%oF
zB#6k}L!8`rDrLHhww5!Szo3hN;Xfvwoz`^U8`*Mon=jjD)SN3*^~6REVZ}FGKlxJ@
zW5Rt&-dyLq0?9&Ky2hJAW=`dDYWl(P&499mvZKQ;L&g*?8BA={l2hJEX&^G~^7~`=
z+@o0rU;T;*Y7DIB0dg45bam{g(@mlccx+p6T4GL6k#=24I6)UkoJ_X;0g8iu!_%nw
ztP6o9^E_zWl>PZX(#bWhiKF<Gxc8-645G(|bA!J8UY^YK3;dpOM`%S2=(3?Jn@I_c
z#wm%;9y+`AX$4=Q2!Xc45)HW?NJOsD90tsK5}5>rpB{Ycgb^qoA?VAB`)W2X$7zbm
z7p@<&)KImIuqx<CXljhcjQ9~~#}j~?4OA7i^G$*)+zi|?xcYBU<%rHhBg<@GQ19$h
zJ9k`8ly_dp#Kk^<@IK+h`I0s?9{NX{QHE<%kIDIN11HfBlEVbB4q);`AsQv1^n3lP
zDXd_?=paN1a{|0dbywh>L~TSvA0mzs7jy~aa0q`APsd4A`;ePsvQbDPgmRr{m6yYV
znP)}?=|CrZu{2e@&{wMAsC4^BnT5MDW-Sx%u}M9cK}-Va@nzna1(w@bCCE^%&dV68
zkaa1KhBwvcj_Z$I(9d9GCdFZk^*%-9lCi<M<=`IcXrn<N*)^@d@Zl&n8Ka!EHradc
zY<3Izkv5^aP`{ICwBs1D7(|>G_Q*^6%W((8V7CF6IuAJ#ln#SVz?T{1#Lvjp?q`A;
zEQ?dyrva(%#)!pq5-t(kh5eWDHX7X{cPTNvnYS76YWsYWUY!gC^EI-xE<CapIPOaZ
z%<Z)~JW3)Y%EdXVk6qao%nOc(HKah$5&sVOWHopCR=ZK2?Ks&V*6v1S4_b`R9jF^X
zzJQKVcXd9j>6Sh&uYCZtiF#>1v$H`wuMJmwMil7w1A|yicE||1+hUUt4wm}G_skAt
z6P6rAHv|{=j2xVS#%Ns+xi`WJjaQ|ng18%%a>wYY_~dcBDU|Tvg#=RdA!S1w9wE&z
zmO<5@;{0vHL4jU6bOivTLG!+_nEtc*XI42DW{<@YcT9fXmSlrp117t<JnVEvY%nN>
zgJ>B5FF1mVnn71NGr>_N=W{p0Qouw2{RY;>+KZizQyw-`E}jL7fqg5dGZqzNa7mTQ
zoIhj*)l-64fHx9s8S9ruo^~iEmwf@5MziUT>B|Z7d~e2KoFC9j>XnAL_svC%i$crX
zAXJ075?JuJ57%A6`A#tFCcZE=r0G^|Y4duS9By*yFQXiLC8nY3{f<5Tq&wsxqT1kA
zp*xeV!@l{jS1oK)AdrvR93o`v29C6d0KMYrnHqL&ri<qIxi1EnL>aZXYH-M>T~KJE
zD^x@UcQuP!Q9E(CDErG8b0*U5Ocr7mw|`_Gr9BlsaF?-sCRK*;T)Cujj#|Tr>Ud?X
zrZ^JTMX`Qqh4%D^z1z@MRCpp#ItO~%N=zywUYT5JkAJ3u;imJ1bJeNN9(q*dB6&l8
zd?o{1q!I{=%bK}p|B+DJ;2(9~%<I3AVy$UW@W$Q5Wv2S9foR&F#p+myva)k`sD8%M
z4mM-a##C&9$UBE7%90==!n<YOdP{AG&LqioW~-$gCJwa6Er1@Yrq~eGX~3*{NI@yn
z+3b|hA4?b1B^2Nv;tK6js0=m_H_J-s#I^FOXHs^GT;FE^*i1@kRIpoS);?{2ABooZ
zIyKg6GL;iuPsK;}g3u)qgHAvT1;%+AQ@UhVWjAO#O&cD0F_>16gy~{Y^wU~dC_SRo
zK98o5S|sbg{2`;A$(BMCl%l;}{m1`Uh2xN<=nkooNZiZq_Vz-eNq);G6z{;0J5yw3
z!u7=zEKt#DnW=);(@h71#N_jHdLCXz$Mjm~fIjXCpFtN;1=X-Q{qnsjQdl0IPnV{l
zXYwZ<)1X~(iYx(sdIOiFggRI5v~Gfz*rWX=FoCw3?mpyul6`!06D&inl{Maql-2N8
z)UO|NMCT3HEYQlIsky*GDjLd?#B^wn%VvelhqDCDzgfa`P-mma+8#oU+xweUSS@nQ
z>53sCN}UF+#ByIl1e2|?`^cu7-@5xrQV=i}0K*Q8P2rK2i$CvTDvzJGCcU2#=n)>v
zd-OiZirTGoFr1$mCn%VSX2Xf6Q`rszeot%eYZhvi!Ui#iVR*hsG}_g6shmnrM1@VG
zGD)s*MA0!S8$;NWL-tkD1zsw=MUm>drp5!iYF!JF$39n7Q%Yg2FiCzExlLPv;Uo7w
zbY?G@FWR@^Rb$&mPI3gKP}f?^(3oiJAK18KHkIC&$)i80#6H)^^ARz(5%Xq*O2}_=
z;G7NIDY59o7Vm111dvf4h2ITw{}-8Gy>SD32S9eXWd&=1-qXUAl@%>H%RNqbd_tv;
z_}^W~gV8n_EdsJ_e(m&md1~5{&S2t0*{k_-bAgY$wut5DyoLgf34X?zX8Ui9i7}sb
zSwr!xg4~`hgo^B^ig(V^!^g|0e#PPe3EG<l-EhXrXV?OyjW2W+0dCE9M(G!8ki^_)
zOX9e*_<9%6Yz5>B%!*JK8fPPOC&kEMoKEO!K?h1kQFf8`DbyJAYE22v&Am>~s5H|!
zp{T4AKieJMZzy-m-=FJW&F<DqqE7@^WZLi&q9EyLBLe0uPhY_d!4(J@o?b)uf||y_
zpoXC^pN*uEa#Fl^y~zP{_yPDpVPsdzQcu)Y4SmZU+sHUl5Z7S1BA?_fVo8!YpXAT|
zu|4IcGzN@!7F}ZMdsZRMWjg4IW#D=BVdHl1<`dt*?&GZLH^%z|?g~*BkTy!G$a@~^
zni1KO1u<E@vMUa63@j-Y0vDtLfvmS8XY}*i(Tt3}&|LJ&o&f5%<s?ESb29PsU{G~9
zfUzgC0G=qcb8%`S(to!R?l8Jl`=gJU)@C^!&xnV!yS2|b$4L+#Fe#$O!e|kR23`Ir
z0qsSBrDV~rjm#eOL)S2!ZlQ}Aw{SO{H|M$|#vDzUo?9FZxcSX>E`42a;Zy9-Nsp~U
zY=erXxvMQ0rKR0?6k{K3dDFJDHULRQtVKPXCp8^83vOCWy?<IVY+|6aQ*Ip;H<p(v
zzC`8cru9E8dFn)9F$cX>T^km^sB=lL$9POQQO725FuYSnWubmCqHKCkN4YCz$84?Y
z(*`$3jM&Pxg2pQ5hnxANX9rkBfT$u^{8oOsP#AKUSc^g5y-GKeG;3Sdm$>w*^qFAi
zi31mGb;?5R*_9MlRgOcO>`P#Gccm*U3cMiVXl)1esjE^JN}nxFFdiA%)zMOIZ8|gq
z!p+Zvmdk#PQZGy@eW`L-JWWJaw&N-Q*BQ08&%Ykl4F#eWccc~KFY37thcuT4yGUFr
zM8eC^#S@S3FL&}W``ta<UI<%ycRBZoY|-T_Qm1eh8C8KVXlA4)t1_xWG9qp`%?Zv8
zlG9_l6p~oKo**lF(GUoZ8O{%vx=w!Jl++bt3gm|5R3U_#+oY!<y9Q3(S0X>&Nz!NM
zT8om0j3n{;QKUz@B>lXkhb{pT>zGaDNV}UBU{+IqD#@i#zh(Dlx~0!4>YD>QLfo4;
z_h_y*t+A}75z#XwY#}%()0sVA@Obid{1h;f^RYPtoLCEyg_5*GQ56Arq1%!e{!V%6
z3Y{=$*uZ#Ar<E_c4^!m}!csjUu|hPHmoaXae5*|jrh(mj8UU-=6`D(Si|w;xzL@%)
zwTG5ahiX;w$nmihNFL{I2?LU%6YA8ZJT^_66Q+!hLJlFmUihYltyF2(@Q*wWYMi5*
zQ|bppOEJda1Wo}#+TGIkq^oTXjYc`rW%6zNib_CTy+(RJ#6}!#T%M)>+46skYiZA1
zpkL)B5<61UeQ?&AWVZ}fe=u?TK~zZSOJs(B;%igB8;5x2g(rNxQ$1)7PnGsHawNjV
zAh>&mb{SNRF0>F0Bt)c3dL^0<spmdBjYyZoOqQT%V^_5|(28f{&3tu=ptMIJu|N7U
zrLwx}JEOHw*5^gep?h9;xW`x=UOD@J+I#0eNuF(8xNY0EZQHh{ZQItgZQC}dZTGZo
zThqKfd!PHBeZTj-|G~{4sy>;y)>A7NBB~-P;`v2av%^zlAZe{&y;@c!*vL+`^kBEq
z8OJZd&7ujD3E3OKstU_vuseM79Em2Esa@fhiDZwHugq7}9MR&=fK#$ipLnf2l7>s+
zOxAHX0Yf`Tr8ZpA(2uIA7nJ3GsiTy!*5Io|W39y14~?6*=L1a{o^c|hUgqwjR98m&
z-Zo`um`MdQt7LE*5YBnGXX2=n6kBoHTqIQ+zA=6-O(eORR2(sSLX~XM@}p|qP$3!L
zK-r4;-U%_1{UKJvQ&(|k&65H?%~C3_S&6=LKsm*bOvVvM6Ts5-TFbLBM~9u39czpF
z3Q~l)uy%Jvx-x-038+vHRRmj2S2c^Mmnj(7>!LbS{AO(BLQ-#_D8sz2OQeltk<@^j
zp`hI#^Br1^fGe+7TlH97>ls@?T8mbDiC$QEofeV=W7On$$h6&y3{^ot11AKH*{kp8
z`p=z2a%7KpJUDp~<KOHMfu+lXXgis!H7LcEl3%6uhC@^`heS88yhY4S!R~BD`oHU#
zlVNG|yca)4i!$Qxw9y%S3ln43^Zy_=W2<HBO64#n&L2#Zh%Cr7H)@(nFs4ZDnL4lE
zO<k@(+v#=F_rAatyU*uJ2I$yuJr%&)nOIqC0^Pm79OnLrUSU16DL@ZN>9g>X+q$Ef
z(v|sa%Tw37hA@%$Zuf5aNCB#M-x_NUc_-coEBaDP0a-F#1x{vr^4|iI6=MsPCbQUz
zCj!P3N|*00mk%Et`VoMxJZ7%CT!_Xs{xtS+oCOTwatC;Qax_go1V9g?9T5xiRn5xE
zzxhiq@lBL`1VI)TJRLu!V!!Oj95#@L7$w(dv_3TShuTHCrY>(`0X*$8X_-@SIH=wd
z7)1f`NB2?(6kl_tBy7zfZ;=(MWbLTy-BGQ^^7vB_Ne=-o(fq~D>i(}6_qQ%VL+5o{
zv=17KBa<dOUIm1C-kz@EwEOFQBxn?xGu6kgSt6wTDjva36;f=Av)k;p4u#mZYdi)w
zo;K}E;0P!R>S$&nD5=ZGluClkU*oH^fI7~3XI-5@+VyhyC=`T1_Kj6q#Xod(DLb9Q
zw&37ah=u6oKxw<=0%zYrH;y&n`>Gd=M3PU2l8_7dV+xVyQrChE+D7dED6r5fMCay&
zMKMb5$6~<<At0e!6r6-PhF4=?$*SiQfsOs5)qeRQ;OkPC$6MFR?*!V<eyD1+WN}O=
zP@F2%A@xa?9YWrgCz6&0q`!Xs%P`9>AlDi&DUS+XX*t9_#SkVx{n=Oy$?GS4q+{WL
zOT9?3+Z`z}V|2~$j`ony8XaBWu*Wn{5~OrCEe_qrmk{5RhyvV1nO@ODyP6s7ZVK+L
z{nK_bowwi|D(WrZxoUic#u*VLG$bAHr^C+n&&YC&CcV?SOd?!Ly0-ct4P(vu)h>PP
zK#+(%csk4bSldW{|0y!Zjsi2h?VT&Ds?68bIfS7t#0L)9M6CyaP{>IP9NH6&-M4)3
zsA7FLhGhl$wGMy-O$1kr*FBLkH9TCP^;3r?1Y@k)z~wy;5eoR8$aE2&hkCCk=hkN>
zUZ0tG*}cMqedHgg<2zY5dGylkQ?<e+m(o7gOsJs)13)=*uYf$PToS1dPN>`roUiqI
zc(!-`)nvz@QVcz*{<0F;p(XLDR9t~o0&`{?q<WAD>ZA@0`P(u%-Ose%#(LXCl+yet
zD?Ze=H&8f?QBr&UfK5__ThK;K!68hm*}!uv!u{XlT?z0BBIn^Q>{cb(w#6hdtdh-$
zq-)_r?;YlQ^#ZaOK@Nx+p5Ak7Mn@=L-5pOYa941ewBW>xB&;J|iTQkpaG}z%?~ZFb
z00h*y>ukj6aJV=c(kDs$=W{WNOyj>Y?XwUac!)xzfVx+>+@JF=oZytMINemVX%IG4
zco<%5*?jzPJD^HX&AdI@x}4doxD1DLIG52h6iP6d?BB6avup2C2*Q7w{gU5btda#o
zZ(Je<=~?tL#4S5n8Rumk4uZxbiYWmRoXl?E%roxmri)wRbY2+M(b63mt!3Dil1kNB
zes~9!rRf&+VcM8{^bQi5=q5+43Y2lCh1;fuCh`QE>?p#~S{a%h+Mt!}D%jNH&mXUR
zWC6pMjNrG$nRZ+nCC=*s^nkkz!CZhM$Agus=U;JbQ>KqhJH2-RUP6Ekab+CF5T{{r
zfltdtDA!EYjs)tLq;^ZF$emtB{(y=r9!`tusxmsRBDFv;!ydB4AAQw7H*M<QwFvtY
znlBIOccu|WO#IWG9AEP|JXo?;U!Dy5N>6~d5Q7}ju%CH<G;5VaP-9Z&wzvu~*1ox>
zt{trnHlW%E&mDpR(s=ObhC2bFOkV|ipH<T5544U3UC_%(q~)tK%Ipu&HF|YG8k!f`
z^RPSl^k{mh*aGo_-@oRqwI;I0@vc^>-<3R*B+F8Rm;qx!^rDMJ%92)sd1S{!$Rgib
z91}@H-hD37oNp(WafRezu~vW=Ln+t?rID0S5~jHElQ#1Rw3xO?Y1cl0J?$exZv-nX
zK<S16mu%k^U_kBwd>p}UAV)+x+y^N2K{B4(D(PuhhE%+9F|i>FgOG_9i^9a}faRCb
zyn67KQZol|VaTOno4WesA|zslgmfHW0wI}HcndjXns7RRss>OESr9Rbig{?^)Buzw
z03DE$5=QI-O-)Eq!*JIK9w<C-QM#KV`zb}gs9bC1=)6r0WE{G)S>5H98Z>$MA8sP7
zw}l2n_#C5@jbhOmcpb*jg_kiz+7d--j6jSwI=Tc!p=S79_+rlFGIzDKqj`p^MZID_
