What is NIST CSF 2.0 ?
The NIST Cybersecurity Framework (CSF) 2.0 is a reference framework for cybersecurity risk management, published by the National Institute of Standards and Technology. Version 2.0, released in February 2024, adds a sixth Govern function to the existing five functions (Identify, Protect, Detect, Respond, Recover). The framework is structured into functions, categories, and subcategories, and offers organizational profiles and maturity tiers to assess and improve cybersecurity posture.
Key Points
- 6 functions: Govern, Identify, Protect, Detect, Respond, Recover covering the full cybersecurity lifecycle
- Govern function added in 2.0: strategy, policy, roles, supply chain risk management
- Organizational profiles: current state vs target state to prioritize improvement actions
- 4 maturity tiers (Partial, Risk-Informed, Repeatable, Adaptive) to evaluate practice sophistication
- Non-prescriptive framework: adaptable to any organization, sector, and size
- Informative references to detailed standards (ISO 27001, NIST 800-53, CIS Controls)
Why Zaxyr
Zaxyr enables you to assess your cybersecurity posture across all 6 NIST CSF 2.0 functions. The platform automatically generates your current organizational profile, identifies gaps with your target profile, and produces a prioritized action plan. Native mapping to ISO 27001, NIS2, and CIS Controls lets you leverage existing controls and avoid duplicate work.