NIST Cybersecurity Framework 2.0
NIST Cybersecurity Framework 2.0 是什么?
NIST Cybersecurity Framework 2.0The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.
NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.
● 示例
- 01
A board adopts CSF 2.0 categories as the structure for the quarterly security update, with the new Govern Function used to report on risk appetite and oversight.
- 02
A cyber insurer's underwriting questionnaire maps each question to a CSF 2.0 subcategory so it can score applicants on a common lattice.
● 常见问题
NIST Cybersecurity Framework 2.0 是什么?
The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations. 它属于网络安全的 合规与框架 分类。
NIST Cybersecurity Framework 2.0 是什么意思?
The February 2024 update to the NIST Cybersecurity Framework, adding a sixth 'Govern' Function alongside Identify, Protect, Detect, Respond, and Recover, and broadening the audience beyond U.S. critical infrastructure to all organizations.
NIST Cybersecurity Framework 2.0 是如何工作的?
NIST Cybersecurity Framework 2.0, published 26 February 2024, is the first major revision since CSF 1.1 in 2018. It adds a new top-level Function, 'Govern' (GV) — covering organizational context, risk management strategy, supply-chain risk management, roles & responsibilities, policy, and oversight — recognizing that cyber risk is a governance topic alongside operational hygiene. The other Functions remain: Identify, Protect, Detect, Respond, Recover. The scope was broadened from 'critical infrastructure' to all organizations regardless of sector or size, with explicit guidance for small and medium enterprises. NIST also published a richer set of companion resources: implementation examples, informative references mapping to NIST SP 800-53/171, ISO 27001, CIS Controls, and the Cybersecurity Framework Reference Tool. CSF 2.0 is widely used as a board-level reporting lattice, as a baseline for vendor questionnaires, and as a structure for cyber-insurance underwriting. Many existing CSF 1.1 programs migrated to 2.0 through 2024–2025.
如何防御 NIST Cybersecurity Framework 2.0?
针对 NIST Cybersecurity Framework 2.0 的防御通常结合技术控制与运营实践,详见上方完整定义。
NIST Cybersecurity Framework 2.0 还有哪些其他名称?
常见的别称包括: NIST CSF 2.0, CSF v2。
● 相关术语
- compliance№ 818
NIST 网络安全框架
由美国国家标准与技术研究院发布的自愿性、基于风险的框架,将网络安全目标分为六大核心功能。
- compliance№ 821
NIST 风险管理框架
NIST 在 SP 800-37 中定义的七步流程,用于将安全、隐私和供应链风险管理整合到系统生命周期中。
- compliance№ 620
ISO/IEC 27001
信息安全管理体系(ISMS)要求的国际标准,组织可据此通过正式认证。
- compliance№ 192
CIS Controls
由 Center for Internet Security 维护的优先级排序的最佳实践网络安全控制集,用于防御最常见的网络攻击。
- compliance№ 1264
第三方风险管理(TPRM)
对第三方进行识别、评估、签约、持续监控直至退出的端到端管理流程,使其带来的网络、运营与合规风险保持在偏好之内。
- compliance№ 1043
风险管理
对风险进行识别、分析、评估、处置、监控与沟通的协调过程,以将风险保持在组织既定的容忍度之内。