z^mz#abQ-5H5)JdQWcH)=`5O03k9zeV=J09Ac0EzB0J9Hy%~HexY9<%EZR%iPj%kow
zLr~r18&)Ldg&L3jRi(&<qCzD|T%o#s=LEr4C0E@7GUt9VY`|h?iYl+@#~0ruELZXM
zWk?c^uJAS(@qz)*LveE4S?9!5u<p4m?cIy>U*0Z7`)xVownP!$)0NN7Ig?XKt9FLE
z1|x=1kLs7a8d`0`P~w_o`Md0R7yf~}%d}R)ya0%P#A5kP@?qKD`N-@uYtQ%CkzW7X
zkOpahan5r?J~B*B)h7XmfL42c`Oq-=BZR`s(3PCkXkHS}j34019-rBMXHr<rRO1rD
z{WstnSE_Jp;pOaTtj~j9FLk#6@&yh-a_?xNs$V)oq*eE<6uOYpi)(EqnGFgMLo%kL
zX|vwdC9(Osr1~4lkg9{XUT@_K_=DwODI3m5(z1et11Ja%lAwJNV>=N+DKYMYv(dw3
zlrc>8haRHni}C{|x&<;!+{V%YQ?x~b1tDiuJnQ%oOE~lF{p6cvJuR{1PF@)DtQvVr
zT!c@5z-c;#E`S{L<(S~j5%M0$0$~`H6@`^PG|-ZJ(or6^5~t$?N3lTWJJvpP98ce^
zJx74p8e`~6$!~8Dz5rVQYRC>$TYGXu9m_r!nS`<52LjKC)JEQ@%#Q4cFKTt(4+z@0
zSaMBJ>O8>+vAR=3yU@qF*HE`hrzN$taq)C;4^aM>jfc2&6d-=?I>|s*5`;C|R5PgD
z>fvvX#jL~5&o5tAoHb9<(36(M$LRw`+<m0o`&7(-Dl7uwWI(8kqxr}aXqGnRWJ^X=
z9k3~zIZFC1Q0OJQJEUsSps#%CYokG}EJ=1L#{kTEeu@xz5sBD-jD7zxsa*`(m^7|0
z_gK|d(~M6z`vQz@%n#LAqgHMoQm(VU{u%rRvK;gLqV2$GnI@4j2cn6LH8r2K^vA4K
z2yq)e#MyAg9;;8Ls{6?#Ndbf|N5k<_^Gh1=M|U#^9Dtcs{cd}|pLB?!4?RduO6EwO
z>B)Vm+7O`1DpDaw-{GtfDUb2nJ7&6bC*XO+SN7E}Xy+*d%Xpryu>IxGC8&J?#uCLW
zAT7Nj1DEdapPTtEYlB37s=l9I!TMp*zdZ64W1H(`xmXZoe^0x?WjRjFSP(*O;%CxI
zdQ2H0V@~p2vU<)A02TTa6Zs~98`Hw|RNbfAt$~tUphu`=Z4|KdCQ+r~+COqevh#Qr
zvmT#wh=&E)&naAV<Gqks_OU!28lk?c+R50(`CDPU71l*VKcPuq#fJ5pd5L<!enwjY
z`1UdJNz8ddf-NkKK0_|6*wX10>R4>e!!Va5Y415W^8$l0EZ#3dGK{tt;pUvQAlxN^
zzyVUH$G}Z>7ONQVnI6FG#lW1daGoOEX~b|7hYZZxsf*AHfzz$s`tOj!ig(B7IxVLU
zOQ+*pbqB*0Sa__%y9hxFXB%i$LaX0$5A_L36NfY>K2b=f!Ibx@^%<P*K5B;f&`ofL
zQN|r*0Tpk?vQR;Xd~J{r5NMH>MDtg3G93T|Zbe??TnHH(Ap1v>bw3&DF<D6%BtZyV
zW{Bkbm5hw;+6Ldhnax;nGe+c?G#f!-i6<hNk3qIrL8u;Dd*u6o-G@tOW;e2Ds@?69
zn4iC+JTe+x`H&0!q15HMz9lk)aE6p-E@v_|X|#{;PCg4Zj>>9x`_vHJEu?C`5?_MX
z_11(jl;PyU3{CBjt;G`bML93Uq9prSObDM!+=pIfI|u19M0V<Emc5xGiODH-$joc?
z(R`*DB2}s{G=?tp#Uq$f1gR2~SjcV&$jVlu<DVfkz`M@Na%8ekaTF*N`@I%V|LGRJ
z83T&Se`X;@G;<hR=#U#N@(Wd?Jv?p|<`#k}RJ|Fs@yv6n3CRc8Ot{V<lB;6IdRb;~
z1V+W(+EFmfAXSVX_O+>RYmbHS!(4U-Ri0F>bx$<V8WEg5&@Od-bzq23a09u-+hupU
zyIX&cAu9a9@2-;E?_z)<x~u(0BnNrS$bODM$-gLBG=;33ZR~gM(kt?|m}}7RdaV;g
zB}Ibk1);08UYi6_)Ros3@vbKUkGP$wK$l=>04qF{x@djInm@1JTQOs^&NM@PJu%Z*
zF8EX6LZ{7%4>oPz<ObA~9k#F=0;yu367J3sP5)>8;pM4&<hnLbiUk~q(OP2Onf=M4
zP`-%JAKAC8x9gCv^L_H_MRHSa^dD2(tLUd6!kM68c))`7jn<BwzhZvss9ezbQeOVN
zI~u*>FhR_-=ry`-t!({+cMBwofGEt+2y3q|qLi_+gDAYO)m-q(?kw1ta0CfTnb#eh
zfBeGnH3Up4P@vm40wHCrs{FQFHAILYNUV&4NwLed@^RRO6AtG9t~<d>IZ=oHk<Ady
znR|v}JuyH_>3k0VkhinNFc(iLA8<Fd7L<eFKu7(~I3V=4E<GYFg6hCr*cv$|F*-dL
zMjfX2b*Q^TQ(3QwLjr{4sYu(wsKI6vb0*d`f3Y?gY4179sA9m$=oPS?Km?n5dsJv2
z%OJ*1$W3e-7%Jybj|4(k5-~Wo%o^DZ#mKN#=&?tuXTUy>KImInYK0y<*1Xk6r<x+c
zshuq4CqPS^DBaXHL)<ri$yDFqva8)ciyEJQUPF}GGs`j8uNOd8`>?n0Xh;<)P{-Z5
z1y6&jkbk*=AtNAA!`vNKu6IE!>sSb}L$FvM9bv2!dxp5>W{wmlHv~UJ;V6@Nn>Yjv
z9=1%B41cF1I)}kDr6gmqHnte7Ks_A+6+Iu%QkW8Tx|kPmueYrhINbXpOI{$q9PR~f
z(URvfloAn25w2kJN?A8bG$Bbx%^^8h>O=g!{8rm-Gl(IpG0V9vU6cuPVwa&+L=UO_
zZ7Q=V)Y2BD1eC@S#Otdj`7JFna}%wQeMko*es~Ay_jNx=VkQODhDxAvsp;AYE)<uG
zmR8l*+<3H4OULSyr-!WbTBKlHNgvaumOm~Uy-IGVG>Fmx8*!W*V<ao79cKJ2E9-1e
z6=`%jl`V+%cKH2KsKJ~jwl`#HH!(Mij>Mk(VFgB{!e`MS-_m<z3Nb5jK@VZP%5M;4
z&e*_=gohmlBJI%gvw8`At1Q9u(HG#@fXXi*Ycu44=q#vJq2|`#&m)7}wyO14b)$ZL
zBfday15oF)-H<*}{_KU|J!lEEaMVpNd%6vtmz4A)LHie3DE?zq`HISeloMnSN{KqX
z>?3hw$B~~7yQV^4*qH*A_r)7B4(&xey4P38_}ooPMisSt(_1c)t{(jLr-k-6+8O}P
znOpUpRNg}<(TJy75B7Lt(o9xy@Mu9ltllW|xiu-tf2mKVD}J3meV#c8B)8U&h3HWY
zZ(#vKo&TDc4>?c3q7D-z_?iG*2HObegn)q={?W#_M4YXUc}>4;T$4OBAXjRVt42q2
z&`*P!LjZK)7N!aTyFoiZq8R}A`$#XGZZ14^+e#srAG$VkB~MYq?GOnCqT7I|;Jm1g
z5ZelECAAhYe7v5WQDaZxge1;+2c~Ei12@(|L#J`mz*GLiyH}z-$)w^HUf^(U08w|i
z85T_#e_yYmNOf?O@Y9{wnX`Y{Za8-_g3J!=Tu{wk1IZBE4Ytav8v$e9hh9~dsAA2<
zQv}od<LF+!P>z$)XAd@u+IYHh<qvoJzH1zq8v>^YkbP+#)<F&-<G6XUjd4H3LWpd@
zQWu|R7YoL<v~RSXAw=(xy7DlcH+DGUdYJLe)orV(P;lKz!JiL&yLrf{Eee{gs`+)e
z>d3wL&T5=0|EX3OXfG18>6I@=H`Z<kQuZ4>f-k|=7X(hR7(NgMF(yNT6xgv<UOKVD
z`0C~=&8Q-m_iJTUlFrrIw`lPe|Eal@2fo+(RpWY%tOVS>ik~r)<mR7XU!f3i_WipI
zw2S_;tuU5IpxZ24BwJ&p!9Mz?BX??(kNr#;)=e1@Q(v5~7_rPXEfdlqmQoKW#>oi!
z8LHmApd@qG&&T|*TJL5wCZo<2&AHA=N@Tt42OqSJ^@zLlY8BZE2arMmv1+qu@M82S
zsW_AEV3y6KgJ)!~_HXv$mPMr-01KFuOMj9R69DDKbL1&N2YNhG5Mb~9H_IDr!^-7(
zN(kh<gn@MK#TU=>+-|VEFy&tXY4g>*giiWwDSZ24)6nKAZRBgur4_aUX}~$4l7MV3
zm^d3D1odsF$43Gwq$r4{<1ajUFpq|p@qM+FnbH~FrRf2dE$5kTFrd$cU;y&n3fR$H
z>u+tWt}Kpc6WvMYi!lHLo+fHACeaiMZFBH;Iv2f}=HzdSb+TlzHbkXRt>C~EM(@R$
zkk7TNJriK$qF=R-I@h^i3oAh1>*SrUs(w?Zn9`V#mGq_zpY%H)1Zv*a#e2SWM#0H&
z{d}hhef01^g4X+;J{gh4abE-u2kjDG<^dd>M)N>VpRP6Z$qWa9h>rh~l{0Qxcl&<3
zVfjQ<8b$b+w$0306VW^h9mQbn3&}-p-Y%ayW<<2F;>^Dowimvn^G<^dH_-Bo#ZhX0
zbR$X*JeD{GrUi3|2l$}GjCT<+DbaAhxl`S*=Fx!MPpR``30)a)8LE0KP3hX@12KMr
zRn2>E?ivEQ3vGuRH$SzWD39G<-0tkYgX4>HahFP-afHzZgQYn@jJ@zlkKr_YzpF{p
zy)6!Vj@y{&G0IL76Z&S>t5V5ho=ht^0OE(;W%0{3Qm)K&X#Mo@dp%IINyn0}3YaHf
zJU9Zy!BM%tC~O#(!oYAoh=FK7lI7P;<1{}iWe(ouhl>uHy#$m8MuH~`c16oh^v{x4
z89hpH6bmM0IO}ig902;WDsJnqIo%cyDa7$Ma>8%j27`{TIwt&LbEx1I8m<gYB6cd7
zK)HgNFuV~OZMVT}a!{hmt}u65V&uSX6w;@EWk^u36;Z4*Qw>`J0FqZcmXkMn?i<)j
zQByBvx`c$xTDl;&9<Tm6Ph>auaqT1D*uX}za$ufnHf^4DDKS4?aEy+r>OrU40mY_(
zvi#l&@(2OXei;S<#IGy82jL=*PaOcrr61-3p@{SZ9Acgpi1;-MYX@-(<;ZhR?$ZI;
z;!%g`G-n^CLdbl75K5m@BhCo9q8UvQcVn$;oz;TPJ=|flVA5Cc=V~RjN{ha_i)=c7
z2a12C$Lj_=iNbr*zA8nt?zz}NkjTCYgyvN*GB^}gnF&Jj{Pf74l_Poo>95;jzW_F;
zS`t@ofpX}C&$Mz};Nu4-u2)N&ZhK*)B4kD8J)SmhQ!ar6OuEbA5wnPdkjEp!&^(S^
zH8GSJa8gVT!P*@AwDSE|9>n6)I6dS%1Sb*H>XPf@r5k*9{ri!^pUQ1)U@1XZ<BFv^
zbt|-N80p&$59C+q{PT&<aZ6rH0X`T|uS-#qB~z_HGUK9HFX-20z$x74Y;6Js?_O?-
zFM)09Zq(doMi9t*l1&@&4WwVE@EW5xTZuy@B2`fx?}`{hlQVa8Yw`=r9#MpD@vdyf
zNa@<G&<jrxOGi$s2FMy$sA`CIBw-w#hL`biiA4><0qX`Su0t&Wp++8jm2F9^qKUSI
z4^Ahax!JwCJ83x-5KQ^4F4xI6k9DY?>L{WY>0AXxYLo{fo7kE)YfRZ9I#{jBgAR~)
z%7<|IHY%oszG9Guwe72|zkTct9Y%3|?;tsO08hRLWB5@!=Tzzk{dEk677MW&bG%_$
zLpk;sI1N2b(JzfUZ=Sc6wuJVqo=(eI=x@jWARB(cZp8jd%hpuyMS#~&T6SM!DdmWS
zLCQ+yPvHPXXOkPxFGt&RyU{<^T|s3u!!qO5zmH$CiU8x-HC^7M;_tdufc)M%7b8L-
zeko(5=h${}T;tQ#XUyFaHM^IDbp3t*&ri50U9n*df2nlh)U`Qm(qI}UJwsZK)N}6c
zStA`a_MW|F=F93FkSHKPh#1n$jjdPusrkc56-Z2Vd03yxeAbnRoITz<XNSlWkQ?Ea
z$OeOK!_4TWKiMG!7Z$R<kWPSJKXIG!Z46UcBtAT@7!c>lh=!rt+a=P5t~^1<1fGVS
z5CB#6u{Ke?eBdO|pD8*J_g0^^ZX0WKcP<XzH`f>TPpNP@<=_;MjOF9?y}9iLGsyll
zMC^?VnjE=$);HcC+j-)Sxd&7buYP39%gSUrJYAVm)5S4)`=|3Qd_v@>kmp<Nr|-s`
zVP`;fF3a7=E^DjsRRLovQZ%f*Z#v|^><BCK&^Zxhws8^}C_~u~fpUnj>7T_<RuMJn
z-!p2PfGJ&bAX?9Rs7~f2oxJe_U2haLRfGGEFy{1lu%CIT19rAW;meB#H|(C14yDA$
zQNLDYT|#_eH*I|W$(i%3{(_#(NLmiS>6+f2FGh~IG1tMEH8rg=A+S>jPA`8oLjz|b
zK4v}jH4(Xfh`7HSyVjTvnE_}7<J%Y*eduu|2ECZ`nm|Nk>~yFa5;``yK&$gd41kX+
z@UOZGo+LEo*C5jKT;?W0Pg4WLBNOg->`PBRPaeSzi<v)s1(t(66S`4ch-&#jzxq9(
zrl=Fqb?!0&Tw>wm4f_<4zE<Qn7N=kY`~g}}h8nS;Krf`7mhUq%f~`WPJ58^uRR~Nb
z+fS_@4(~#BN>Na@tzX1vx?t!9E`%teW<yXmPyBZGaU@juk%}x7Ev4xE>sEM)KI-`+
zqaB(?PthL(EcitKQIgG6F&mVqyt<m<YLA``U5W{nT*MB@AOQd<h2rWbUN<8yKlYv5
zhoIzrl*MF4_PVX(rX>&KbE`<D1<5YT6FYpSmiT#uZ27W3ahG^=sG3awpG)xYxPTGt
zqti@-dIz)I7CF_$n%H3+?MhSTB4RAu$+W2jJX1AO29Nn8aie|OLu19<yb3#~*Dy0?
