CSF 2.0 added Govern as a top-level function and modernized the framework for a world where security crosses every team and geography. We use it as a living map: where you are, where you’re going, and what to do this quarter to get there.
NIST CSF 2.0
NIST CSF 2.0
Posture optimization and security maturity uplift against the updated NIST Cybersecurity Framework — fit for distributed and global organizations.
NIST CSF 2.0 — common questions
Is NIST CSF 2.0 a certification?
No. NIST CSF is a voluntary, outcome-based maturity framework. There is no NIST CSF certification body. We use it as a structured way to assess current state, plan a target state, and report maturity to boards, customers, and insurers.
What changed in CSF 2.0?
CSF 2.0 added Govern as a sixth top-level function alongside Identify, Protect, Detect, Respond, and Recover. It also broadened the framework’s applicability beyond critical infrastructure.