NIST Cybersecurity Framework 2.0.

The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations. Es gehört zur Kategorie Compliance und Frameworks der Cybersicherheit.

The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.

NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.

Schutzmaßnahmen gegen NIST Cybersecurity Framework 2.0 kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: NIST CSF 2.0, CSF v2.