NIST CSF 2.0 Cyber Framework
United States
2024
Cybersecurity
Overview
The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, is an updated version of the original framework developed by the National Institute of Standards and Technology (NIST). CSF 2.0 expands its applicability beyond critical infrastructure to include organizations of all sizes and sectors, both public and private.The framework provides a flexible structure for managing and reducing cybersecurity risk. It is organized around six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Each function includes categories and subcategories of security outcomes and references to widely accepted standards. Though voluntary, CSF 2.0 is widely used by financial institutions, healthcare providers, technology companies, and government agenciesto strengthen cyber resilience and align with regulatory compliance.
Key Obligations
- Establish governance structures to oversee cybersecurity risk
- Identify assets, systems, and data to manage risk exposure
- Implement safeguards for identity access, data security, and awareness
- Detect anomalies and cybersecurity events in real time
- Develop and test response and recovery plans for incidents
- Conduct continuous assessments and updates to cybersecurity posture
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Related Regulations
FAQ
Is CSF 2.0 mandatory for U.S. organizations?
No, it’s a voluntary framework. However, it’s widely adopted and often aligned with regulatory expectations.
What’s new in CSF 2.0 compared to the original version?
The addition of a new “Govern” function, expanded implementation examples, and broader sector applicability.
Who should use the CSF 2.0?
Organizations of any size or sector, including financial services, healthcare, and critical infrastructure operators.
Does CSF 2.0 help with compliance?
Yes. While not a regulation, it supports alignment with standards like ISO 27001, GLBA, and CIRCIA.