NIST CSF 2.0 (Cybersecurity Framework 2.0)
Region
US
Focus
Organisational Management
Detailed description
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to organisations across industries, governments, and sectors to effectively manage cybersecurity risks. Designed for universal application, it helps organisations of all sizes and maturity levels understand, assess, prioritize, and communicate their cybersecurity efforts. The CSF focuses on high-level outcomes without prescribing specific actions, linking instead to resources that offer practical guidance for achieving those outcomes. The framework is particularly valuable for individuals leading cybersecurity programs but is also relevant to executives, risk managers, boards, and policymakers involved in cybersecurity decision-making and risk management. It is intended to integrate cybersecurity with broader enterprise risks, including financial, privacy, supply chain, and reputational risks. CSF 2.0 emphasises flexibility and adaptability, acknowledging that organisations have unique missions, objectives, and risk tolerances. Its sector- and technology-neutral structure allows for tailored implementation while promoting a common understanding across diverse audiences. The framework organizes its cybersecurity outcomes into six core functions: GOVERN, IDENTIFY, PROTECT, DETECT, RESPOND, and RECOVER, providing a clear structure for managing cybersecurity risks.
Key Details
- Developed by the National Institute of Standards and Technology (NIST).
- Structured around five key functions: Identify, Protect, Detect, Respond, and Recover.
- Designed to be flexible, scalable, and adaptable to various industries.
- Aligns with international cybersecurity best practices.