zhU<DC^F)R+or}3!1a|d$)!3|c1q#gucq;*dE6Zb6mOFKwA4e<U=%ss!B||22J}=Lg
zLCLiwgxVX8+k~h#jwGxv0OF+!Ur`t+L14oiG-RH$q8ZJZkFUdZA7q$p{wR#<BZ&%6
ztc@HIlE^BU1Ds;AKqmnAe&@?s*%kg8XD817>O)3M_6{Y@{NgOsL{vj_fb~$(yZ|N|
zo9Y<V#wf?HA4&H{Q?1zgu9d~?Imhx{Uwp>SMxpv65CtfG?>nSeZPryRd#NzD9~M|n
zd;8u2<IF5YS@?y?P<1i`oI9QzdZPIm?ui|qSvG1VxuGW-QIOAAn`w-fzn2IMO4&dL
zsX&)ve>J7K0J}1ktRI`Xnbp|sr+IFX7EInegUV3W#QteRxucr+vGPUa(Qr7Ku&nsF
zWZ9&uOmUnO>?dLa^ol6@YuA*+d#+C+9zkV&JSDLukY~<Vgfx0=E#h-8-7D@SEn58N
z?^hY;BOakJT4T3|Rq|uf^D9s}iUSDp`QnJ$;LtUD7LqxEB!6G^_+RJn#tX?oGnKmB
zzaDhPwcJKXqz8aM*lUDQHZGaB^6EW9mL7^SQ4<s-#Mt?h{ey-J?;iatvHMNv66))r
zEX%SIe^G2l#Zd!s6i@iBu0a-koGx<l<2PRFRC&-&2*0usJWJt@D|eNtdfiqLnou)4
zpmdlcmB|;mZfMxQ6oNG{lx5bzMnnlrbyE_7kv%{Ut^l}BFKN?w|2g>JKDe2Ck00;1
zI?cvnmuKi~a*4cQIlC*nB$9mquh<5V0B)jZQx8kHXcOsVnURp~&0H<Tb#+uB=5nSN
zOau@FJ{_4fgVxL0FA%q3P4U(l&7THub+{K*Wb<m{J`w!out0RIAYv2WK%#=EPfb6F
zS|_yo3)>%c5U4hUad4^33lPMF>En6BqOL2lwUH5!OWU7(pF$j)O78Xqu|iqurmvHF
zc-uG-T4$>QB$LkHA`6~ru})XYO^}%$#;gsw$EIrO4*JGkfVFJ#=T=#K{@e$@ck`S?
z7lv%hevkXsI&ARvs&0-@4Sw>4UkL3PtTnQEe*#l)Ikm>JtV3OwVKPCSWmvf-llqhG
z5z8rPaDK7}eSRFW`8ee^;!hMwTkB{DST3K0yNM|%1QNrXHdX_>V$eN%&PQhC2VR<+
z&JCJg|9gMh2B1}cCrnCEd>^(?#e7lV!!hYkJH4k2%ariVNSF^!QkBSDw&Wh8wEL)^
zFn2E{6ctYzt!wyF0iiFW-a*Q!4vK!Zd?j@UM?4G`=?#UxbW-YJ$St>@f0lJm$4JZ<
zd3NcJOQ&F8q(jFw(Cw821lUnBd8If&)z4R%iafV_2W(jsMV~;>rWmvF=@1cn?I%jw
zmCX6rcPV*IAy3ftpuBv1n;;;S*|Yt!F)8%cMT2ZKMop+NR6m+2jygGn$zd>I30W0C
zyWUl|xObxo?uu|bud7V>L3t#xeL_A)c<-q#F7zZ9>j5Pa%(dDvtm94un8s3B*Wxkv
zn_jD$zzIBDDhlNRE_kpQFP0m@`>~CWj5dNCn5jV5W?<~AA(xbxv%ZK5{nNoGf0_sO
zSv~cxRl4f3neV-;QE~b<%&8QhIXiX#`iObM9q7cq=nbgi#nK9V4kMHJMWYDAcIAxy
z<3~PF&FY@JNp17-+Cr2m7@Hcx4mq!aF*lIhuj&l_zGZD8(D3TXJ}n#KKxkZEpS`@a
z{x-TI{g)m5{$x5enQOi_5-CUVjsv74wB&%=KDA6z=M)d{<aU-~mxzI${i}`6rFK#7
zjJ1x!JDd8BStUzkNYoA4EWcj?(2C?Y6PS4f{B+y<tMXrbT$f;r=Iby)u+QY<z<F<Z
zF)6%{pgj{@?b)9S$Wf__JV~XDed*FyY=X7%mlkG0+7~U2bSWCnUrr6~Zwr#k5_p^P
zFLECK#aVdor2dzOHRHsfivT4qpO@CR?-!df5?l2`qa~Yo`Z$+RMMnlV(@$*mePp*@
z&@HQRc`!<HhxUytMwca0cJ1UNO4qE)3p5-B4anT;Snqj|kr`U0XQ`l})uaQ00v0cq
z&KAd3x?duzf!P(9U(I7zaHRE{LVzC^QxSAK*s{!m?y4>;y4l4#y#hov4bFLEK)YBr
z`ozc!P#yhuZBmJVtfUJ>l$|o5NE=N>ODRXGkcCGCOIz;-zQEw_XcG!?MB|9BBqn+O
zG+6l~9KVO9z`6H_MkwmtY0CjqIms%rhrpaAl0#V{&BDfJGu0^bEYOdEK7L)W_XjHU
z+I~(Kab^g#o}v(-nIB>-ex0tg5%(}tZ;(=7m$s>=#M20kxoD^UOk^aa#yYD04H<c>
zNm#|1VGwV%^@JX1yO0Z()(wqy%Lb-ISv?v521O-v<n4Z31YDD=nP2nN@{1jPw-Uz8
zyUk@w+)qo&o%lGWpRTIiLd!zGl`vzOXK`jLuG%@){8Wuv&3HE*%|fMJ>6Ufo0)tuX
zr2JSfi_0#kS0r7RxSt)pw}BeKzq!9$1@}PV7gJ63sZ(@e2xkuthzUqN^Y0}1Xt8(_
z0-(2h)3-4s{;;&Zi-$Sr>5V#~gP=9={L!h0CJX|@7H_s2v2|8M;{x3|q95>LBM2FM
z-8?QC{cAN0c<MtY#%pAfK`j!aQ2xwU^?PuQPlcu$`PR<ACTPz`3sz(lSL$%Q+qz6Q
z>A>O!e^r@Q9!#IozvXgzY?mj%>}6YwT!}zBZG$h7CmR~JN4UJT1c}Ds&g@LD+v+1o
zI!Jk+{Pw}LZZ!HMee1tJhB@CT5k8hRKaaxP^`}nd0Yrwi@w8J2Zj*@UJrqn4$C-%w
zaYaeGoi@?0Kq$WLj)xS#nC=}e1oRxB9%5%!PPCR?e_7vY*heI@ri_Pa|8WXc+N~JM
zkaX#4an5l~TE?`;i^|<vMp)O<^(P9!ttqIZvf19N?+u`<&?p|54>U_oB=_@RbapD6
zcbgz)JESyFtNwf>pWB6Pe40(_LZ|7>7Q~pNBo&I$$N+vgg4)}3!`EZds4d5q3Ncy^
zh;$V#OQ%BXT@+k5CVn0s{2?@hA%?%B#Oo)#0H+1s1=wK@P?R>$k1ky2kgi5V4L+b8
z4@-IOd<!o7OWq4YC>-;AfA*EvgoKzkeAaE<K?z9+_GH9HoiFXIraQE&(mMcZl<~YM
z+uxep^j#>?L2hx~KbQR-TZm($dPTc2!kadAepsij*Y*+srPB$$kE*&I`_d$pai@9u
z+UvkoGxzGaL3+PGpq&jnxdqw<aHFA`zfzZSrTVKWz9BU$KvC-AW^Egh{<3bdC$U(;
z#iPLrzDE^JX3T8EF2INl5xG21@$6o}{+fIRhL2!nDS(oOj3$z4w5<zi#YqiU(rX7o
z?um-5<cq4vB5TO%;q!x6g=m3Iccaa3h4;;5<5IH4o&-P{@jfb*aB0JgaGN<sV_IA7
zR2|$j`vOboq|mY{<rg=9@jw3H`S3ecagr1-QT5|!34Ohf=UvRbYJjLY$oYXu)v+-0
zW7B0^qrHv&!^Ju`wH}E+U8LK2!b7q>Kv?JU=6dEw)Y6;1!>8qy8TgB4xE?;tXHTz{
zW`^C?a?PgBgPoh(^VbXh|G1$ikTJzj94Y`neaipup1n+e_mj^`l#X2|Kp44Be#J$2
z#@Oe{Xx^);m=fF6{=IyayyFnnKLC1X`TKgSzEMtXoK$N9jOW)i{{T$mThN>_I3I->
z^mt+tQr&#=cn$RH{fHw&F^PzQbbfY7ARgiD+n*8m#_sz}1z?dt5Ns%|k(GleP|YAj
zLI+rltnw^&qP^N5jkE3uCaq)UDaEJ3nE5okh>m{H1FFdhb@q-{zlM<qgU}E^;F~Rl
z<eBf#vJib6ZNTQ!!4Rp7Re4+$q@pHsmzF&0=P{lGVuMM*W9>q}*U5bEbt@$%c^z13
z7-;Nz_lN79+jS(EC$VO~7ji&+azL&bvMaCQxqWcNOwBa_b{jG?%iz-Ck9XyG;HT`5
zT)?L;n|bMlnUBJI&2okT8<jy})!7*yze%yIhCfx6c|V|@cBj(b9j3ig3uM*UFqP-g
zPR841J8vLEl#Rh=3D%VefjV({{Fgv|27m9m)!sGe+&Ht~`eig}UC=zaZa~v_o_(H;
zNrAZAziKAe4_gJdmIX^$yL4fcjyb0l3+Lpoogc8begRqPif;ri)ui0rwfPg&x6K`r
z2;+Z#@521`^{;>@>0ZX*u)}#L|AI$|E&2n41I)eZgD{{;(CZksGD>RaXDmO%5@|R$
z;Mb{Jq&1Kt(K2Z1^ZGRM_V&C?zuoKo`LOKw`MmI>*Vi21_w{L;-p@C&*O$}#<uteD
z>+Ugi`^(4Y>*?`h=DOE+<zs{YTR~OyhlpB@cjDLAXV=@q?e$D9pRaCx<q(!(uVxkT
zlVyFtO6JfL{6*oz``pK;_jB#5@aN|RH#sej?_!_Jw4wMiXJq!?bhOa%@I0qk_I6Q-
z`0;d&6Iy56v}Tn}ER;+uJ&#Ac&qE<6wBEDy^5(!Btjfl<C$RlO@aLGhx2v%pyfk_X
zV?)%kx`n}cGw?RR1|E;|t_DN=s3S72FmgZy{ttizKv$}?6O;@ItsOETdu(6*0;fI^
zq6t}NI9U)X-z4q2L`7f9v=gL%2{h<$lYym`T~hI>1-Hi+Q9c^@)|}$vNo~rriHuoW
zg$UTA8eE3v+O2`HqvmD5+^gB2&{JitoE=@0Yikx?@qA*lthRFggm2ngS)Xc@ZvjHT
z%ub|82bVJSqjtZkgg7U@2NYXh5sQIm41YZZKOwlUMcsIbgd&H3I65o^w@eO&mb05Z
zSn=iKn++`NZOLTL#iQW3I1SKpuH)3WIi`p0YK$EV42|ihiY`y|Pe@yV!uz7?&o2aM
z<#QP*2%72(H1f0986el*eE(#rshVFo+DXvv5=;yN8PU6WS4WJoF1E2Rg*sU=r63zi
zCg}}Aer`cx!BWp_a=Qkz3s0a}l`emuYJKA@vmt3|ILT=X)VsN)r<(jo&daZ^n&0ZZ
z7fAGaT2j7!|2X<Xt}O_6b(}|G(`zlSBUt<5iYjM~`sS*zCSR-HGRFHep?hy#lp`ys
z+-{kh$9FZSJut%Vy4(((1xH=Y;yQ?x#e<-)L*2U*BCJKqr*mu9pc2>#G`XmIyQ@{+
z`k<jb{)dZzb4E~}^wCb4@gvnFcyHbuFlcemj0z&DqN7TKCt?g<Sxa9wRUUW?g3{QT
zc*bvNtTm_<2OYdOFj+i_B%I>I435fWHY9D$2Z?Wxs);gtrkcHEOa-pjU`$0MQgIUp
zvETuRWV)FXT)f^338W)M%{;~3LA6^XSPER9B#|VMF-6T{#NAo7Q?BSOgGN**P}FTc
z+a4dSn5M0_6Qw<MMW)TPBZ53@IJJh?c+<y!#U|Uk1WGnX!hKEsf7^%)nn%tA{+wK;
z7xHHZouvVlBHR04=su*C=-=oTYPD|e?+wW5L2nUu=-)Yp|GqZtN}L+mLv*%{hDb`e
z*V9ClOFx##>QU)@M_I7-bqoAGL!P(y=ehnkbz*g=^(1|&FXDK+H0Q_c_heb|eNzA+
z1*H62#4-A={mu8)>pEU0HgIaIhd1YVz1dkcwbKh`Rr5QU{)L`|`$&89O6PLD>$=ql
z<BG6v3wB2p&9T>`-!rHReBppR37u{fZr`aUdH)@ONO?p=(%sYVOGG%l3N}IFk^=PB
z==BXbP7=#bAh0%|*!6s(!DRF#Jh)WnoJ2TlRJt>B+&nZMe{nQt6nBkvhR!+joNpD8
zzJmat{D^}HXOmoWe1glS9WV3vFOlyUc*0R#dRLt3Bay==SN#YUwkoFP@(jCdy-Z^-
zBY6sAsYhqY3e9V}U!`hkC(ggqaQGs^Nta&Vk%OMYrRFJfe=$1S1&y8zk?Jge1z6jN
zH}|M|aYuxkN`7_k4#LzOB*&qa`;Lb(3JVK5#ijR(t4%_iPgR@8Uy%-v?w~(5gOoVb
zzIq|ZPD8$1lz%Q(`$(MesdMy#g`J9X^se=Nv7Mk$)%|32yYqHWgh+D*I@u&2_|$Z|
zA;ONNbi23u(jqxSA}aYyYQ8<LQ+A-9p_57CpG#Gv7fkGAfxYpYcpNH8E}7I5amn`u
zOU%aTJgi)}<9FXT9e@~k;;MVa%ilY%q$oB64-0mZTr2Xx;E5LY6@x&iN7J&i<}dk5
z&ze<1lA~Ozh5-;^1N70Lp5R8-Y_L@IJ4wSpg2GM#3FXKgs7m^oCBEQN7;?!P1pWE#
z^BQ?>E0aT1A>ZeD{bMH)Mu1f5O8LKaW=kk{1)Wq4`zT{T9XXwB{oxWua;WMB{yLx@
zAX%n)){@SALFHB-(TWr;YhQyP71@b!{48WTx#>qpdpk%p88KCQV18yh0$T`=d5shW
