NIST CSF 2.0

NIST Cybersecurity Framework 2.0

FrameworkUS / International

The NIST Cybersecurity Framework 2.0, released February 2024, is the most widely adopted cybersecurity framework globally. CSF 2.0 introduces the GOVERN function alongside the original five (Identify, Protect, Detect, Respond, Recover), totalling 6 functions, 22 categories, and 106 subcategories. Available in 10+ languages, it applies to organisations of all sizes and sectors.

Also explore

GDPR DORA NIS2 SOC 2 HIPAA PCI DSS ISO 27001 CMMC IEC 62443 NERC CIP MITRE ATT&CK ICS CISA CPGs Saudi OTCC NIST 800-53 NIST 800-171 CIS Controls CSA CCM CSA CAIQ

Functions

Who Needs to Comply

Federal Agencies

Mandatory under FISMA and executive orders for all US federal agencies
Government contractors and supply chain participants
FedRAMP-authorised cloud service providers
State, local, tribal, and territorial (SLTT) governments

All Organisations Globally

Voluntary adoption across all sectors and organisation sizes
Healthcare, finance, energy, manufacturing, education, and more
Available in 10+ languages for international adoption
Used as foundation for sector-specific cybersecurity programmes

Key Compliance Areas

GOVERN (New in 2.0)

Organisational context, risk management strategy, roles and responsibilities, policy, oversight, and supply chain risk management.

IDENTIFY

Asset management, business environment, governance, risk assessment, and supply chain risk management for comprehensive visibility.

PROTECT

Identity management and access control, awareness and training, data security, platform security, and protective technology.

DETECT

Anomalies and events detection, security continuous monitoring, and detection processes for timely threat identification.

RS/RC

RESPOND & RECOVER

Response planning, communications, analysis, mitigation, and improvements; recovery planning, continuity, and post-incident improvements.

How Orizon Helps

Organisational Profile

Create a Current Profile documenting existing cybersecurity outcomes across all six CSF functions.

Target Profile

Define desired cybersecurity outcomes aligned with business objectives and risk appetite.

Gap Assessment

Compare Current vs Target Profile to identify gaps in cybersecurity outcomes.

Action Plan

Prioritise and plan activities to close identified gaps, considering available resources and risk.

Implementation

Deploy controls and practices mapped to CSF subcategories using Informative References.

Continuous Assessment

Use CSF Tiers (1-4) to measure maturity and drive continuous improvement over time.

Official Sources

Assess Your Compliance

Expert guidance for your NIST CSF 2.0 compliance journey.

Get Started