Framework library / NIST CSF

Data & Security · regulatory framework

NIST Cybersecurity Framework 2.0.

The US cybersecurity framework — CSF 2.0 elevates supply-chain risk management into the new Govern function.

What it is

NIST CSF 2.0 (2024) organizes cybersecurity outcomes into six functions — Govern, Identify, Protect, Detect, Respond, Recover. The new Govern function makes cybersecurity supply chain risk management (C-SCRM, GV.SC) explicit: suppliers must be known, prioritized, contractually bound and monitored, with outcomes documented.

Who it applies to

US federal suppliers and critical infrastructure, plus the growing set of enterprises that adopt CSF as their security baseline.

The evidence auditors expect

How ComplianceFlow keeps you ready

Related frameworks

ISO 27001SOC 2FSMA 204

See NIST CSF evidence assemble itself.

ComplianceFlow keeps a living copy of NIST CSF mapped to your suppliers, products and evidence — so what you must prove is always current, and always exportable.

Book a demo Get the audit checklist