z$B0F*&h%sm#hB3ys(Nkz&vrxgSg8_Ib5?ZQ=Y&y@nzrv6_D*f-V}=b&;Ca$<c%;fo
zqjr5PGae6BbK33Thuk@i_*)=4<(13a7)F0(G`rDvDR$@BCbQqQ>VisNU1v>2xsS*1
zdZ5T-lTmhq63W*!@u~ZbK~HovchGll>Pw*C|7H#DsCAdhnX5`#ru6LSNWpwxEd+O(
z$h7ofv%tTjVL{+Y(0Hpvx%u4y=s29hQKcglte-eCNS4wk!|MG_3bgAJ+{qK7(}&`Q
zu*&a;+2hqwVNw;TY|oQb-ULQ`S6UrH{kHX#u4c>N%|?6=g)Z4f2UTto)o#Bafs#aP
z3e+Y82%klr6h&t*TBkirR!ksvl2S$IgVg1_;pl-*it*LNSZ6^MFt3TI>_u2oJv$Q}
zi=o>?S*zJQN4MbXL5ZO`T8u%K7UQmGwUUa#k*wOgS&w0;JMd&0SDAVWL0Y1c>%CN}
zt+lsiS726^qwWLBWIYt0wnd%Ub`6duT~_V{^d^FIU03b;BFc_#UHRf>Rlap@#TM~L
z-k-UkBFy{gi~{`NY02&{A2r%i85~eDpT4;#u(K%V`+H@d<X5XMDO#Dcbt?-N4g0Du
zQRR?j=QvZWl=wA;H1(0Gt;3(+`@Vlx_M<jhDyu+Qlc({RcCGW*JPJ}cvm7?4l5`CQ
zhN*=-c{6b!8vD!C432te=6`Og9bFB&2%lYf7<O`Ifo?$gs9&Jb!=64a+5+URim1X}
z-siRe3|~I{3~Fg`H|rGCX8_f%WF9t^B}E0R$4YiPynDS&1Pk6^i}neoCn2?C9lnC6
z=mZMu!~ZRFyR>PGz(Gf|1BL$lCsu@Ic;mO)i&sMhX4-FiR?-8$k3OhmwSkxHuHxis
z`Vyt{mgM7Gj{+h6_Sv6W5jfP*%XY`Chd`Or9gEMXw|vPA9$CeO<IS{_2Rx1vMz`Tj
zmYa)=o8lyUG~>w>z0vl*kDhEqfLB#%<&@V?9-W7SKWu24u*+POXPefhc4=^F=ln7y
z!Yowf0MweNs<KsCn~}iX<K>9x3;+wYwq;K#5CS^OIr>NQMK+JS;dX)8^WLW8fp@0)
zC>Eu>cSN}wv47$SKwj}FO@Q-QADl#swj<HDA?nrX$sd=8cop&$Hk5BTI@a~y@-zqJ
zgU?_%q+q5}^hetVKYqs)`dQ3JjFJxE*lqeo4evH-H$cly`Iid^bQ@~NO>=eB4&{LG
z-^+j-*b`CGRXZ*7fu%d}liRlAnM*Q5yE!6xmsn=jJz57n&B|Jl<6{HSbzzSkmyz^%
zPaM+X(kOdm^9BeLl7khdZ{uW^KgBm3iR%0Fl>wV=ds3Ug{K6U^bCI&!5c%r$X0o7u
zbuawX@+?LGvu`T_n%vncoy52;r>NlkX4pWry_E*exw!yTzq&mD6s*o1FMAUX9Tnua
zEqd5FW=>8H;PLv!;|KuW-gsA5!n1wMyq{%W6+M&)yoDk2b8*u)ypck^0Gqv^ed&Dl
z0HCdrt6Xglhkjl%R9s`EY)Q6y(UP42&+TchP^|#3()lDRK##{v7Qju7;WyR$e(JZE
zwRI|kEq(YwbqEOEo&bx~@(Cx*4);8Zi<6CILEDBmy+I*^dYM9UpE0R7-N#k@?KY;w
zlmGgt=c<h}OKx$VPE1b9HaNLzS@wY)pSMFEZcsCcS}_rOm+bs;v0Ol(A(zAvzP+Jx
z(=o82Kc5+_+19fB$~8zG?#ZM;t$?!9`9fuW>hh2*wtWHq0=1=IHASAfq*w+j%oVuV
zHljl9yHLLUG=A4yU3EbDLY(U1`2pCLNl&)xUdfO+Wc%mpX<R2KflT4Nq~pw%-F;sl
zU(Qkr-**eJ2Ig?}`!<_>(p$ivC@5*oixf0=N}O2s%B88+j4M~*EFY0_)v`&Zt<fts
z$E@R9FlpJUr3zJy3By)zH!l;GnSI#zp7Pd?by$ZM6xDpz$j!fkiQi?Zqc5snJ*ca8
zdLs+-GPbFrR^7L~+p}kJI&>7JIi{@adwXw(!a1Oc9Z3$}#fVeNYGmG$sYK%JPnzOH
z%wpD^1M26`P3xtEcX#hPQ9d1QpZ(Y&nK9{>y)?FKk7h6Jd@S}d?aAAW4Fab1q*B1s
znsr}g&#@&?o!L;@xv5VX;p1JN>^?(<OC~#Nlk=Tn*(toqZ8Nmw{M0z>us}hSUVn}L
z1_C(|!<hBt#kE7gm=w>?nxVL~t>rnkaKlcU++1X>o?h8qpspG?6``eNt=2g?ZALtq
z{<sjjvT}OiA=*vu_eLAjY(e34>~|)Pvgo$u$t!2=h?N*z6|(usvI$|ORcl6!wBu{q
zSSXa0Qd?YV%^5O~4)fhkU{$*cXZh5XCyy>r;d%;?2*~fl?#Nk1OM#rGFc+c5T!O{-
zEn;n6hW;%kno}|J`M);aNC{d+CzZW>mn0|`WA93xyD-bkR?q!S^5QZi-44W_CO!FY
z)dBA*$PewGOq-6=P5rm-LF!P--^)_4_pHrSIA>;hZISn!C(;)n;FVDiFVw=Jm&tfe
zZXUs3=8V`;pSirLu3R`W%f{_|eH{s~*B&L|q6w@N^Vnoo7hdCVr(MOUX{=6R474~Z
zn)o|lb_{xIgW)wTW<fg-trV$$dum|=)I2hn$h&o}nubw|I{MI7i$c0^!5GFU@vcsR
zg$hpOP-UH^hQ6P8bj3GQC}5XdoZ7NubA+xcxVTc=7(#?`wP^Qr!Y-cwl{~Pl*X}`U
zPN+S;HT@m>@2Ity>JaI-CI|3V`*6iPvTRxFV?@73&EttqH`oG&3BoM?OKz%10Y*9E
zU|5^d9-+cTnC&si8i)r=dS2T4JY}I8748zuav+KKUttI@Po`L=!ku2oa_-(ZsL$d!
ziFZI<du;yM^km|>33l~x13u7Qv6ZqD&6mu}nI*f3^rxfx;{4PF8)9i7ck+9s(<s9-
z7H3v>e+tGLZK*jmPOL;YOv%y-9}%M2srk>6O$d4IS~CltUqLzhY6X_9S(Vk_opLzL
zy@BoQMczm|<?`zvmK=l@?dcUU_t^&WVj2G2-NT|wF^zT4O__r~`s`ti6s1jPfq&~O
zp|Nxn@Oyr~6H>cKzg09Nb&>)nnq38ZfzS?*T(O3_`qiSd+!=*4Ma_K-ravg>v83s=
zbR_der^@aoy}rMGlfZrwyhpHcAc;t@WIowNw@&+AtiCB>6?PAd_qn=%Go|r$Z=dCR
zMM3zdbE|sn+t{uHlVXUevgarQz)_gYv>veSbDI1QCl1KAZlNo*fdu50xCh?vssiT?
zt`^$zMGREn;~eF*&SN`DTtO%`t4|)?6e1v!BdtzVWo6bo4X`G?YKcpB>>TP`FZ-KT
zv=(<9nh|H;SEa(HIgV}V*;nV?@1x0`?f(j<D|I4Xu~kH$=5fR(vKr+}sb(?m+R|5(
zOk<R71|{=Cs#YwfzWmB5M!k=FUtZ?9>fPA0SF<9~sfb_}Lwh=iQnzjWp{!}!@R4%5
z$QGNJJ*P+L_Cu8`2j>)f$Psx#olBAWv7sMmf?WJvEWpx;t8Z$bW+!EIvmc4rRr=gS
zb&A92{+9Gug(?#z+rIU&qdT2{a%#V4X>|VpRZYUYcr0EVu76X{wgI;7RE0ejnJwCW
zg-S0hd-**GIP-SU)U{2U-k}x!^x!cpdktpef-(ChbPDciwNQ_zBRzXFYe|%ropB~j
zb`i?$ZB5;=<p;;Yxv68CVS#pb#0W3t;{HW<y~x%TwZ}Sr)~U<7<_xP-8-0hzJx4Zf
zv0Ds2&NGeuiy`E<;jY!(Ss^KF`7;-b$61@S&f->X_tk{X%j3(wpCRwy;{1(`xq>z_
z;&m=zjW~6#04&^qTxM?2k4P88TiD4O--&?73DK#YmOh(GInJ5&{e7ad6WO&@Pae$@
z5wB{gOnv3Mi}LxLu21MKbw*hnb{4{6<6dbE4VKaR*+%WPZg)#tO>&JRaD{h~*QQ5k
z7rE)L#8`Yw-RjkX4T7d@)zq^u)EMMrB@tdt+Bt;UEKQxhNl;TKyzd#(Me91TT%czA
zY|UQDR+6}1x7x?&wMY#v_8lnikG{mB(q;<(k&xG@ak3Bv$J8E~KK#*DudkoQ>c7{$
z$G4Whx;(PF+0{nZ@8S&REOKyeKiMlTONlpl<XVVB5Op$eZs~^SrPw&FcUBsmHi8j#
zAPptvb1qsOJ4?p^E#FRQT8oima~sTZd69;13Tr>m)9t>RK2mFY-#@R<-&$+0{iJ|9
zb6H(}@cdRS9vBNCmz7Th-uY0mdbnN3zrNo7(d+$n_vhcEZ~q#C`=4o<*j4|{%j6_=
z2W_1UlZ=vZCoOg7)HnIPNm|k(QJiJoUeo(K5{CHpv{)}sFGVK@F>CW6-2XU=%Om4E
zBK^(SWcJO=hWO1CZfs|y;Am&>L~ms0X!3XXmY@LS{}F_LyDln0`kPc9A^6{<@`FFM
z@fs3T_U4qS2^B&1OfPJ#5V=z>6OOj`i)<u7!DF`4KUf+a`PM6`UV+YytD%!fDI)~#
zwIsSJXD2N2whKl*N<b?uVL>hX@-;m?;+=#&Y<9<%z^YPr3Iyh39F_B`pF<5VUeHjS
zB<)WKYOE^L;N?5}LT}|;0A=PMu&8fj7-sCjqoxEz#EW)-=P#^(1A~kx1OQ#)PA9;8
zx$|lqe(Ibg$16*2XUv{rxJ{zH6Tn?{CkEA9WE7=8FbaLb^wOfw`25y5yHdkZNQahd
z2R*XVcKwj;taaqUas{tSyPvQ>Zw7H#PKi~!Gw*Z7r<t{m@#6++rgsns3KydBq;OEu
zBY%dk<fM|6Dshl9bnGTV_DoiEyx#)lSid&J13Sam{~Dx}9Se5{O7gk7uT}K@*Vr;J
zfPyqI2nqlg0K~Uj2>}Y>h~X2zGm!H8F2a9ipn<*p|4YDc7yZ|fl^|<{&G^lI81fk=
z`mBLn8f@4EMJhR#pAW`8Rxi`ksE4Sj#gaI5ReN2P%5i?AaAL!!r^lOt>D0U)S}-ER
zHzbukBc-bET>j*sTpsrL+*n&d5UL?8fk@pfuB85SPu@6LJ}`+_ju0u4Y?<B}vUH%e
z0W?*FTf9)z1)9QQ=WK~}eM8p1Oe?l@-_W(#W)#J`WVSh{5FHbl^R?V0XS-84^4No{
zZ`I?XdjqH8YjNE@@l$DFh?fJOQ&D^43J0vPl!-Wt+PQZ1ek(;xUb)c`;YKT`4i-eH
za2xsv&H!T@$(zi|Q}5w~<1p~u4s%Bbbw+^0U$r9ag0KMqu7QzrFrRq(iSiKL5-~jr
ztxtm|SoxCW>Bq%8LEMfC2SyaZJcp=`7n}rtCaLi!`fY&00j@)!-*nt_uTDgRL{1=H
zJT5CfpMBcTy!Xc!c>EtH`P!w}`rg=A7IRfvqZ$)@F$4T)li8E3VSNW3A#HuHviJ3j
zI79pHf1chQ)%21Y4kf2fp0Qi~zC-eFhC4tY+HW?y|DDQ67+agh->HlN`fqmS{~fx2
zziSKI**crpI{#4dus3ni{hQkg(*Gwwvnm7e!?(1|cWeAjh4~*x_IGvsa5S-YqNn@&
z`cFlv@)CpBZ*lQ&F|7Yk0|4m%W_$kT+WWVzo1LSTp`D%8-_QOZaX6@=KsvrZ-0)lL
zn`!Ysj`#0s{l@uEgnt_GPg3>&*53bqn7@R7{~yKrKUM$9Oa0%f>)-v>x9UGxs{aY_
zPX^Kd25|hIqx>(!|1Un#f1>=8r0~B{R5Abk1plNg{3pUcXGQ-Tfz0NAwBuiMr2j<u
zKYQi>#sC1g2m}E5zxwEZs{fx&>VK-+hWv;6e>JcQ(xBhb{+n>n0K?z0XAl2-_P+qY
CeH||V

diff --git a/tools/nist/nist_csf-2.0-en.yaml b/tools/nist/nist_csf-2.0-en.yaml
deleted file mode 100644
index 6452a17c4..000000000
--- a/tools/nist/nist_csf-2.0-en.yaml
+++ /dev/null
@@ -1,2779 +0,0 @@
-urn: urn:intuitem:risk:library:nist-csf-2.0
-locale: en
-ref_id: NIST-CSF-2.0
-name: NIST CSF version 2.0
-description: National Institute of Standards and Technology - Cybersecurity Framework
-copyright: With the exception of material marked as copyrighted, information presented
-  on NIST sites are considered public information and may be distributed or copied.
