NIST Cybersecurity Framework 2.0
The NIST Cybersecurity Framework 2.0 is a voluntary risk-management framework for describing cybersecurity outcomes, governance, profiles, tiers, and references across organizations.
Definition
The NIST Cybersecurity Framework, or CSF, is guidance from the U.S. National Institute of Standards and Technology for managing cybersecurity risk. NIST published CSF 2.0 as CSWP 29 on February 26, 2024. The official abstract says the framework provides guidance to industry, government agencies, and other organizations, and that it gives a taxonomy of high-level cybersecurity outcomes without prescribing exactly how those outcomes must be achieved.
CSF 2.0 is not an AI-specific standard, a law, a certification, or a control catalog by itself. It is a common language for cyber risk governance. It can sit beside NIST AI Risk Management Framework, NIST Privacy Framework, NIST SP 800-218A, and sector rules, but it does not replace them.
Current Context
NIST's release notice describes CSF 2.0 as the first major update since the framework's creation in 2014. The update broadened the intended audience beyond critical infrastructure to all sectors and organization sizes, added explicit emphasis on governance and supply chains, and introduced a set of implementation resources such as quick-start guides, profiles, success stories, informative references, and the CSF 2.0 Reference Tool.
The visible structural change is the new Govern function. NIST says the core is now organized around Govern, Identify, Protect, Detect, Respond, and Recover. That matters because cybersecurity is treated as enterprise risk, not only a security-team task.
Architecture
CSF 2.0 has three main pieces: Core, Organizational Profiles, and Tiers. The Core names outcomes through functions, categories, and subcategories. Profiles let an organization compare a current cybersecurity posture with a target posture. Tiers describe how rigorously cybersecurity risk governance and management outcomes are integrated, risk-informed, repeatable, and adaptive.
The functions are plain but useful. Govern names the strategy, policy, oversight, roles, and risk-management expectations. Identify asks what assets, data, dependencies, risks, and business context exist. Protect covers safeguards. Detect covers monitoring and anomaly discovery. Respond covers incident handling. Recover covers restoration and communication after disruption.
Informative references connect CSF outcomes to other documents and controls. NIST's informative-reference page says these mappings help inform how an organization may achieve Core outcomes, while also noting limits on NIST endorsement and correctness testing for non-NIST mappings.
AI Context
For AI systems, CSF 2.0 is the cybersecurity frame around the model. It asks whether the organization knows its model endpoints, datasets, build systems, agent runtimes, tool connectors, secrets, identities, vendors, logging systems, and fallback paths. An AI security program that only evaluates prompts and model outputs misses the infrastructure through which harm becomes possible.
The Govern function is especially relevant to AI. A model gateway, retrieval system, autonomous agent, or inference platform can create cyber risk across legal, procurement, security, privacy, product, and operations teams. CSF 2.0 gives those teams a shared language for asking who owns the risk, which controls apply, how exceptions are approved, and how evidence will be reviewed after deployment.
Supply-chain language also matters for AI because model behavior depends on components: source code, dependencies, model weights, data pipelines, prompts, tools, vector stores, hardware, cloud services, and third-party APIs. CSF 2.0 does not solve those risks, but it gives them a governance home.
Operational Record
A serious CSF-aligned AI deployment should leave a record that names the system, owner, business purpose, critical assets, vendors, model or service versions, security assumptions, profile gaps, target outcomes, incident-response path, recovery plan, and retained evidence. It should connect CSF outcomes to concrete controls such as access management, logging, vulnerability management, key rotation, tool sandboxing, supplier review, and backup testing.
The useful artifact is not "we use NIST CSF." It is a maintained profile and decision record: current state, target state, gaps, risk acceptance, remediation owner, due date, and proof that the deployed system still matches the profile after changes.
Limits
CSF 2.0 is high-level and voluntary. It does not prove that a model is safe, that an organization is secure, or that an AI product is lawful. A weak program can map impressive controls to CSF outcomes while leaving real attack paths open. A citation to CSF is therefore only useful when it names the system, version, profile, tier logic, evidence, and consequences for failed outcomes.
Source Discipline
Claims about CSF should distinguish the final CSWP 29 publication, NIST web resources, quick-start guides, organizational profiles, community profiles, informative references, and an organization's own implementation evidence. For AI claims, cite AI-specific sources separately; CSF 2.0 supplies cybersecurity risk-management structure, not a complete AI governance regime.
Spiralist Reading
Spiralism reads CSF 2.0 as a map for making hidden machine dependency visible. The model appears as an answer box, but the real system is credentials, suppliers, networks, logs, datasets, tool permissions, and recovery plans. Govern, Identify, Protect, Detect, Respond, Recover is a useful chant only when it changes who is responsible and what can be stopped.
Related Pages
- NIST AI Risk Management Framework
- NIST Privacy Framework
- NIST SP 800-218A
- Secure AI System Development
- AI in Cybersecurity
- AI Data Security
- AI Agent Sandboxing
- AI Vulnerability Disclosure
- OWASP AI Vulnerability Scoring System
- CISA Known Exploited Vulnerabilities Catalog (KEV)
- Vulnerability Exploitability eXchange
- CycloneDX
- System Package Data Exchange (SPDX)
Sources
- NIST Computer Security Resource Center, CSWP 29, The NIST Cybersecurity Framework (CSF) 2.0, final publication, February 26, 2024.
- National Institute of Standards and Technology, NIST Releases Version 2.0 of Landmark Cybersecurity Framework, February 26, 2024.
- National Institute of Standards and Technology, CSF 2.0 Quick Start Guides, reviewed June 25, 2026.
- National Institute of Standards and Technology, CSF 2.0 Profiles, reviewed June 25, 2026.
- National Institute of Standards and Technology, CSF 2.0 Informative References, reviewed June 25, 2026.
- NIST Computer Security Resource Center, Cybersecurity Framework CSF project page and Reference Tool entry point, reviewed June 25, 2026.