The NIST Cybersecurity Framework 2.0 is an update to the widely adopted guidance for managing cybersecurity risk across diverse organizations and sectors. The revised framework adds a sixth core function—Govern—emphasizing cybersecurity as a strategic organizational concern tied to enterprise risk management. CSF 2.0 also draws attention to supply chain risk, secure software development, and international alignment. It reflects growing consensus that cybersecurity must be approached as a system-wide issue, not just a technical challenge. The framework’s flexible and globally informed structure makes it adaptable to organizations of all sizes, fostering improved cyber resilience through policy integration, cross-sector collaboration, and structured risk analysis.
Author:
National Institute of Standards and Technology (NIST)
