Articles & Blogs

NIST Cybersecurity Framework Version 2.0: New Release

March 8, 2024 | By Accorian

In a landmark move for cybersecurity, the National Institute of Standards and Technology (NIST) has released version 2.0 of the Cybersecurity Framework (CSF), an essential resource referenced in President Biden’s National Cybersecurity Strategy. This update represents a significant expansion of cybersecurity risk management protocols, transitioning from safeguarding critical infrastructure to encompassing organizations across all sectors.

Designed for Universal Adoption

NIST CSF 2.0 offers a universally applicable framework with detailed guidance and resources tailored to the diverse needs of various entities, from small businesses and schools to large corporations.

Introduction of the “Govern” Function

Credits: NIST

Six functions, 22 categories, and 106 subcategories make up the CSF 2.0

The framework historically comprised five core functions for a comprehensive cybersecurity strategy:

NIST has now introduced a sixth function, Govern, in CSF 2.0, expanding the framework to offer a holistic view of managing cybersecurity risks throughout their lifecycle. This addition promotes a more comprehensive approach to organizational security, emphasizing managing cybersecurity risks throughout their entire lifecycle.

Furthermore, within the Govern function, particular emphasis is placed on the critical role of supply chain risk management, highlighting the necessity for robust cybersecurity practices that extend throughout supply chains.

Salient Features and Major Changes

Expanded Guidance on Profiles and Implementation

Realignment of Categories

Ten categories from NIST CSF 1.0 have been realigned to enhance clarity and coherence. Notable realignments include the Business Environment, Governance, Identity Management, Access Control, Information Protection Processes and Procedures, Maintenance, Protective Technology, Detection Processes, Response Planning, and Improvements from Response and Recovery.

Note: The previous improvement category from Respond & Recover is now consolidated to 1 under identity.

Innovative Tools and Resources

Improved Categorization

The information protection processes and procedures category has been divided into seven distinct categories: Roles, Responsibilities & Authorities, Asset Management, Risk Assessment, Improvement, Data Security, Platform Security, and Technology Infrastructure Resilience.

  • Platform Security and Technology Infrastructure Resilience:

    This significant addition builds upon CSF 1.0's Information Protection Processes & Procedures, Maintenance, and Protective Technology. It places a stronger emphasis on software architecture, software risk management, and resource capacity.

  • Enhanced Incident Management:

    CSF 2.0 offers an improved version of CSF 1.0's Response Planning and Analysis, providing more comprehensive guidance on incident management.

CSF Tiers Remain Unchanged

The four CSF tiers (Partial, Informed, Repeatable, Adaptive) remain unchanged in CSF 2.0.

Partner with Accorian for Your NIST CSF Framework

NIST CSF 2.0 represents a significant advancement in cybersecurity risk management. Offering a comprehensive framework with a broader scope, improved resources, and a focus on supply chain risk management empowers organizations of all sizes to build more robust and holistic cybersecurity postures.

Accorian is a global cybersecurity firm that partners with corporations throughout their security journey. We offer expert services in strategy, compliance, testing, and security staffing solutions, empowering businesses to navigate the intricate cybersecurity landscape with assurance and success.

Over the past five years, our team has successfully executed numerous NIST CSF projects across diverse sectors and regions. Through our comprehensive preparedness and implementation services, we have assisted organizations in meeting NIST criteria and navigating through the assessment or assurance process.


Recent Blog

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide