NIST CSF 2.0
NIST Cybersecurity Framework Version 2.0
Overview
Comprehensive framework for managing cybersecurity risks through six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Provides a common language for cybersecurity across organizations and sectors.
Applicability
Organization-wide cybersecurity risk management
Relevance to Network and Information Security Directive (NIS2)
Comprehensive framework well-aligned with NIS2 risk management and security measures requirements
Key Coverage Areas
Standard Sections & Chapters
Govern - Strategy, policy, and oversight
Identify - Assets, risks, and vulnerabilities
Protect - Access control, data security, training
Detect - Monitoring, anomaly detection
Respond - Incident management, communications
Recover - Recovery planning, improvements
Related Network and Information Security Directive (NIS2) Articles
Article I: SECTORS OF HIGH CRITICALITY
View Article →Comprehensive risk framework
Implementation Guidance:
Apply NIST CSF at maturity level 3-4 for essential entities
Article II: OTHER CRITICAL SECTORS
View Article →Risk framework for important entities
Implementation Guidance:
Apply NIST CSF at maturity level 2-3 for important entities
Mapped Obligations:
- Cybersecurity risk management measures must be implemented
Article 6: Definitions
View Article →Cybersecurity governance and strategy framework
Implementation Guidance:
Use NIST CSF Govern function to structure national cybersecurity strategy
Article 20: Governance
View Article →Cybersecurity governance framework
Implementation Guidance:
Implement NIST CSF governance practices for board-level oversight
Mapped Obligations:
- Management bodies must formally approve all cybersecurity risk-management measures
- Management must oversee implementation of cybersecurity measures
- Management can be held personally liable for non-compliance
- Management members must undergo mandatory cybersecurity training
Article 21: Cybersecurity risk-management measures
View Article →Complete risk management lifecycle
Implementation Guidance:
Apply all NIST CSF functions: Identify, Protect, Detect, Respond, Recover
Mapped Obligations:
- Ensure business continuity through backup management and disaster recovery plans
- Enforce human resources security, access control and asset management
Article 22: Union level coordinated security risk assessments of critical supply chains
View Article →Recovery planning and improvement
Implementation Guidance:
Apply NIST CSF Recover function for resilience
Mapped Obligations:
- Member states must participate in EU-level coordinated supply chain risk assessments when requested
Article 23: Reporting obligations
View Article →Incident response and communication
Implementation Guidance:
Use NIST CSF Response function for incident communications
Article 32: Supervisory and enforcement measures in relation to essential entities
View Article →Governance and oversight
Implementation Guidance:
Establish oversight mechanisms for continuous improvement
Mapped Obligations:
- Ensure management has power and liability for compliance
Quick Information
- Organization
- NIST
- Category
- Risk Framework
- Certification
- Not available