Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
日本語
Entry № 819

NIST Cybersecurity Framework 2.0

NIST Cybersecurity Framework 2.0 とは何ですか?

NIST Cybersecurity Framework 2.0The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.

NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.

  1. 01

    A board adopts CSF 2.0 categories as the structure for the quarterly security update, with the new Govern Function used to report on risk appetite and oversight.

  2. 02

    A cyber insurer's underwriting questionnaire maps each question to a CSF 2.0 subcategory so it can score applicants on a common lattice.

よくある質問

NIST Cybersecurity Framework 2.0 とは何ですか?

The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations. サイバーセキュリティの コンプライアンスとフレームワーク カテゴリに属します。

NIST Cybersecurity Framework 2.0 とはどういう意味ですか?

The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.

NIST Cybersecurity Framework 2.0 はどのように機能しますか?

NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.

NIST Cybersecurity Framework 2.0 からどのように防御しますか?

NIST Cybersecurity Framework 2.0 に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

NIST Cybersecurity Framework 2.0 の別名は何ですか?

一般的な別名: NIST CSF 2.0, CSF v2。

関連用語