NIST Cybersecurity Framework 2.0 Assessment

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

• Organization wants to assess its cybersecurity posture against a recognized, voluntary framework
• Building a cybersecurity program from scratch and need a structured approach
• Board or executive leadership requests a cybersecurity maturity assessment
• Developing current-state and target-state organizational profiles
• Mapping existing controls to a common taxonomy for stakeholder communication
• Preparing for regulatory requirements that reference NIST CSF (e.g., some federal contracts, state regulations, insurance questionnaires)
• Evaluating supply chain cybersecurity risk management practices
• Annual or periodic reassessment of cybersecurity program maturity

Context

The NIST Cybersecurity Framework (CSF) 2.0, published February 26, 2024, is a major update to the original CSF 1.1 (April 2018). CSF 2.0 is designed for all organizations, not just critical infrastructure, and introduces the GOVERN function as a new top-level function emphasizing cybersecurity governance, risk management strategy, and supply chain risk management.