-version: 1
-provider: NIST
-packager: intuitem
-objects:
-  framework:
-    urn: urn:intuitem:risk:framework:nist-csf-2.0
-    ref_id: NIST-CSF-2.0
-    name: NIST CSF v2.0
-    description: NIST Cybersecurity Framework
-    requirement_nodes:
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv
-      assessable: false
-      depth: 1
-      ref_id: GV
-      name: GOVERN
-      description: The organization's cybersecurity risk management strategy, expectations,
-        and policy are established, communicated, and monitored
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv
-      ref_id: GV.OC
-      name: Organizational Context
-      description: The circumstances - mission, stakeholder expectations, dependencies,
-        and legal, regulatory, and contractual requirements - surrounding the organization's
-        cybersecurity risk management decisions are understood
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc
-      ref_id: GV.OC-01
-      description: The organizational mission is understood and informs cybersecurity
-        risk management
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node5
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Share the organization''s mission (e.g., through vision and mission statements,
-        marketing, and service strategies) to provide a basis for identifying risks
-        that may impede that mission'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc
-      ref_id: GV.OC-02
-      description: Internal and external stakeholders are understood, and their needs
-        and expectations regarding cybersecurity risk management are understood and
-        considered
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node7
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Identify relevant internal stakeholders and their cybersecurity-related
-        expectations (e.g., performance and risk expectations of officers, directors,
-        and advisors; cultural expectations of employees)
-
-        Ex2: Identify relevant external stakeholders and their cybersecurity-related
-        expectations (e.g., privacy expectations of customers, business expectations
-        of partnerships, compliance expectations of regulators, ethics expectations
-        of society)'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc
-      ref_id: GV.OC-03
-      description: Legal, regulatory, and contractual requirements regarding cybersecurity
-        - including privacy and civil liberties obligations - are understood and managed
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node9
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Determine a process to track and manage legal and regulatory requirements
-        regarding protection of individuals'' information (e.g., Health Insurance
-        Portability and Accountability Act, California Consumer Privacy Act, General
-        Data Protection Regulation)
-
-        Ex2: Determine a process to track and manage contractual requirements for
-        cybersecurity management of supplier, customer, and partner information
-
-        Ex3: Align the organization''s cybersecurity strategy with legal, regulatory,
-        and contractual requirements'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc
-      ref_id: GV.OC-04
-      description: Critical objectives, capabilities, and services that stakeholders
-        depend on or expect from the organization are understood and communicated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node11
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Establish criteria for determining the criticality of capabilities and
-        services as viewed by internal and external stakeholders
-
-        Ex2: Determine (e.g., from a business impact analysis) assets and business
-        operations that are vital to achieving mission objectives and the potential
-        impact of a loss (or partial loss) of such operations
-
-        Ex3: Establish and communicate resilience objectives (e.g., recovery time
-        objectives) for delivering critical capabilities and services in various operating
-        states (e.g., under attack, during recovery, normal operation)'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc
-      ref_id: GV.OC-05
-      description: Outcomes, capabilities, and services that the organization depends
-        on are understood and communicated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node13
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-05
-      name: Examples
-      description: 'Ex1: Create an inventory of the organization''s dependencies on
-        external resources (e.g., facilities, cloud-based hosting providers) and their
-        relationships to organizational assets and business functions
-
-        Ex2: Identify and document external dependencies that are potential points
-        of failure for the organization''s critical capabilities and services, and
-        share that information with appropriate personnel
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv
-      ref_id: GV.RM
-      name: Risk Management Strategy
-      description: The organization's priorities, constraints, risk tolerance and
-        appetite statements, and assumptions are established, communicated, and used
-        to support operational risk decisions
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm
-      ref_id: GV.RM-01
-      description: Risk management objectives are established and agreed to by organizational
-        stakeholders
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node16
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Update near-term and long-term cybersecurity risk management objectives
-        as part of annual strategic planning and when major changes occur
-
-        Ex2: Establish measurable objectives for cybersecurity risk management (e.g.,
-        manage the quality of user training, ensure adequate risk protection for industrial
-        control systems)
-
-        Ex3: Senior leaders agree about cybersecurity objectives and use them for
-        measuring and managing risk and performance'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm
-      ref_id: GV.RM-02
-      description: Risk appetite and risk tolerance statements are established, communicated,
-        and maintained
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node18
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Determine and communicate risk appetite statements that convey expectations
-        about the appropriate level of risk for the organization
-
-        Ex2: Translate risk appetite statements into specific, measurable, and broadly
-        understandable risk tolerance statements
-
-        Ex3: Refine organizational objectives and risk appetite periodically based
-        on known risk exposure and residual risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm
-      ref_id: GV.RM-03
-      description: Cybersecurity risk management activities and outcomes are included
-        in enterprise risk management processes
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node20
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Aggregate and manage cybersecurity risks alongside other enterprise risks
-        (e.g., compliance, financial, operational, regulatory, reputational, safety)
-
-        Ex2: Include cybersecurity risk managers in enterprise risk management planning
-
-        Ex3: Establish criteria for escalating cybersecurity risks within enterprise
-        risk management'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm
-      ref_id: GV.RM-04
-      description: Strategic direction that describes appropriate risk response options
-        is established and communicated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node22
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Specify criteria for accepting and avoiding cybersecurity risk for various
-        classifications of data
-
-        Ex2: Determine whether to purchase cybersecurity insurance
-
-        Ex3: Document conditions under which shared responsibility models are acceptable
-        (e.g., outsourcing certain cybersecurity functions, having a third party perform
-        financial transactions on behalf of the organization, using public cloud-based
-        services)'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm
-      ref_id: GV.RM-05
-      description: Lines of communication across the organization are established
-        for cybersecurity risks, including risks from suppliers and other third parties
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node24
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-05
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Determine how to update senior executives, directors, and management
-        on the organization''s cybersecurity posture at agreed-upon intervals
-
-        Ex2: Identify how all departments across the organization - such as management,
-        operations, internal auditors, legal, acquisition, physical security, and
-        HR - will communicate with each other about cybersecurity risks'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm
-      ref_id: GV.RM-06
-      description: A standardized method for calculating, documenting, categorizing,
-        and prioritizing cybersecurity risks is established and communicated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node26
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-06
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Establish criteria for using a quantitative approach to cybersecurity
-        risk analysis, and specify probability and exposure formulas
-
-        Ex2: Create and use templates (e.g., a risk register) to document cybersecurity
-        risk information (e.g., risk description, exposure, treatment, and ownership)
-
-        Ex3: Establish criteria for risk prioritization at the appropriate levels
-        within the enterprise
-
-        Ex4: Use a consistent list of risk categories to support integrating, aggregating,
-        and comparing cybersecurity risks'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-07
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm
-      ref_id: GV.RM-07
-      description: Strategic opportunities (i.e., positive risks) are characterized
-        and are included in organizational cybersecurity risk discussions
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node28
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-07
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Define and communicate guidance and methods for identifying opportunities
-        and including them in risk discussions (e.g., strengths, weaknesses, opportunities,
-        and threats [SWOT] analysis)
-
-        Ex2: Identify stretch goals and document them
-
-        Ex3: Calculate, document, and prioritize positive risks alongside negative
-        risks'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv
-      ref_id: GV.RR
-      name: Roles, Responsibilities, and Authorities
-      description: Cybersecurity roles, responsibilities, and authorities to foster
-        accountability, performance assessment, and continuous improvement are established
-        and communicated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr
-      ref_id: GV.RR-01
-      description: Organizational leadership is responsible and accountable for cybersecurity
-        risk and fosters a culture that is risk-aware, ethical, and continually improving
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node31
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Leaders (e.g., directors) agree on their roles and responsibilities in
-        developing, implementing, and assessing the organization''s cybersecurity
-        strategy
-
-        Ex2: Share leaders'' expectations regarding a secure and ethical culture,
-        especially when current events present the opportunity to highlight positive
-        or negative examples of cybersecurity risk management
-
-        Ex3: Leaders direct the CISO to maintain a comprehensive cybersecurity risk
-        strategy and review and update it at least annually and after major events
-
-        Ex4: Conduct reviews to ensure adequate authority and coordination among those
-        responsible for managing cybersecurity risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr
-      ref_id: GV.RR-02
-      description: Roles, responsibilities, and authorities related to cybersecurity
-        risk management are established, communicated, understood, and enforced
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node33
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Document risk management roles and responsibilities in policy
-
-        Ex2: Document who is responsible and accountable for cybersecurity risk management
-        activities and how those teams and individuals are to be consulted and informed
-
-        Ex3: Include cybersecurity responsibilities and performance requirements in
-        personnel descriptions
-
-        Ex4: Document performance goals for personnel with cybersecurity risk management
-        responsibilities, and periodically measure performance to identify areas for
-        improvement
-
-        Ex5: Clearly articulate cybersecurity responsibilities within operations,
-        risk functions, and internal audit functions'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr
-      ref_id: GV.RR-03
-      description: Adequate resources are allocated commensurate with the cybersecurity
-        risk strategy, roles, responsibilities, and policies
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node35
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Conduct periodic management reviews to ensure that those given cybersecurity
-        risk management responsibilities have the necessary authority
-
-        Ex2: Identify resource allocation and investment in line with risk tolerance
-        and response
-
-        Ex3: Provide adequate and sufficient people, process, and technical resources
-        to support the cybersecurity strategy'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr
-      ref_id: GV.RR-04
-      description: Cybersecurity is included in human resources practices
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node37
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Integrate cybersecurity risk management considerations into human resources
-        processes (e.g., personnel screening, onboarding, change notification, offboarding)
-
-        Ex2: Consider cybersecurity knowledge to be a positive factor in hiring, training,
-        and retention decisions
-
-        Ex3: Conduct background checks prior to onboarding new personnel for sensitive
-        roles, and periodically repeat background checks for personnel with such roles
-
-        Ex4: Define and enforce obligations for personnel to be aware of, adhere to,
-        and uphold security policies as they relate to their roles'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv
-      ref_id: GV.PO
-      name: Policy
-      description: Organizational cybersecurity policy is established, communicated,
-        and enforced
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po
-      ref_id: GV.PO-01
-      description: Policy for managing cybersecurity risks is established based on
-        organizational context, cybersecurity strategy, and priorities and is communicated
-        and enforced
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node40
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Create, disseminate, and maintain an understandable, usable risk management
-        policy with statements of management intent, expectations, and direction
-
-        Ex2: Periodically review policy and supporting processes and procedures to
-        ensure that they align with risk management strategy objectives and priorities,
-        as well as the high-level direction of the cybersecurity policy
-
-        Ex3: Require approval from senior management on policy
-
-        Ex4: Communicate cybersecurity risk management policy and supporting processes
-        and procedures across the organization
-
-        Ex5: Require personnel to acknowledge receipt of policy when first hired,
-        annually, and whenever policy is updated'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po
-      ref_id: GV.PO-02
-      description: Policy for managing cybersecurity risks is reviewed, updated, communicated,
-        and enforced to reflect changes in requirements, threats, technology, and
-        organizational mission
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node42
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Update policy based on periodic reviews of cybersecurity risk management
-        results to ensure that policy and supporting processes and procedures adequately
-        maintain risk at an acceptable level
-
-        Ex2: Provide a timeline for reviewing changes to the organization''s risk
-        environment (e.g., changes in risk or in the organization''s mission objectives),
-        and communicate recommended policy updates
-
-        Ex3: Update policy to reflect changes in legal and regulatory requirements
-
-        Ex4: Update policy to reflect changes in technology (e.g., adoption of artificial
-        intelligence) and changes to the business (e.g., acquisition of a new business,
-        new contract requirements)'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv
-      ref_id: GV.OV
-      name: Oversight
-      description: Results of organization-wide cybersecurity risk management activities
-        and performance are used to inform, improve, and adjust the risk management
-        strategy
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov
-      ref_id: GV.OV-01
-      description: Cybersecurity risk management strategy outcomes are reviewed to
-        inform and adjust strategy and direction
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node45
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Measure how well the risk management strategy and risk results have helped
-        leaders make decisions and achieve organizational objectives
-
-        Ex2: Examine whether cybersecurity risk strategies that impede operations
-        or innovation should be adjusted'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov
-      ref_id: GV.OV-02
-      description: The cybersecurity risk management strategy is reviewed and adjusted
-        to ensure coverage of organizational requirements and risks
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node47
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Review audit findings to confirm whether the existing cybersecurity strategy
-        has ensured compliance with internal and external requirements
-
-        Ex2: Review the performance oversight of those in cybersecurity-related roles
-        to determine whether policy changes are necessary
-
-        Ex3: Review strategy in light of cybersecurity incidents'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov
-      ref_id: GV.OV-03
-      description: Organizational cybersecurity risk management performance is evaluated
-        and reviewed for adjustments needed
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node49
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.ov-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Review key performance indicators (KPIs) to ensure that organization-wide
-        policies and procedures achieve objectives
-
-        Ex2: Review key risk indicators (KRIs) to identify risks the organization
-        faces, including likelihood and potential impact
-
-        Ex3: Collect and communicate metrics on cybersecurity risk management with
-        senior leadership'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv
-      ref_id: GV.SC
-      name: Cybersecurity Supply Chain Risk Management
-      description: Cyber supply chain risk management processes are identified, established,
-        managed, monitored, and improved by organizational stakeholders
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-01
-      description: A cybersecurity supply chain risk management program, strategy,
-        objectives, policies, and processes are established and agreed to by organizational
-        stakeholders
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node52
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-01
-      name: Examples
-      description: 'Ex1: Establish a strategy that expresses the objectives of the
-        cybersecurity supply chain risk management program
-
-        Ex2: Develop the cybersecurity supply chain risk management program, including
-        a plan (with milestones), policies, and procedures that guide implementation
-        and improvement of the program, and share the policies and procedures with
-        the organizational stakeholders
-
-        Ex3: Develop and implement program processes based on the strategy, objectives,
-        policies, and procedures that are agreed upon and performed by the organizational
-        stakeholders
-
-        Ex4: Establish a cross-organizational mechanism that ensures alignment between
-        functions that contribute to cybersecurity supply chain risk management, such
-        as cybersecurity, IT, operations, legal, human resources, and engineering
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-02
-      description: Cybersecurity roles and responsibilities for suppliers, customers,
-        and partners are established, communicated, and coordinated internally and
-        externally
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node54
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-02
-      name: Examples
-      description: 'Ex1: Identify one or more specific roles or positions that will
-        be responsible and accountable for planning, resourcing, and executing cybersecurity
-        supply chain risk management activities
-
-        Ex2: Document cybersecurity supply chain risk management roles and responsibilities
-        in policy
-
-        Ex3: Create responsibility matrixes to document who will be responsible and
-        accountable for cybersecurity supply chain risk management activities and
-        how those teams and individuals will be consulted and informed
-
-        Ex4: Include cybersecurity supply chain risk management responsibilities and
-        performance requirements in personnel descriptions to ensure clarity and improve
-        accountability
-
-        Ex5: Document performance goals for personnel with cybersecurity risk management-specific
-        responsibilities, and periodically measure them to demonstrate and improve
-        performance
-
-        Ex6: Develop roles and responsibilities for suppliers, customers, and business
-        partners to address shared responsibilities for applicable cybersecurity risks,
-        and integrate them into organizational policies and applicable third-party
-        agreements
-
-        Ex7: Internally communicate cybersecurity supply chain risk management roles
-        and responsibilities for third parties
-
-        Ex8: Establish rules and protocols for information sharing and reporting processes
-        between the organization and its suppliers
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-03
-      description: Cybersecurity supply chain risk management is integrated into cybersecurity
-        and enterprise risk management, risk assessment, and improvement processes
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node56
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-03
-      name: Examples
-      description: 'Ex1: Identify areas of alignment and overlap with cybersecurity
-        and enterprise risk management
-
-        Ex2: Establish integrated control sets for cybersecurity risk management and
-        cybersecurity supply chain risk management
-
-        Ex3: Integrate cybersecurity supply chain risk management into improvement
-        processes
-
-        Ex4: Escalate material cybersecurity risks in supply chains to senior management,
-        and address them at the enterprise risk management level
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-04
-      description: Suppliers are known and prioritized by criticality
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node58
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-04
-      name: Examples
