The most widely adopted cybersecurity framework, now with enhanced governance. Build a risk-based cybersecurity program aligned with business objectives.
The NIST Cybersecurity Framework (CSF) is a voluntary framework developed by the National Institute of Standards and Technology to help organizations manage and reduce cybersecurity risk. Originally created for critical infrastructure in 2014, it has become the most widely adopted cybersecurity framework globally.
CSF 2.0, released in February 2024, represents a significant update that expands the framework's scope to all organizations and adds a sixth core function: GOVERN. This new function emphasizes cybersecurity as an enterprise risk that requires leadership attention and organizational commitment.
The framework is technology-neutral and designed to complement, not replace, existing cybersecurity programs. It provides a common language for communicating cybersecurity risk across organizations and with external stakeholders.
CSF 2.0 organizes cybersecurity activities into six interconnected functions
Establish and monitor organizational cybersecurity risk management strategy, expectations, and policy.
Understand organizational context, assets, risks, and improvement opportunities.
Implement safeguards to ensure delivery of critical services.
Define activities to identify the occurrence of cybersecurity events.
Take action regarding detected cybersecurity incidents.
Maintain resilience and restore capabilities impaired by incidents.
New GOVERN function elevates cybersecurity risk management to leadership level
Expanded scope beyond critical infrastructure to all organizations
Enhanced supply chain risk management guidance
Improved alignment with privacy frameworks and other NIST guidance
New implementation examples and quick-start guides
Better integration with enterprise risk management
GOVERN function directly addresses AI governance and oversight requirements
Risk assessment methodology applies to AI-specific threats and vulnerabilities
IDENTIFY function covers AI asset inventory and data classification
DETECT function relevant for AI system monitoring and anomaly detection
Framework integrates with NIST AI RMF for comprehensive AI risk management
Supply chain guidance addresses AI model and component provenance
Integration Tip: NIST CSF and NIST AI RMF share the GOVERN function structure. Organizations can create unified governance that addresses both cybersecurity and AI risks.
NIST CSF is the most widely adopted cybersecurity framework. Using it demonstrates alignment with industry best practices.
Focus resources on the most important risks. The framework helps prioritize investments based on business impact.
Many regulations reference NIST CSF. Implementation provides a foundation for multiple compliance requirements.
The framework provides a common language for communicating cybersecurity risk to leadership and board members.
Evaluate your existing cybersecurity program against CSF 2.0 functions and categories, identifying gaps and maturity levels.
Create organizational profiles defining current and target states, with prioritized action plans for closing gaps.
Extend CSF implementation to cover AI-specific risks, creating alignment between cybersecurity and AI governance programs.
Develop governance structures and processes aligned with the new GOVERN function, ensuring leadership engagement.
Let's assess your current state and build a roadmap to enhanced cybersecurity.