We are excited to announce that Secureframe now supports the newly released update to the NIST Cybersecurity Framework (CSF) 2.0. We have updated our framework from the original NIST CSF to account for the changes. 

This update is part of our commitment to keeping our platform at the forefront of cybersecurity standards, and ensuring that our customers are meeting the most up-to-date requirements.

What’s new with NIST CSF 2.0?

The National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) provides guidance to organizations to manage cybersecurity risks effectively. The new update – CSF 2.0 – released on February 26, 2024, introduces refined guidelines and an expanded approach, focusing on modern threats and the latest security methodologies.

Created by the US National Institute of Standards and Technology (NIST), NIST CSF 2.0 provides a flexible framework that any organization can use to create and maintain a robust information security program. 

Building on previous versions, NIST CSF 2.0 introduces new features that highlight governance and supply chain risk management. NIST CSF 2.0 compliance divides cybersecurity activities into six categories now instead of five:

• Govern: Are the organization’s cybersecurity risk management strategy, expectations, and policy established, communicated, and monitored?  
• Identity:  Are the organization’s current cybersecurity risks regarding assets and suppliers understood? 
• Protect:  Are safeguards to manage the organization’s cybersecurity risks in place?
• Detect: How are possible cybersecurity attacks and compromises found and analyzed?
• Respond: How does the organization respond to detected cybersecurity incidents?
• Recover: How are assets and operations affected by a cybersecurity incident restored?

To help ensure our customers meet these new requirements, we have updated our controls and tests to align with the NIST CSF 2.0 framework. We have also added new supply chain and third party risks into our risk library to help meet NIST CSF 2.0 requirements.

Who needs NIST CSF 2.0 Compliance?

NIST CSF 2.0 compliance is required for organizations that work with the US federal government, institutions supported by federal grants, and/or within the supply chain for a federal agency. While an audit is not required, many companies leverage NIST CSF to set a baseline for compliance per industry standards and audits can be done if organizations want an attestation against the standards.

How Secureframe streamlines NIST CSF 2.0 compliance

Secureframe streamlines compliance with NIST CSF 2.0 by offering tailored tools and templates, integrating over 200 technologies for automated evidence collection, and providing NIST CSF 2.0-specific mapped tests and controls. Leverage NIST CSF 2.0 specific policies and templates or any of our customizable policy templates developed by compliance experts. Continuous monitoring and robust risk management ensure consistent adherence to NIST CSF 2.0 framework requirements. 

To learn more about Secureframe, NIST CSF 2.0, or any of the frameworks we support, reach out to schedule a demo with one of our compliance experts.

Donna Lee

Senior Product Marketing Manager

Donna Lee served as Senior Product Marketing Manager at Secureframe, where she led go-to-market strategy and product storytelling for new compliance automation features. She partnered closely with product and engineering teams to translate complex security capabilities into clear, customer-focused solutions that simplify compliance and strengthen organizations’ security postures. Donna now serves as a Senior Product Marketing Manager for Microsoft Security Copilot, helping bring the power of AI to modern cybersecurity.

Anna Fitzgerald

Senior Content Marketing Manager

Anna Fitzgerald is a digital and product marketing professional with nearly a decade of experience delivering high-quality content across highly regulated and technical industries, including healthcare, web development, and cybersecurity compliance. At Secureframe, she specializes in translating complex regulatory frameworks—such as CMMC, FedRAMP, NIST, and SOC 2—into practical resources that help organizations of all sizes and maturity levels meet evolving compliance requirements and improve their overall risk management strategy.