NIST CSF 2.0
NIST Cybersecurity Framework 2.0
A voluntary, outcome-based framework organised into six functions — Govern, Identify, Protect, Detect, Respond and Recover. CSF 2.0 (2024) adds the Govern function and ships official informative references mapping subcategories to other standards.
Who it applies to
Any organization seeking a common language to assess and manage cybersecurity risk. Voluntary, but widely adopted by US critical-infrastructure operators and referenced by regulators and contracts worldwide.
GV Govern
ID Identify
PR Protect
- PR.AA-01 Identities and credentials managed16 mapped
Identities and credentials for authorized users, services and hardware are managed by the organization.
- PR.DS-01 Confidentiality of data-at-rest protected15 mapped
The confidentiality, integrity and availability of data-at-rest are protected.
- PR.PS-01 Configuration management practices established10 mapped
Configuration management practices are established and applied to maintain secure baselines.
- PR.DS-11 Backups of data created and tested6 mapped
Backups of data are created, protected, maintained and tested.
- PR.DS-02 Confidentiality of data-in-transit protected15 mapped
The confidentiality, integrity and availability of data-in-transit are protected.
- PR.AA-05 Access permissions and authorizations enforced16 mapped
Access permissions, entitlements and authorizations are defined, managed and enforced under least privilege and separation of duties.
- PR.PS-04 Log records generated for monitoring11 mapped
Log records are generated and made available for continuous monitoring.