.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Manage and reduce cybersecurity risk with the NIST Cybersecurity Framework version 2.0.The NIST Cybersecurity Framework (CSF) 2.0 is a voluntary framework developed by the U.S. National Institute of Standards and Technology. Released in 2024, version 2.0 expands the original five functions to six by adding Govern, making it suitable for organizations of all sizes and sectors — not just critical infrastructure.
NIST CSF 2.0 is widely adopted across industries as a flexible, outcome-based approach to managing cybersecurity risk. It is not a certification — it is a framework for organizing and improving your security program.
Who needs NIST CSF v2.0?
Organizations of any size
CSF 2.0 was redesigned to be useful for small businesses through large enterprises across every sector.
Government contractors
Often used as a baseline to demonstrate cybersecurity maturity to federal and state agencies.
Key components
Govern
New in 2.0. Establishes and monitors the organization’s cybersecurity risk management strategy, expectations, and policy.
Identify
Understand assets, data, capabilities, and risks to systems, people, and operations.
Protect
Implement safeguards — access control, awareness training, data security, and maintenance.
Detect
Identify cybersecurity events through continuous monitoring and detection processes.
Respond
Take action on detected incidents — response planning, communications, analysis, mitigation.
Recover
Restore capabilities and services impaired by incidents and improve resilience.
How DSALTA helps with NIST CSF v2.0
Activate NIST CSF 2.0
Select NIST CSF 2.0 from the Frameworks page. DSALTA maps all six functions and their categories to pre-built controls.
Review mapped controls
DSALTA maps controls across Govern, Identify, Protect, Detect, Respond, and Recover. Review each and assign owners.
Collect evidence automatically
Connect integrations so DSALTA runs automated tests and gathers evidence continuously.
Frequently asked questions
What is new in CSF 2.0 versus 1.1?
What is new in CSF 2.0 versus 1.1?
The biggest change is the addition of the Govern function, which elevates cybersecurity governance and risk management to a core pillar. CSF 2.0 also broadened its scope beyond critical infrastructure to all organizations.
Is NIST CSF a certification?
Is NIST CSF a certification?
No. NIST CSF is a voluntary framework, not a certifiable standard. There is no official NIST CSF certificate, though you can demonstrate alignment to customers and regulators.
How does CSF relate to ISO 27001?
How does CSF relate to ISO 27001?
They are complementary. ISO 27001 is a certifiable management system standard, while NIST CSF is an outcome-based framework. Many organizations map between the two.