-      description: 'Ex1: Develop criteria for supplier criticality based on, for example,
-        the sensitivity of data processed or possessed by suppliers, the degree of
-        access to the organization''s systems, and the importance of the products
-        or services to the organization''s mission
-
-        Ex2: Keep a record of all suppliers, and prioritize suppliers based on the
-        criticality criteria
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-05
-      description: Requirements to address cybersecurity risks in supply chains are
-        established, prioritized, and integrated into contracts and other types of
-        agreements with suppliers and other relevant third parties
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node60
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-05
-      name: Examples
-      description: 'Ex1: Establish security requirements for suppliers, products,
-        and services commensurate with their criticality level and potential impact
-        if compromised
-
-        Ex2: Include all cybersecurity and supply chain requirements that third parties
-        must follow and how compliance with the requirements may be verified in default
-        contractual language
-
-        Ex3: Define the rules and protocols for information sharing between the organization
-        and its suppliers and sub-tier suppliers in agreements
-
-        Ex4: Manage risk by including security requirements in agreements based on
-        their criticality and potential impact if compromised
-
-        Ex5: Define security requirements in service-level agreements (SLAs) for monitoring
-        suppliers for acceptable security performance throughout the supplier relationship
-        lifecycle
-
-        Ex6: Contractually require suppliers to disclose cybersecurity features, functions,
-        and vulnerabilities of their products and services for the life of the product
-        or the term of service
-
-        Ex7: Contractually require suppliers to provide and maintain a current component
-        inventory (e.g., software or hardware bill of materials) for critical products
-
-        Ex8: Contractually require suppliers to vet their employees and guard against
-        insider threats
-
-        Ex9: Contractually require suppliers to provide evidence of performing acceptable
-        security practices through, for example, self-attestation, conformance to
-        known standards, certifications, or inspections
-
-        Ex10: Specify in contracts and other agreements the rights and responsibilities
-        of the organization, its suppliers, and their supply chains, with respect
-        to potential cybersecurity risks
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-06
-      description: Planning and due diligence are performed to reduce risks before
-        entering into formal supplier or other third-party relationships
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node62
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-06
-      name: Examples
-      description: 'Ex1: Perform thorough due diligence on prospective suppliers that
-        is consistent with procurement planning and commensurate with the level of
-        risk, criticality, and complexity of each supplier relationship
-
-        Ex2: Assess the suitability of the technology and cybersecurity capabilities
-        and the risk management practices of prospective suppliers
-
-        Ex3: Conduct supplier risk assessments against business and applicable cybersecurity
-        requirements
-
-        Ex4: Assess the authenticity, integrity, and security of critical products
-        prior to acquisition and use
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-07
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-07
-      description: The risks posed by a supplier, their products and services, and
-        other third parties are understood, recorded, prioritized, assessed, responded
-        to, and monitored over the course of the relationship
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node64
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-07
-      name: Examples
-      description: 'Ex1: Adjust assessment formats and frequencies based on the third
-        party''s reputation and the criticality of the products or services they provide
-
-        Ex2: Evaluate third parties'' evidence of compliance with contractual cybersecurity
-        requirements, such as self-attestations, warranties, certifications, and other
-        artifacts
-
-        Ex3: Monitor critical suppliers to ensure that they are fulfilling their security
-        obligations throughout the supplier relationship lifecycle using a variety
-        of methods and techniques, such as inspections, audits, tests, or other forms
-        of evaluation
-
-        Ex4: Monitor critical suppliers, services, and products for changes to their
-        risk profiles, and reevaluate supplier criticality and risk impact accordingly
-
-        Ex5: Plan for unexpected supplier and supply chain-related interruptions to
-        ensure business continuity
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-08
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-08
-      description: Relevant suppliers and other third parties are included in incident
-        planning, response, and recovery activities
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node66
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-08
-      name: Examples
-      description: 'Ex1: Define and use rules and protocols for reporting incident
-        response and recovery activities and the status between the organization and
-        its suppliers
-
-        Ex2: Identify and document the roles and responsibilities of the organization
-        and its suppliers for incident response
-
-        Ex3: Include critical suppliers in incident response exercises and simulations
-
-        Ex4: Define and coordinate crisis communication methods and protocols between
-        the organization and its critical suppliers
-
-        Ex5: Conduct collaborative lessons learned sessions with critical suppliers
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-09
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-09
-      description: Supply chain security practices are integrated into cybersecurity
-        and enterprise risk management programs, and their performance is monitored
-        throughout the technology product and service life cycle
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node68
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-09
-      name: Examples
-      description: 'Ex1: Policies and procedures require provenance records for all
-        acquired technology products and services
-
-        Ex2: Periodically provide risk reporting to leaders about how acquired components
-        are proven to be untampered and authentic
-
-        Ex3: Communicate regularly among cybersecurity risk managers and operations
-        personnel about the need to acquire software patches, updates, and upgrades
-        only from authenticated and trustworthy software providers
-
-        Ex4: Review policies to ensure that they require approved supplier personnel
-        to perform maintenance on supplier products
-
-        Ex5: Policies and procedure require checking upgrades to critical hardware
-        for unauthorized changes
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-10
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc
-      ref_id: GV.SC-10
-      description: Cybersecurity supply chain risk management plans include provisions
-        for activities that occur after the conclusion of a partnership or service
-        agreement
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node70
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-10
-      name: Examples
-      description: 'Ex1: Establish processes for terminating critical relationships
-        under both normal and adverse circumstances
-
-        Ex2: Define and implement plans for component end-of-life maintenance support
-        and obsolescence
-
-        Ex3: Verify that supplier access to organization resources is deactivated
-        promptly when it is no longer needed
-
-        Ex4: Verify that assets containing the organization''s data are returned or
-        properly disposed of in a timely, controlled, and safe manner
-
-        Ex5: Develop and execute a plan for terminating or transitioning supplier
-        relationships that takes supply chain security risk and resiliency into account
-
-        Ex6: Mitigate risks to data and systems created by supplier termination
-
-        Ex7: Manage data leakage risks associated with supplier termination
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id
-      assessable: false
-      depth: 1
-      ref_id: ID
-      name: IDENTIFY
-      description: The organization's current cybersecurity risks are understood
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id
-      ref_id: ID.AM
-      name: Asset Management
-      description: Assets (e.g., data, hardware, software, systems, facilities, services,
-        people) that enable the organization to achieve business purposes are identified
-        and managed consistent with their relative importance to organizational objectives
-        and the organization's risk strategy
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am
-      ref_id: ID.AM-01
-      description: Inventories of hardware managed by the organization are maintained
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node74
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Maintain inventories for all types of hardware, including IT, IoT, OT,
-        and mobile devices
-
-        Ex2: Constantly monitor networks to detect new hardware and automatically
-        update inventories'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am
-      ref_id: ID.AM-02
-      description: Inventories of software, services, and systems managed by the organization
-        are maintained
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node76
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Maintain inventories for all types of software and services, including
-        commercial-off-the-shelf, open-source, custom applications, API services,
-        and cloud-based applications and services
-
-        Ex2: Constantly monitor all platforms, including containers and virtual machines,
-        for software and service inventory changes
-
-        Ex3: Maintain an inventory of the organization''s systems'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am
-      ref_id: ID.AM-03
-      description: Representations of the organization's authorized network communication
-        and internal and external network data flows are maintained
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node78
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Maintain baselines of communication and data flows within the organization''s
-        wired and wireless networks
-
-        Ex2: Maintain baselines of communication and data flows between the organization
-        and third parties
-
-        Ex3: Maintain baselines of communication and data flows for the organization''s
-        infrastructure-as-a-service (IaaS) usage
-
-        Ex4: Maintain documentation of expected network ports, protocols, and services
-        that are typically used among authorized systems'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am
-      ref_id: ID.AM-04
-      description: Inventories of services provided by suppliers are maintained
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node80
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-04
-      name: Examples
-      description: 'Ex1: Inventory all external services used by the organization,
-        including third-party infrastructure-as-a-service (IaaS), platform-as-a-service
-        (PaaS), and software-as-a-service (SaaS) offerings; APIs; and other externally
-        hosted application services
-
-        Ex2: Update the inventory when a new external service is going to be utilized
-        to ensure adequate cybersecurity risk management monitoring of the organization''s
-        use of that service
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am
-      ref_id: ID.AM-05
-      description: Assets are prioritized based on classification, criticality, resources,
-        and impact on the mission
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node82
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-05
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Define criteria for prioritizing each class of assets
-
-        Ex2: Apply the prioritization criteria to assets
-
-        Ex3: Track the asset priorities and update them periodically or when significant
-        changes to the organization occur'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-07
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am
-      ref_id: ID.AM-07
-      description: Inventories of data and corresponding metadata for designated data
-        types are maintained
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node84
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-07
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Maintain a list of the designated data types of interest (e.g., personally
-        identifiable information, protected health information, financial account
-        numbers, organization intellectual property, operational technology data)
-
-        Ex2: Continuously discover and analyze ad hoc data to identify new instances
-        of designated data types
-
-        Ex3: Assign data classifications to designated data types through tags or
-        labels
-
-        Ex4: Track the provenance, data owner, and geolocation of each instance of
-        designated data types'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-08
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am
-      ref_id: ID.AM-08
-      description: Systems, hardware, software, services, and data are managed throughout
-        their life cycles
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node86
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-08
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Integrate cybersecurity considerations throughout the life cycles of
-        systems, hardware, software, and services
-
-        Ex2: Integrate cybersecurity considerations into product life cycles
-
-        Ex3: Identify unofficial uses of technology to meet mission objectives (i.e.,
-        shadow IT)
-
-        Ex4: Periodically identify redundant systems, hardware, software, and services
-        that unnecessarily increase the organization''s attack surface
-
-        Ex5: Properly configure and secure systems, hardware, software, and services
-        prior to their deployment in production
-
-        Ex6: Update inventories when systems, hardware, software, and services are
-        moved or transferred within the organization
-
-        Ex7: Securely destroy stored data based on the organization''s data retention
-        policy using the prescribed destruction method, and keep and manage a record
-        of the destructions
-
-        Ex8: Securely sanitize data storage when hardware is being retired, decommissioned,
-        reassigned, or sent for repairs or replacement
-
-        Ex9: Offer methods for destroying paper, storage media, and other physical
-        forms of data storage'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id
-      ref_id: ID.RA
-      name: Risk Assessment
-      description: The cybersecurity risk to the organization, assets, and individuals
-        is understood by the organization
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-01
-      description: Vulnerabilities in assets are identified, validated, and recorded
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node89
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Use vulnerability management technologies to identify unpatched and misconfigured
-        software
-
-        Ex2: Assess network and system architectures for design and implementation
-        weaknesses that affect cybersecurity
-
-        Ex3: Review, analyze, or test organization-developed software to identify
-        design, coding, and default configuration vulnerabilities
-
-        Ex4: Assess facilities that house critical computing assets for physical vulnerabilities
-        and resilience issues
-
-        Ex5: Monitor sources of cyber threat intelligence for information on new vulnerabilities
-        in products and services
-
-        Ex6: Review processes and procedures for weaknesses that could be exploited
-        to affect cybersecurity'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-02
-      description: Cyber threat intelligence is received from information sharing
-        forums and sources
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node91
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Configure cybersecurity tools and technologies with detection or response
-        capabilities to securely ingest cyber threat intelligence feeds
-
-        Ex2: Receive and review advisories from reputable third parties on current
-        threat actors and their tactics, techniques, and procedures (TTPs)
-
-        Ex3: Monitor sources of cyber threat intelligence for information on the types
-        of vulnerabilities that emerging technologies may have'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-03
-      description: Internal and external threats to the organization are identified
-        and recorded
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node93
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Use cyber threat intelligence to maintain awareness of the types of threat
-        actors likely to target the organization and the TTPs they are likely to use
-
-        Ex2: Perform threat hunting to look for signs of threat actors within the
-        environment
-
-        Ex3: Implement processes for identifying internal threat actors'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-04
-      description: Potential impacts and likelihoods of threats exploiting vulnerabilities
-        are identified and recorded
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node95
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Business leaders and cybersecurity risk management practitioners work
-        together to estimate the likelihood and impact of risk scenarios and record
-        them in risk registers
-
-        Ex2: Enumerate the potential business impacts of unauthorized access to the
-        organization''s communications, systems, and data processed in or by those
-        systems
-
-        Ex3: Account for the potential impacts of cascading failures for systems of
-        systems'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-05
-      description: Threats, vulnerabilities, likelihoods, and impacts are used to
-        understand inherent risk and inform risk response prioritization
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node97
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-05
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Develop threat models to better understand risks to the data and identify
-        appropriate risk responses
-
-        Ex2: Prioritize cybersecurity resource allocations and investments based on
-        estimated likelihoods and impacts'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-06
-      description: Risk responses are chosen, prioritized, planned, tracked, and communicated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node99
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-06
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Apply the vulnerability management plan''s criteria for deciding whether
-        to accept, transfer, mitigate, or avoid risk
-
-        Ex2: Apply the vulnerability management plan''s criteria for selecting compensating
-        controls to mitigate risk
-
-        Ex3: Track the progress of risk response implementation (e.g., plan of action
-        and milestones [POA&M], risk register, risk detail report)
-
-        Ex4: Use risk assessment findings to inform risk response decisions and actions
-
-        Ex5: Communicate planned risk responses to affected stakeholders in priority
-        order'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-07
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-07
-      description: Changes and exceptions are managed, assessed for risk impact, recorded,
-        and tracked
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node101
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-07
-      name: Examples
-      description: 'Ex1: Implement and follow procedures for the formal documentation,
-        review, testing, and approval of proposed changes and requested exceptions
-
-        Ex2: Document the possible risks of making or not making each proposed change,
-        and provide guidance on rolling back changes
-
-        Ex3: Document the risks related to each requested exception and the plan for
-        responding to those risks
-
-        Ex4: Periodically review risks that were accepted based upon planned future
-        actions or milestones'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-08
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-08
-      description: Processes for receiving, analyzing, and responding to vulnerability
-        disclosures are established
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node103
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-08
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Conduct vulnerability information sharing between the organization and
-        its suppliers following the rules and protocols defined in contracts
-
-        Ex2: Assign responsibilities and verify the execution of procedures for processing,
-        analyzing the impact of, and responding to cybersecurity threat, vulnerability,
-        or incident disclosures by suppliers, customers, partners, and government
-        cybersecurity organizations'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-09
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-09
-      description: The authenticity and integrity of hardware and software are assessed
-        prior to acquisition and use
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node105
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-09
-      name: Examples
-      description: 'Ex1: Assess the authenticity and cybersecurity of critical technology
-        products and services prior to acquisition and use
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-10
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra
-      ref_id: ID.RA-10
-      description: Critical suppliers are assessed prior to acquisition
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node107
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-10
-      name: Examples
-      description: 'Ex1: Conduct supplier risk assessments against business and applicable
-        cybersecurity requirements, including the supply chain'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id
-      ref_id: ID.IM
-      name: Improvement
-      description: Improvements to organizational cybersecurity risk management processes,
-        procedures and activities are identified across all CSF Functions
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im
-      ref_id: ID.IM-01
-      description: Improvements are identified from evaluations
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node110
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Perform self-assessments of critical services that take current threats
-        and TTPs into consideration
-
-        Ex2: Invest in third-party assessments or independent audits of the effectiveness
-        of the organization''s cybersecurity program to identify areas that need improvement
-
-        Ex3: Constantly evaluate compliance with selected cybersecurity requirements
-        through automated means'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im
-      ref_id: ID.IM-02
-      description: Improvements are identified from security tests and exercises,
-        including those done in coordination with suppliers and relevant third parties
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node112
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Identify improvements for future incident response activities based on
