NIST Cybersecurity Framework 2.0
Structure and mature your security programme around NIST CSF 2.0, including the new Govern function.
Six-Function Review
Govern, Identify, Protect, Detect, Respond, Recover
Profile & Tier Assessment
Current and target maturity defined
Framework Mapping
Maps to ISO 27001, SOC 2 and PCI DSS
CSF Practitioners
NIST CSF 2.0 specialists
What it is
The NIST Cybersecurity Framework 2.0 is a voluntary, risk-based framework of cybersecurity outcomes organised into six functions: Govern, Identify, Protect, Detect, Respond and Recover. Released in February 2024, it expanded scope to all organisations and added the new Govern function, measuring progress through profiles and implementation tiers.
Who must comply
Organisations of any size wanting a structured, board-friendly programme, plus US federal contractors and supply-chain vendors; it also works well as an umbrella over ISO 27001 or SOC 2.
How IntelligenceX helps
Frequently Asked Questions
The headline change is the new Govern function, which makes cybersecurity an explicit leadership and enterprise-risk responsibility, plus expanded applicability to all organisations and stronger supply-chain emphasis.
No. CSF 2.0 is a voluntary framework with no certificate. We often use it as the umbrella and map ISO 27001 or SOC 2 controls underneath for certifiable proof.
We build a current-state Organizational Profile, agree a realistic target profile with leadership, and track the gap closing over time using Implementation Tiers. Because the outcomes map to ISO 27001 and SP 800-53, the same evidence also feeds any certification you pursue later.