NIST Cybersecurity Framework 2.0
Qu'est-ce que NIST Cybersecurity Framework 2.0 ?
NIST Cybersecurity Framework 2.0The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.
NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.
● Exemples
- 01
A board adopts CSF 2.0 categories as the structure for the quarterly security update, with the new Govern Function used to report on risk appetite and oversight.
- 02
A cyber insurer's underwriting questionnaire maps each question to a CSF 2.0 subcategory so it can score applicants on a common lattice.
● Questions fréquentes
Qu'est-ce que NIST Cybersecurity Framework 2.0 ?
The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations. Cette notion relève de la catégorie Conformité et référentiels en cybersécurité.
Que signifie NIST Cybersecurity Framework 2.0 ?
The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.
Comment fonctionne NIST Cybersecurity Framework 2.0 ?
NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.
Comment se défendre contre NIST Cybersecurity Framework 2.0 ?
Les défenses contre NIST Cybersecurity Framework 2.0 combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.
Quels sont les autres noms de NIST Cybersecurity Framework 2.0 ?
Noms alternatifs courants : NIST CSF 2.0, CSF v2.
● Termes liés
- compliance№ 818
NIST Cybersecurity Framework
Référentiel volontaire fondé sur le risque, publié par le NIST américain, qui organise les objectifs de cybersécurité en six fonctions principales.
- compliance№ 821
NIST Risk Management Framework
Processus en sept étapes du NIST, défini dans SP 800-37, qui intègre la gestion des risques de sécurité, de confidentialité et de chaîne d'approvisionnement au cycle de vie du système.
- compliance№ 620
ISO/IEC 27001
Norme internationale qui spécifie les exigences d'un Système de Management de la Sécurité de l'Information (SMSI) et permet une certification formelle des organisations.
- compliance№ 192
CIS Controls
Ensemble priorisé de mesures de cybersécurité de bonne pratique maintenu par le Center for Internet Security pour contrer les attaques les plus fréquentes.
- compliance№ 1264
Gestion des risques tiers (TPRM)
Discipline de bout en bout pour identifier, évaluer, contractualiser, surveiller puis sortir des tiers afin que les risques cyber, opérationnels et de conformité qu'ils introduisent restent dans l'appétence.
- compliance№ 1043
Gestion des risques
Processus coordonné d'identification, d'analyse, d'évaluation, de traitement, de suivi et de communication des risques afin de les maintenir dans la tolérance définie par l'organisation.