-        findings from incident response assessments (e.g., tabletop exercises and
-        simulations, tests, internal reviews, independent audits)
-
-        Ex2: Identify improvements for future business continuity, disaster recovery,
-        and incident response activities based on exercises performed in coordination
-        with critical service providers and product suppliers
-
-        Ex3: Involve internal stakeholders (e.g., senior executives, legal department,
-        HR) in security tests and exercises as appropriate
-
-        Ex4: Perform penetration testing to identify opportunities to improve the
-        security posture of selected high-risk systems as approved by leadership
-
-        Ex5: Exercise contingency plans for responding to and recovering from the
-        discovery that products or services did not originate with the contracted
-        supplier or partner or were altered before receipt
-
-        Ex6: Collect and analyze performance metrics using security tools and services
-        to inform improvements to the cybersecurity program'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im
-      ref_id: ID.IM-03
-      description: Improvements are identified from execution of operational processes,
-        procedures, and activities
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node114
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Conduct collaborative lessons learned sessions with suppliers
-
-        Ex2: Annually review cybersecurity policies, processes, and procedures to
-        take lessons learned into account
-
-        Ex3: Use metrics to assess operational cybersecurity performance over time'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im
-      ref_id: ID.IM-04
-      description: Incident response plans and other cybersecurity plans that affect
-        operations are established, communicated, maintained, and improved
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node116
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Establish contingency plans (e.g., incident response, business continuity,
-        disaster recovery) for responding to and recovering from adverse events that
-        can interfere with operations, expose confidential information, or otherwise
-        endanger the organization''s mission and viability
-
-        Ex2: Include contact and communication information, processes for handling
-        common scenarios, and criteria for prioritization, escalation, and elevation
-        in all contingency plans
-
-        Ex3: Create a vulnerability management plan to identify and assess all types
-        of vulnerabilities and to prioritize, test, and implement risk responses
-
-        Ex4: Communicate cybersecurity plans (including updates) to those responsible
-        for carrying them out and to affected parties
-
-        Ex5: Review and update all cybersecurity plans annually or when a need for
-        significant improvements is identified'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr
-      assessable: false
-      depth: 1
-      ref_id: PR
-      name: PROTECT
-      description: Safeguards to manage the organization's cybersecurity risks are
-        used
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr
-      ref_id: PR.AA
-      name: Identity Management, Authentication, and Access Control
-      description: Access to physical and logical assets is limited to authorized
-        users, services, and hardware and  managed commensurate with the assessed
-        risk of unauthorized access
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa
-      ref_id: PR.AA-01
-      description: Identities and credentials for authorized users, services, and
-        hardware are managed by the organization
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node120
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Initiate requests for new access or additional access for employees,
-        contractors, and others, and track, review, and fulfill the requests, with
-        permission from system or data owners when needed
-
-        Ex2: Issue, manage, and revoke cryptographic certificates and identity tokens,
-        cryptographic keys (i.e., key management), and other credentials
-
-        Ex3: Select a unique identifier for each device from immutable hardware characteristics
-        or an identifier securely provisioned to the device
-
-        Ex4: Physically label authorized hardware with an identifier for inventory
-        and servicing purposes'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa
-      ref_id: PR.AA-02
-      description: Identities are proofed and bound to credentials based on the context
-        of interactions
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node122
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Verify a person''s claimed identity at enrollment time using government-issued
-        identity credentials (e.g., passport, visa, driver''s license)
-
-        Ex2: Issue a different credential for each person (i.e., no credential sharing)'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa
-      ref_id: PR.AA-03
-      description: Users, services, and hardware are authenticated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node124
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Require multifactor authentication
-
-        Ex2: Enforce policies for the minimum strength of passwords, PINs, and similar
-        authenticators
-
-        Ex3: Periodically reauthenticate users, services, and hardware based on risk
-        (e.g., in zero trust architectures)
-
-        Ex4: Ensure that authorized personnel can access accounts essential for protecting
-        safety under emergency conditions'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa
-      ref_id: PR.AA-04
-      description: Identity assertions are protected, conveyed, and verified
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node126
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Protect identity assertions that are used to convey authentication and
-        user information through single sign-on systems
-
-        Ex2: Protect identity assertions that are used to convey authentication and
-        user information between federated systems
-
-        Ex3: Implement standards-based approaches for identity assertions in all contexts,
-        and follow all guidance for the generation (e.g., data models, metadata),
-        protection (e.g., digital signing, encryption), and verification (e.g., signature
-        validation) of identity assertions'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa
-      ref_id: PR.AA-05
-      description: Access permissions, entitlements, and authorizations are defined
-        in a policy, managed, enforced, and reviewed, and incorporate the principles
-        of least privilege and separation of duties
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node128
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-05
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Review logical and physical access privileges periodically and whenever
-        someone changes roles or leaves the organization, and promptly rescind privileges
-        that are no longer needed
-
-        Ex2: Take attributes of the requester and the requested resource into account
-        for authorization decisions (e.g., geolocation, day/time, requester endpoint''s
-        cyber health)
-
-        Ex3: Restrict access and privileges to the minimum necessary (e.g., zero trust
-        architecture)
-
-        Ex4: Periodically review the privileges associated with critical business
-        functions to confirm proper separation of duties'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa
-      ref_id: PR.AA-06
-      description: Physical access to assets is managed, monitored, and enforced commensurate
-        with risk
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node130
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-06
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Use security guards, security cameras, locked entrances, alarm systems,
-        and other physical controls to monitor facilities and restrict access
-
-        Ex2: Employ additional physical security controls for areas that contain high-risk
-        assets
-
-        Ex3: Escort guests, vendors, and other third parties within areas that contain
-        business-critical assets'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr
-      ref_id: PR.AT
-      name: Awareness and Training
-      description: The organization's personnel are provided with cybersecurity awareness
-        and training so that they can perform their cybersecurity-related tasks
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at
-      ref_id: PR.AT-01
-      description: Personnel are provided with awareness and training so that they
-        possess the knowledge and skills to perform general tasks with cybersecurity
-        risks in mind
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node133
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Provide basic cybersecurity awareness and training to employees, contractors,
-        partners, suppliers, and all other users of the organization''s non-public
-        resources
-
-        Ex2: Train personnel to recognize social engineering attempts and other common
-        attacks, report attacks and suspicious activity, comply with acceptable use
-        policies, and perform basic cyber hygiene tasks (e.g., patching software,
-        choosing passwords, protecting credentials)
-
-        Ex3: Explain the consequences of cybersecurity policy violations, both to
-        individual users and the organization as a whole
-
-        Ex4: Periodically assess or test users on their understanding of basic cybersecurity
-        practices
-
-        Ex5: Require annual refreshers to reinforce existing practices and introduce
-        new practices'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at
-      ref_id: PR.AT-02
-      description: Individuals in specialized roles are provided with awareness and
-        training so that they possess the knowledge and skills to perform relevant
-        tasks with cybersecurity risks in mind
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node135
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Identify the specialized roles within the organization that require additional
-        cybersecurity training, such as physical and cybersecurity personnel, finance
-        personnel, senior leadership, and anyone with access to business-critical
-        data
-
-        Ex2: Provide role-based cybersecurity awareness and training to all those
-        in specialized roles, including contractors, partners, suppliers, and other
-        third parties
-
-        Ex3: Periodically assess or test users on their understanding of cybersecurity
-        practices for their specialized roles
-
-        Ex4: Require annual refreshers to reinforce existing practices and introduce
-        new practices'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr
-      ref_id: PR.DS
-      name: Data Security
-      description: Data are managed consistent with the organization's risk strategy
-        to protect the confidentiality, integrity, and availability of information
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds
-      ref_id: PR.DS-01
-      description: The confidentiality, integrity, and availability of data-at-rest
-        are protected
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node138
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Use encryption, digital signatures, and cryptographic hashes to protect
-        the confidentiality and integrity of stored data in files, databases, virtual
-        machine disk images, container images, and other resources
-
-        Ex2: Use full disk encryption to protect data stored on user endpoints
-
-        Ex3: Confirm the integrity of software by validating signatures
-
-        Ex4: Restrict the use of removable media to prevent data exfiltration
-
-        Ex5: Physically secure removable media containing unencrypted sensitive information,
-        such as within locked offices or file cabinets'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds
-      ref_id: PR.DS-02
-      description: The confidentiality, integrity, and availability of data-in-transit
-        are protected
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node140
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Use encryption, digital signatures, and cryptographic hashes to protect
-        the confidentiality and integrity of network communications
-
-        Ex2: Automatically encrypt or block outbound emails and other communications
-        that contain sensitive data, depending on the data classification
-
-        Ex3: Block access to personal email, file sharing, file storage services,
-        and other personal communications applications and services from organizational
-        systems and networks
-
-        Ex4: Prevent reuse of sensitive data from production environments (e.g., customer
-        records) in development, testing, and other non-production environments'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-10
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds
-      ref_id: PR.DS-10
-      description: The confidentiality, integrity, and availability of data-in-use
-        are protected
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node142
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-10
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Remove data that must remain confidential (e.g., from processors and
-        memory) as soon as it is no longer needed
-
-        Ex2: Protect data in use from access by other users and processes of the same
-        platform'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-11
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds
-      ref_id: PR.DS-11
-      description: Backups of data are created, protected, maintained, and tested
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node144
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-11
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Continuously back up critical data in near-real-time, and back up other
-        data frequently at agreed-upon schedules
-
-        Ex2: Test backups and restores for all types of data sources at least annually
-
-        Ex3: Securely store some backups offline and offsite so that an incident or
-        disaster will not damage them
-
-        Ex4: Enforce geographic separation and geolocation restrictions for data backup
-        storage'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr
-      ref_id: PR.PS
-      name: Platform Security
-      description: The hardware, software (e.g., firmware, operating systems, applications),
-        and services of physical and virtual platforms are managed consistent with
-        the organization's risk strategy to protect their confidentiality, integrity,
-        and availability
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps
-      ref_id: PR.PS-01
-      description: Configuration management practices are established and applied
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node147
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Establish, test, deploy, and maintain hardened baselines that enforce
-        the organization''s cybersecurity policies and provide only essential capabilities
-        (i.e., principle of least functionality)
-
-        Ex2: Review all default configuration settings that may potentially impact
-        cybersecurity when installing or upgrading software
-
-        Ex3: Monitor implemented software for deviations from approved baselines'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps
-      ref_id: PR.PS-02
-      description: Software is maintained, replaced, and removed commensurate with
-        risk
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node149
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Perform routine and emergency patching within the timeframes specified
-        in the vulnerability management plan
-
-        Ex2: Update container images, and deploy new container instances to replace
-        rather than update existing instances
-
-        Ex3: Replace end-of-life software and service versions with supported, maintained
-        versions
-
-        Ex4: Uninstall and remove unauthorized software and services that pose undue
-        risks
-
-        Ex5: Uninstall and remove any unnecessary software components (e.g., operating
-        system utilities) that attackers might misuse
-
-        Ex6: Define and implement plans for software and service end-of-life maintenance
-        support and obsolescence'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps
-      ref_id: PR.PS-03
-      description: Hardware is maintained, replaced, and removed commensurate with
-        risk
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node151
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Replace hardware when it lacks needed security capabilities or when it
-        cannot support software with needed security capabilities
-
-        Ex2: Define and implement plans for hardware end-of-life maintenance support
-        and obsolescence
-
-        Ex3: Perform hardware disposal in a secure, responsible, and auditable manner'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps
-      ref_id: PR.PS-04
-      description: Log records are generated and made available for continuous monitoring
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node153
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Configure all operating systems, applications, and services (including
-        cloud-based services) to generate log records
-
-        Ex2: Configure log generators to securely share their logs with the organization''s
-        logging infrastructure systems and services
-
-        Ex3: Configure log generators to record the data needed by zero-trust architectures'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps
-      ref_id: PR.PS-05
-      description: Installation and execution of unauthorized software are prevented
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node155
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-05
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: When risk warrants it, restrict software execution to permitted products
-        only or deny the execution of prohibited and unauthorized software
-
-        Ex2: Verify the source of new software and the software''s integrity before
-        installing it
-
-        Ex3: Configure platforms to use only approved DNS services that block access
-        to known malicious domains
-
-        Ex4: Configure platforms to allow the installation of organization-approved
-        software only'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps
-      ref_id: PR.PS-06
-      description: Secure software development practices are integrated, and their
-        performance is monitored throughout the software development life cycle
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node157
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-06
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Protect all components of organization-developed software from tampering
-        and unauthorized access
-
-        Ex2: Secure all software produced by the organization, with minimal vulnerabilities
-        in their releases
-
-        Ex3: Maintain the software used in production environments, and securely dispose
-        of software once it is no longer needed'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr
-      ref_id: PR.IR
-      name: Technology Infrastructure Resilience
-      description: Security architectures are managed with the organization's risk
-        strategy to protect asset confidentiality, integrity, and availability, and
-        organizational resilience
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir
-      ref_id: PR.IR-01
-      description: Networks and environments are protected from unauthorized logical
-        access and usage
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node160
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Logically segment organization networks and cloud-based platforms according
-        to trust boundaries and platform types (e.g., IT, IoT, OT, mobile, guests),
-        and permit required communications only between segments
-
-        Ex2: Logically segment organization networks from external networks, and permit
-        only necessary communications to enter the organization''s networks from the
-        external networks
-
-        Ex3: Implement zero trust architectures to restrict network access to each
-        resource to the minimum necessary
-
-        Ex4: Check the cyber health of endpoints before allowing them to access and
-        use production resources'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir
-      ref_id: PR.IR-02
-      description: The organization's technology assets are protected from environmental
-        threats
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node162
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Protect organizational equipment from known environmental threats, such
-        as flooding, fire, wind, and excessive heat and humidity
-
-        Ex2: Include protection from environmental threats and provisions for adequate
-        operating infrastructure in requirements for service providers that operate
-        systems on the organization''s behalf'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir
-      ref_id: PR.IR-03
-      description: Mechanisms are implemented to achieve resilience requirements in
-        normal and adverse situations
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node164
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Avoid single points of failure in systems and infrastructure
-
-        Ex2: Use load balancing to increase capacity and improve reliability
-
-        Ex3: Use high-availability components like redundant storage and power supplies
-        to improve system reliability'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir
-      ref_id: PR.IR-04
-      description: Adequate resource capacity to ensure availability is maintained
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node166
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-04
-      name: Examples
-      description: 'Ex1: Monitor usage of storage, power, compute, network bandwidth,
-        and other resources
-
-        Ex2: Forecast future needs, and scale resources accordingly'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de
-      assessable: false
-      depth: 1
-      ref_id: DE
-      name: DETECT
-      description: Possible cybersecurity attacks and compromises are found and analyzed
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de
-      ref_id: DE.CM
-      name: Continuous Monitoring
-      description: Assets are monitored to find anomalies, indicators of compromise,
-        and other potentially adverse events
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm
-      ref_id: DE.CM-01
-      description: Networks and network services are monitored to find potentially
-        adverse events
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node170
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-01
-      name: Examples
-      description: 'Ex1: Monitor DNS, BGP, and other network services for adverse
-        events
-
-        Ex2: Monitor wired and wireless networks for connections from unauthorized
-        endpoints
-
-        Ex3: Monitor facilities for unauthorized or rogue wireless networks
-
-        Ex4: Compare actual network flows against baselines to detect deviations
-
-        Ex5: Monitor network communications to identify changes in security postures
-        for zero trust purposes
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm
-      ref_id: DE.CM-02
-      description: The physical environment is monitored to find potentially adverse
-        events
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node172
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-02
-      name: Examples
-      description: 'Ex1: Monitor logs from physical access control systems (e.g.,
-        badge readers) to find unusual access patterns (e.g., deviations from the
