The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) is a set of guidelines designed to help organizations improve their cybersecurity posture, better manage IT security risks, and enhance cyber-resilience.

In 2024, NIST released version 2.0 of their Cybersecurity Framework. This updated guidance represents the first major update since NIST CSF was originally published in 2014. The updates in NIST CSF 2.0 incorporates feedback from users to better reflect the modern cybersecurity landscape and to address emerging threats and technologies. The revisions aim to ensure the framework remains relevant, effective, and can assist organizations in enhancing their cybersecurity posture.

While many organizations have adopted NIST CSF guidance, the original scope was focused on protection of critical infrastructure, such as for enterprises within the energy, industrial, and financial services (i.e. banking), and medical industries. NIST CSF 2.0 expands the scope of security controls guidance to all industries, and organizations of all sizes. In broadening the reach, CSF has also provided clearer guidance that makes it more straightforward and consumable for those looking to implement the framework.

Significantly, version 2.0 adds a "Govern" function into its core framework—bringing the total to six functions. Governance is an important addition as it can have a synergistic impact across the framework, improving the operationalization of cyber risk management.

The new version elevates emphasis on cloud security, supply chain risks, and the threats associated with emerging technologies, like artificial intelligence, the Internet of Things (IoT), and identity-based risks.

The updated framework also acknowledges the interconnection between cybersecurity and privacy and integrates privacy considerations, ensuring a more holistic approach to information security based on data and access.

The CSF Core Functions - Govern, Identify, Protect, Detect, Respond, Recover - provide a structured approach to cybersecurity, so organizations may transition from strategy formulation to risk management and operational resilience. Here is a detailed list of each function's role in this framework.

Sets and manages the organization's cybersecurity strategy, policy, and expectations. Guides and prioritizes actions across functions, aligning with the organization's goals and risk management.
Identifies the organization's cybersecurity risks by understanding assets and suppliers. Guides prioritization, and identifies policy and process improvements to enhance risk management.
Implements safeguards to manage cybersecurity risks, securing assets against adverse events and enhancing the resilience of technology infrastructure. This includes identity management and platform security.
Identifies and analyzes potential cybersecurity attacks or compromises, enabling timely discovery of anomalies and indicators of compromise to inform incident response.
Strategizes and guides action on detected cybersecurity incidents to contain their effects, covering incident management, analysis, mitigation, reporting, and communication.
Restores operations and assets affected by cybersecurity incidents, aiming for a swift return to normal operations and effective communication during recovery.

Since the launch of the NIST CSF in 2014, BeyondTrust has provided solutions and guidance to help customers align with the framework. The BeyondTrust team stands ready to help you operationalize essential security controls and practices of NIST CSF 2.0.

With BeyondTrust, benefit from the ability to:

  • Manage and audit privileged accounts, DevOps secrets, keys, certificates, and more
  • Enforce least privilege and just-in time access across Windows, macOS, and Linux endpoints
  • Secure access and protect sessions for workforce identities, anywhere
  • Intelligently detect and respond to threats across your entire identity infrastructure
  • Extend PAM security best practices to remote support and the service desk

As your trusted advisor, BeyondTrust can help expedite and simplify your journey to NIST 2.0 adoption to reduce enterprise security risk and boost cyber-resilience.

Get the Complete 2.0 Mapping & Guide

Download this guide to access an in-depth mapping of BeyondTrust solutions to the categories and sub-categories outlined in the NIST CSF 2.0 guidance, the CSF Reference Tool, and more, including:

  • The true impact of NIST CSF 2.0 across the cybersecurity landscape
  • A breakdown of what's new and what’s changed in version 2.0
  • How to increase your alignment to the framework while improving your cybersecurity posture

"BeyondTrust makes it easy to make the case for prioritizing security, especially for government organizations concerned with compliance and audit requirements. All these years after implementation, BeyondTrust is still one of only a few CJIS-compliant options available."

City of dothan

Talk to us about your NIST CSF 2.0 compliance requirements.

Contact Sales

"The biggest thing that BeyondTrust enables for our team is the ability to connect any individual—whether it be a researcher or vendor—to any particular product at any time, through one system, and still enforce all of the security requirements that the university, state, and federal government have. "

—Michael E. Fox, Senior Associate Director, Texas A&M

Prefers reduced motion setting detected. Animations will now be reduced as a result.