Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
Русский
Entry № 819

NIST Cybersecurity Framework 2.0

Что такое NIST Cybersecurity Framework 2.0?

NIST Cybersecurity Framework 2.0The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.

NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.

Примеры

  1. 01

    A board adopts CSF 2.0 categories as the structure for the quarterly security update, with the new Govern Function used to report on risk appetite and oversight.

  2. 02

    A cyber insurer's underwriting questionnaire maps each question to a CSF 2.0 subcategory so it can score applicants on a common lattice.

Частые вопросы

Что такое NIST Cybersecurity Framework 2.0?

The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations. Относится к категории Соответствие и стандарты в кибербезопасности.

Что означает NIST Cybersecurity Framework 2.0?

The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.

Как работает NIST Cybersecurity Framework 2.0?

NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.

Как защититься от NIST Cybersecurity Framework 2.0?

Защита от NIST Cybersecurity Framework 2.0 обычно сочетает технические меры и операционные практики, как описано в определении выше.

Какие есть другие названия NIST Cybersecurity Framework 2.0?

Распространённые альтернативные названия: NIST CSF 2.0, CSF v2.

Связанные термины