-        norm) and failed access attempts
-
-        Ex2: Review and monitor physical access records (e.g., from visitor registration,
-        sign-in sheets)
-
-        Ex3: Monitor physical access controls (e.g., locks, latches, hinge pins, alarms)
-        for signs of tampering
-
-        Ex4: Monitor the physical environment using alarm systems, cameras, and security
-        guards
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm
-      ref_id: DE.CM-03
-      description: Personnel activity and technology usage are monitored to find potentially
-        adverse events
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node174
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-03
-      name: Examples
-      description: 'Ex1: Use behavior analytics software to detect anomalous user
-        activity to mitigate insider threats
-
-        Ex2: Monitor logs from logical access control systems to find unusual access
-        patterns and failed access attempts
-
-        Ex3: Continuously monitor deception technology, including user accounts, for
-        any usage
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm
-      ref_id: DE.CM-06
-      description: External service provider activities and services are monitored
-        to find potentially adverse events
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node176
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-06
-      name: Examples
-      description: 'Ex1: Monitor remote and onsite administration and maintenance
-        activities that external providers perform on organizational systems
-
-        Ex2: Monitor activity from cloud-based services, internet service providers,
-        and other service providers for deviations from expected behavior
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-09
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm
-      ref_id: DE.CM-09
-      description: Computing hardware and software, runtime environments, and their
-        data are monitored to find potentially adverse events
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node178
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-09
-      name: Examples
-      description: 'Ex1: Monitor email, web, file sharing, collaboration services,
-        and other common attack vectors to detect malware, phishing, data leaks and
-        exfiltration, and other adverse events
-
-        Ex2: Monitor authentication attempts to identify attacks against credentials
-        and unauthorized credential reuse
-
-        Ex3: Monitor software configurations for deviations from security baselines
-
-        Ex4: Monitor hardware and software for signs of tampering
-
-        Ex5: Use technologies with a presence on endpoints to detect cyber health
-        issues (e.g., missing patches, malware infections, unauthorized software),
-        and redirect the endpoints to a remediation environment before access is authorized
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de
-      ref_id: DE.AE
-      name: Adverse Event Analysis
-      description: Anomalies, indicators of compromise, and other potentially adverse
-        events are analyzed to characterize the events and detect cybersecurity incidents
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae
-      ref_id: DE.AE-02
-      description: Potentially adverse events are analyzed to better understand associated
-        activities
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node181
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-02
-      name: Examples
-      description: 'Ex1: Use security information and event management (SIEM) or other
-        tools to continuously monitor log events for known malicious and suspicious
-        activity
-
-        Ex2: Utilize up-to-date cyber threat intelligence in log analysis tools to
-        improve detection accuracy and characterize threat actors, their methods,
-        and indicators of compromise
-
-        Ex3: Regularly conduct manual reviews of log events for technologies that
-        cannot be sufficiently monitored through automation
-
-        Ex4: Use log analysis tools to generate reports on their findings
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae
-      ref_id: DE.AE-03
-      description: Information is correlated from multiple sources
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node183
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-03
-      name: Examples
-      description: 'Ex1: Constantly transfer log data generated by other sources to
-        a relatively small number of log servers
-
-        Ex2: Use event correlation technology (e.g., SIEM) to collect information
-        captured by multiple sources
-
-        Ex3: Utilize cyber threat intelligence to help correlate events among log
-        sources
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae
-      ref_id: DE.AE-04
-      description: The estimated impact and scope of adverse events are understood
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node185
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-04
-      name: Examples
-      description: 'Ex1: Use SIEMs or other tools to estimate impact and scope, and
-        review and refine the estimates
-
-        Ex2: A person creates their own estimates of impact and scope
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae
-      ref_id: DE.AE-06
-      description: Information on adverse events is provided to authorized staff and
-        tools
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node187
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-06
-      name: Examples
-      description: 'Ex1: Use cybersecurity software to generate alerts and provide
-        them to the security operations center (SOC), incident responders, and incident
-        response tools
-
-        Ex2: Incident responders and other authorized personnel can access log analysis
-        findings at all times
-
-        Ex3: Automatically create and assign tickets in the organization''s ticketing
-        system when certain types of alerts occur
-
-        Ex4: Manually create and assign tickets in the organization''s ticketing system
-        when technical staff discover indicators of compromise
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-07
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae
-      ref_id: DE.AE-07
-      description: Cyber threat intelligence and other contextual information are
-        integrated into the analysis
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node189
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-07
-      name: Examples
-      description: 'Ex1: Securely provide cyber threat intelligence feeds to detection
-        technologies, processes, and personnel
-
-        Ex2: Securely provide information from asset inventories to detection technologies,
-        processes, and personnel
-
-        Ex3: Rapidly acquire and analyze vulnerability disclosures for the organization''s
-        technologies from suppliers, vendors, and third-party security advisories
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-08
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae
-      ref_id: DE.AE-08
-      description: Incidents are declared when adverse events meet the defined incident
-        criteria
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node191
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-08
-      name: Examples
-      description: 'Ex1: Apply incident criteria to known and assumed characteristics
-        of activity in order to determine whether an incident should be declared
-
-        Ex2: Take known false positives into account when applying incident criteria
-
-        1st: 1st Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs
-      assessable: false
-      depth: 1
-      ref_id: RS
-      name: RESPOND
-      description: Actions regarding a detected cybersecurity incident are taken
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs
-      ref_id: RS.MA
-      name: Incident Management
-      description: Responses to detected cybersecurity incidents are managed
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma
-      ref_id: RS.MA-01
-      description: The incident response plan is executed in coordination with relevant
-        third parties once an incident is declared
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node195
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-01
-      name: Examples
-      description: 'Ex1: Detection technologies automatically report confirmed incidents
-
-        Ex2: Request incident response assistance from the organization''s incident
-        response outsourcer
-
-        Ex3: Designate an incident lead for each incident
-
-        Ex4: Initiate execution of additional cybersecurity plans as needed to support
-        incident response (for example, business continuity and disaster recovery)
-
-        3rd: 3rd Party Risk'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma
-      ref_id: RS.MA-02
-      description: Incident reports are triaged and validated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node197
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Preliminarily review incident reports to confirm that they are cybersecurity-related
-        and necessitate incident response activities
-
-        Ex2: Apply criteria to estimate the severity of an incident'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma
-      ref_id: RS.MA-03
-      description: Incidents are categorized and prioritized
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node199
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Further review and categorize incidents based on the type of incident
-        (e.g., data breach, ransomware, DDoS, account compromise)
-
-        Ex2: Prioritize incidents based on their scope, likely impact, and time-critical
-        nature
-
-        Ex3: Select incident response strategies for active incidents by balancing
-        the need to quickly recover from an incident with the need to observe the
-        attacker or conduct a more thorough investigation'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma
-      ref_id: RS.MA-04
-      description: Incidents are escalated or elevated as needed
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node201
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Track and validate the status of all ongoing incidents
-
-        Ex2: Coordinate incident escalation or elevation with designated internal
-        and external stakeholders'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma
-      ref_id: RS.MA-05
-      description: The criteria for initiating incident recovery are applied
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node203
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-05
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Apply incident recovery criteria to known and assumed characteristics
-        of the incident to determine whether incident recovery processes should be
-        initiated
-
-        Ex2: Take the possible operational disruption of incident recovery activities
-        into account'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs
-      ref_id: RS.AN
-      name: Incident Analysis
-      description: Investigations are conducted to ensure effective response and support
-        forensics and recovery activities
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an
-      ref_id: RS.AN-03
-      description: Analysis is performed to establish what has taken place during
-        an incident and the root cause of the incident
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node206
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Determine the sequence of events that occurred during the incident and
-        which assets and resources were involved in each event
-
-        Ex2: Attempt to determine what vulnerabilities, threats, and threat actors
-        were directly or indirectly involved in the incident
-
-        Ex3: Analyze the incident to find the underlying, systemic root causes
-
-        Ex4: Check any cyber deception technology for additional information on attacker
-        behavior'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an
-      ref_id: RS.AN-06
-      description: Actions performed during an investigation are recorded, and the
-        records' integrity and provenance are preserved
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node208
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-06
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Require each incident responder and others (e.g., system administrators,
-        cybersecurity engineers) who perform incident response tasks to record their
-        actions and make the record immutable
-
-        Ex2: Require the incident lead to document the incident in detail and be responsible
-        for preserving the integrity of the documentation and the sources of all information
-        being reported'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-07
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an
-      ref_id: RS.AN-07
-      description: Incident data and metadata are collected, and their integrity and
-        provenance are preserved
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node210
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-07
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Collect, preserve, and safeguard the integrity of all pertinent incident
-        data and metadata (e.g., data source, date/time of collection) based on evidence
-        preservation and chain-of-custody procedures'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-08
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an
-      ref_id: RS.AN-08
-      description: An incident's magnitude is estimated and validated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node212
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-08
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Review other potential targets of the incident to search for indicators
-        of compromise and evidence of persistence
-
-        Ex2: Automatically run tools on targets to look for indicators of compromise
-        and evidence of persistence'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs
-      ref_id: RS.CO
-      name: Incident Response Reporting and Communication
-      description: Response activities are coordinated with internal and external
-        stakeholders as required by laws, regulations, or policies
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co
-      ref_id: RS.CO-02
-      description: Internal and external stakeholders are notified of incidents
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node215
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Follow the organization''s breach notification procedures after discovering
-        a data breach incident, including notifying affected customers
-
-        Ex2: Notify business partners and customers of incidents in accordance with
-        contractual requirements
-
-        Ex3: Notify law enforcement agencies and regulatory bodies of incidents based
-        on criteria in the incident response plan and management approval'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co
-      ref_id: RS.CO-03
-      description: Information is shared with designated internal and external stakeholders
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node217
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Securely share information consistent with response plans and information
-        sharing agreements
-
-        Ex2: Voluntarily share information about an attacker''s observed TTPs, with
-        all sensitive data removed, with an Information Sharing and Analysis Center
-        (ISAC)
-
-        Ex3: Notify HR when malicious insider activity occurs
-
-        Ex4: Regularly update senior leadership on the status of major incidents
-
-        Ex5: Follow the rules and protocols defined in contracts for incident information
-        sharing between the organization and its suppliers
-
-        Ex6: Coordinate crisis communication methods between the organization and
-        its critical suppliers'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs
-      ref_id: RS.MI
-      name: Incident Mitigation
-      description: Activities are performed to prevent expansion of an event and mitigate
-        its effects
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi
-      ref_id: RS.MI-01
-      description: Incidents are contained
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node220
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Cybersecurity technologies (e.g., antivirus software) and cybersecurity
-        features of other technologies (e.g., operating systems, network infrastructure
-        devices) automatically perform containment actions
-
-        Ex2: Allow incident responders to manually select and perform containment
-        actions
-
-        Ex3: Allow a third party (e.g., internet service provider, managed security
-        service provider) to perform containment actions on behalf of the organization
-
-        Ex4: Automatically transfer compromised endpoints to a remediation virtual
-        local area network (VLAN)'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi
-      ref_id: RS.MI-02
-      description: Incidents are eradicated
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node222
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Cybersecurity technologies and cybersecurity features of other technologies
-        (e.g., operating systems, network infrastructure devices) automatically perform
-        eradication actions
-
-        Ex2: Allow incident responders to manually select and perform eradication
-        actions
-
-        Ex3: Allow a third party (e.g., managed security service provider) to perform
-        eradication actions on behalf of the organization'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc
-      assessable: false
-      depth: 1
-      ref_id: RC
-      name: RECOVER
-      description: Assets and operations affected by a cybersecurity incident are
-        restored
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc
-      ref_id: RC.RP
-      name: Incident Recovery Plan Execution
-      description: Restoration activities are performed to ensure operational availability
-        of systems and services affected by cybersecurity incidents
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-01
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp
-      ref_id: RC.RP-01
-      description: The recovery portion of the incident response plan is executed
-        once initiated from the incident response process
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node226
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-01
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Begin recovery procedures during or after incident response processes
-
-        Ex2: Make all individuals with recovery responsibilities aware of the plans
-        for recovery and the authorizations required to implement each aspect of the
-        plans'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-02
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp
-      ref_id: RC.RP-02
-      description: Recovery actions are selected, scoped, prioritized, and performed
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node228
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-02
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Select recovery actions based on the criteria defined in the incident
-        response plan and available resources
-
-        Ex2: Change planned recovery actions based on a reassessment of organizational
-        needs and resources'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp
-      ref_id: RC.RP-03
-      description: The integrity of backups and other restoration assets is verified
-        before using them for restoration
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node230
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Check restoration assets for indicators of compromise, file corruption,
-        and other integrity issues before use'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp
-      ref_id: RC.RP-04
-      description: Critical mission functions and cybersecurity risk management are
-        considered to establish post-incident operational norms
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node232
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Use business impact and system categorization records (including service
-        delivery objectives) to validate that essential services are restored in the
-        appropriate order
-
-        Ex2: Work with system owners to confirm the successful restoration of systems
-        and the return to normal operations
-
-        Ex3: Monitor the performance of restored systems to verify the adequacy of
-        the restoration'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-05
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp
-      ref_id: RC.RP-05
-      description: The integrity of restored assets is verified, systems and services
-        are restored, and normal operating status is confirmed
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node234
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-05
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Check restored assets for indicators of compromise and remediation of
-        root causes of the incident before production use
-
-        Ex2: Verify the correctness and adequacy of the restoration actions taken
-        before putting a restored system online'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-06
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp
-      ref_id: RC.RP-06
-      description: The end of incident recovery is declared based on criteria, and
-        incident-related documentation is completed
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node236
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-06
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Prepare an after-action report that documents the incident itself, the
-        response and recovery actions taken, and lessons learned
-
-        Ex2: Declare the end of incident recovery once the criteria are met'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co
-      assessable: false
-      depth: 2
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc
-      ref_id: RC.CO
-      name: Incident Recovery Communication
-      description: Restoration activities are coordinated with internal and external
-        parties
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co-03
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co
-      ref_id: RC.CO-03
-      description: Recovery activities and progress in restoring operational capabilities
-        are communicated to designated internal and external stakeholders
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node239
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co-03
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        3rd: 3rd Party Risk
-
-        Ex1: Securely share recovery information, including restoration progress,
-        consistent with response plans and information sharing agreements
-
-        Ex2: Regularly update senior leadership on recovery status and restoration
-        progress for major incidents
-
-        Ex3: Follow the rules and protocols defined in contracts for incident information
-        sharing between the organization and its suppliers
-
-        Ex4: Coordinate crisis communication between the organization and its critical
-        suppliers'
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co-04
-      assessable: true
-      depth: 3
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co
-      ref_id: RC.CO-04
-      description: Public updates on incident recovery are shared using approved methods
-        and messaging
-    - urn: urn:intuitem:risk:req_node:nist-csf-2.0:node241
-      assessable: false
-      depth: 4
-      parent_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co-04
-      name: Examples
-      description: '1st: 1st Party Risk
-
-        Ex1: Follow the organization''s breach notification procedures for recovering
-        from a data breach incident
-
-        Ex2: Explain the steps being taken to recover from the incident and to prevent
-        a recurrence'