← All toolsSecurity

NIST CSF 2.0 explorer

The cyber framework everyone maps to, in six plain-English functions, with GOVERN at the centre. A board-level way to talk about security without the fear-based upsell.

NIST (public domain)

The NIST Cybersecurity Framework is the common language regulators, insurers, and enterprises all map to. Version 2.0 (2024) organises everything into six functions, and its headline change is GOVERN, which now sits at the centre, wrapping the other five. Click any function.

GOVERN

New in 2.0

Set the strategy, roles, and risk appetite. Who owns cyber risk, how much you’re willing to carry, and how it ties to the business.

Ask yourself: Does someone actually own this at board level, or is it everyone’s job and therefore no one’s?

D-SIGN.IN · NIST CSF 2.0

CSF 2.0, released February 2024. Six functions, 22 categories, 106 subcategories. It’s deliberately outcome-based: it tells you what good looks like, not which product to buy. A U.S. government work, in the public domain.

Based on the NIST Cybersecurity Framework 2.0, a U.S. government work in the public domain. Descriptions are original; “NIST” is used descriptively, not to imply endorsement.

Want the version tuned to your actual situation?

Book a call
← Back to all tools