The NIST Cybersecurity Framework (CSF) 2.0, published by the US National Institute of Standards and Technology in February 2024, is the most widely adopted cybersecurity framework globally — used by organisations across all sectors and geographies. Version 2.0 significantly expands the original 2014 framework by adding a new Govern function, broadening applicability beyond critical infrastructure to all organisations, and strengthening supply chain guidance.

The framework is built around 6 core functions — Govern, Identify, Protect, Detect, Respond, Recover — each containing categories and subcategories that map to specific cybersecurity outcomes. It is deliberately non-prescriptive, allowing organisations to adapt it to their risk appetite, sector, and maturity level using Implementation Tiers (1–4) and customisable Profiles.

🌍 India Context: NIST CSF is recognised by SEBI, CERT-In, and RBI as an acceptable cybersecurity framework for Indian regulated entities. It provides the risk language and structure to align with the DPDP Act 2023 and RBI Cyber Security Framework.