US Cybersecurity

NIST CSF 2.0 — The US Cybersecurity Standard

The NIST Cybersecurity Framework 2.0 is the most widely adopted cybersecurity framework globally. 6 functions, ~50 controls, with 75-85% overlap with ISO 27001.

Get Started Book a Demo

~50Controls

6Functions

75-85%ISO 27001 Overlap

What is NIST CSF 2.0?

The NIST Cybersecurity Framework (CSF) 2.0 is the updated version of the US government's foundational cybersecurity guidance. Version 2.0 adds the Govern function alongside the original five (Identify, Protect, Detect, Respond, Recover), emphasising organisational governance and supply chain risk management.

While originally designed for US critical infrastructure, the framework is now used globally across all sectors. Its risk-based approach and flexible implementation tiers make it suitable for organisations of all sizes. Many regulators reference NIST CSF as a baseline cybersecurity standard.

The framework provides 75-85% overlap with ISO 27001, making it efficient for organisations pursuing both. Norivo maps this overlap automatically, plus cross-references to AI governance frameworks for organisations managing both cybersecurity and AI compliance.

75-85% overlap with ISO 27001 — manage both frameworks on one platform with shared evidence and unified reporting.

Why Norivo for NIST CSF 2.0?

6-Function Coverage

Norivo maps all 6 NIST CSF 2.0 functions: Govern, Identify, Protect, Detect, Respond, and Recover — with guided workflows for each.

Implementation Tiers

Assess your current maturity across NIST CSF tiers (Partial, Risk Informed, Repeatable, Adaptive) and track progress over time.

Profile Generation

Nora generates current-state and target-state profiles tailored to your organisation's risk environment and business objectives.

Key Requirements

GV: Governance and risk management strategy (Govern)

GV: Cybersecurity supply chain risk management (Govern)

ID: Asset management and business environment (Identify)

ID: Risk assessment and vulnerability management (Identify)

PR: Identity management and access control (Protect)

PR: Awareness training and data security (Protect)

PR: Protective technology and maintenance (Protect)

DE: Anomalies and events detection (Detect)

DE: Continuous security monitoring (Detect)

RS: Response planning and communications (Respond)

RS: Analysis, mitigation, and improvements (Respond)

RC: Recovery planning and improvements (Recover)

How Norivo Helps

Assess your current profile

Norivo evaluates your existing cybersecurity posture against all 6 NIST CSF functions and assigns implementation tier ratings.

Define your target profile

Set target maturity levels for each function based on your risk appetite. Nora recommends priorities based on your sector and threat landscape.

Close the gap

Follow guided workflows to implement missing controls. Auto-collect evidence from your security tools via 50+ integrations.

Monitor and improve

Continuous monitoring tracks your progress toward target profiles. Generate NIST CSF alignment reports for executives and auditors.

Get NIST CSF 2.0 Compliant

Get set up by our team in under 48 hours.