← Glossary·Frameworks

NIST CSF

Also known as: NIST Cybersecurity Framework · CSF 2.0
NIST

Voluntary NIST framework organising cybersecurity outcomes into six Functions: Govern, Identify, Protect, Detect, Respond, Recover.

The NIST Cybersecurity Framework 2.0 (2024) organises cybersecurity outcomes into six core Functions — Govern, Identify, Protect, Detect, Respond, Recover — each broken into Categories and Subcategories. It is voluntary, sector-agnostic, and widely used as a maturity yardstick.

Why it matters
CSF is the most common common-language framework for board-level cyber reporting in the US. It maps cleanly onto ISO 27001, SOC 2, and CMMC, making it the natural ‘meta’ layer for a multi-framework program.

Related terms

NIST SP 800-53
NIST catalogue of 1000+ security and privacy controls for federal information systems (Rev 5).
ISO/IEC 27001
International standard for an Information Security Management System (ISMS) with 93 Annex A controls.
CMMC
DoD certification model required of defense contractors handling FCI / CUI; three levels (Foundational, Advanced, Expert).

Does your program actually cover NIST CSF?

Run a free ComplianceIQ audit against NIST and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free NIST auditBack to glossary