The NIST Cybersecurity Framework 2.0, released in early 2024, has seen rapid adoption across enterprise organizations. A recent survey indicates that over 60% of Fortune 500 companies have begun implementing the frameworkâs new Govern function.
Key Changes in CSF 2.0
The most significant update is the addition of the Govern function, which elevates cybersecurity risk management to the organizational leadership level. This sixth function joins the existing Identify, Protect, Detect, Respond, and Recover pillars.
Other notable changes include:
- Expanded scope beyond critical infrastructure to all organizations
- Improved supply chain risk management guidance
- Enhanced integration with other NIST frameworks (RMF, Privacy Framework)
- New implementation examples and quick-start guides
Industry Response
Security leaders have praised the update for better addressing governance gaps that were identified in post-breach analyses over the past several years. The framework now explicitly requires board-level engagement in cybersecurity strategy.