VoluntaryNISTUSv2.0

NIST CSF 2.0

NIST Cybersecurity Framework 2.0

A voluntary, outcome-based framework organised into six functions — Govern, Identify, Protect, Detect, Respond and Recover. CSF 2.0 (2024) adds the Govern function and ships official informative references mapping subcategories to other standards.

Official source ↗

Who it applies to

Any sectorUS critical infrastructureInternational

Any organization seeking a common language to assess and manage cybersecurity risk. Voluntary, but widely adopted by US critical-infrastructure operators and referenced by regulators and contracts worldwide.

GV Govern

GV.OC-01 Organizational mission and security role understood
The organizational mission is understood and informs cybersecurity risk management.
10 mapped

ID Identify

ID.AM-01 Inventories of hardware managed
Inventories of hardware managed by the organization are maintained.
6 mapped
ID.RA-01 Vulnerabilities identified and recorded
Vulnerabilities in assets are identified, validated and recorded.
17 mapped

PR Protect

PR.AA-01 Identities and credentials managed
Identities and credentials for authorized users, services and hardware are managed by the organization.
14 mapped
PR.DS-01 Confidentiality of data-at-rest protected
The confidentiality, integrity and availability of data-at-rest are protected.
13 mapped
PR.PS-01 Configuration management practices established
Configuration management practices are established and applied to maintain secure baselines.
10 mapped
PR.DS-11 Backups of data created and tested
Backups of data are created, protected, maintained and tested.
6 mapped

DE Detect

DE.CM-01 Networks and services monitored
Networks and network services are monitored to find potentially adverse events.
9 mapped