---
title: "NIST Cybersecurity Framework (CSF) 2.0"
canonical_url: "https://www.sorena.io/artifacts/global/nist-csf-2-0"
source_url: "https://www.sorena.io/artifacts/global/nist-csf-2-0"
author: "Sorena AI"
description: "Practical NIST CSF 2.0 guidance grounded to NIST CSWP 29: GOVERN, the CSF Core, Organizational Profiles, Tiers, informative references."
published_at: "2026-03-04"
updated_at: "2026-03-04"
keywords:
  - "NIST CSF 2.0"
  - "NIST Cybersecurity Framework 2.0"
  - "Cybersecurity Framework 2.0"
  - "NIST CSF GOVERN function"
  - "NIST CSF Core"
  - "NIST CSF Functions Govern Identify Protect Detect Respond Recover"
  - "NIST CSF Categories Subcategories"
  - "CSF Organizational Profile"
  - "CSF current profile"
  - "CSF target profile"
  - "current vs target profile template"
  - "CSF tiers"
  - "Tier 1 Partial"
  - "Tier 2 Risk Informed"
  - "Tier 3 Repeatable"
  - "Tier 4 Adaptive"
  - "cybersecurity risk governance"
  - "cybersecurity risk management"
  - "executive reporting"
  - "board metrics"
  - "informative references"
  - "implementation examples"
  - "NIST CSF vs ISO 27001"
  - "Cybersecurity framework"
  - "Cyber risk governance"
  - "Profiles and tiers"
  - "Global compliance"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# NIST Cybersecurity Framework (CSF) 2.0

Practical NIST CSF 2.0 guidance grounded to NIST CSWP 29: GOVERN, the CSF Core, Organizational Profiles, Tiers, informative references.

![NIST CSF 2.0 artifact preview](https://cdn.sorena.io/cdn-cgi/image/format=auto/cheatsheets/prod/sorena-ai-global-nist-csf-2-0-small.jpg?v=cheatsheets%2Fprod)

*NIST CSF 2.0* *Free Resource*

## NIST CSF 2.0 Cyber risk governance and implementation hub

Use these guides to implement NIST CSF 2.0 as a real operating model: establish GOVERN, build Current and Target Organizational Profiles, use Tiers to characterize rigor, prioritize gaps into an action plan, and report progress with metrics that executives and boards can understand.

Grounded to NIST CSWP 29, published February 26, 2024. CSF 2.0 is designed for organizations of all sizes and sectors and is meant to be used with NISTs broader CSF portfolio of informative references, implementation examples, quick-start guides, and profile resources.

[Jump to guides](#topics)

## What this artifact helps you do

- **Build a governance-first program**: Use the new GOVERN function to connect cyber risk decisions to enterprise risk management and executive accountability.
- **Turn outcomes into a roadmap**: Create Current/Target Profiles and convert gaps into prioritized work with owners and evidence.
- **Report progress with metrics**: Build board-ready metrics and evidence that improves assurance and audit readiness.

By Sorena AI | Updated 2026 | No signup required

### Quick scan

*NIST CSF*

- **Compliance playbook**: How to run CSF 2.0 as an operating model.
- **Profiles template**: Current vs Target Profile workflow and template guidance.
- **Topic guides**: Governance + metrics, FAQ, and CSF vs ISO 27001 comparison.

NIST CSF 2.0 works when outcomes become ownership, cadence, and evidence. These guides focus on implementation and repeatability.

| Value | Metric |
| --- | --- |
| 6 | Functions |
| Profiles | Driven |
| Tiers | Aligned |
| Boards | Readable |

**Key highlights:** GOVERN | Profiles | Tiers

## Topic Guides

- [NIST CSF 2.0 Compliance Playbook (Profiles, Tiers, GOVERN)](/artifacts/global/nist-csf-2-0/compliance.md): A practical NIST CSF 2.0 compliance playbook: establish GOVERN, implement CSF Core outcomes, build Current and Target Organizational Profiles.
- [NIST CSF 2.0 Current vs Target Profile Template (Step-by-Step)](/artifacts/global/nist-csf-2-0/current-vs-target-profile-template.md): How to build a NIST CSF 2.0 Current Profile and Target Profile: template columns, prioritization method, evidence mapping.
- [NIST CSF 2.0 FAQ (Profiles, Tiers, GOVERN, Evidence)](/artifacts/global/nist-csf-2-0/faq.md): NIST CSF 2.0 FAQ: what changed in CSF 2.0 (GOVERN, supply chain focus), how to build Organizational Profiles, how to choose CSF Tiers.
- [NIST CSF 2.0 Governance and Metrics (GOVERN + Board Reporting)](/artifacts/global/nist-csf-2-0/governance-and-metrics.md): How to operationalize the NIST CSF 2.0 GOVERN function: decision rights, risk acceptance, enterprise risk integration, supplier risk governance.
- [NIST CSF 2.0 vs ISO 27001 (Mapping + How to Run Both)](/artifacts/global/nist-csf-2-0/nist-csf-vs-iso-27001.md): NIST CSF 2.0 vs ISO/IEC 27001 explained: outcomes framework vs certifiable management system.

## Explore NIST CSF 2.0 guides

*Guides*

Use these subpages for implementation deep dives: compliance playbook, current vs target profile template, governance and metrics, FAQ, and CSF vs ISO 27001.

## How to run NIST CSF 2.0 as a program

*Navigation*

Treat CSF 2.0 as an outcomes-based program: use the Core to define desired outcomes, Profiles to describe current and target posture, Tiers to characterize governance and management rigor, and the online CSF portfolio to map outcomes to controls, examples, and action plans.

*Next step*

## Turn NIST CSF 2.0 Cyber risk governance and implementation hub into an operational assessment workflow

NIST CSF 2.0 Cyber risk governance and implementation hub should be the shared entry point for your team. Route execution into Assessment Autopilot for live work and into SSOT when the artifact needs deeper research, evidence governance, or supporting analysis.

- Start from NIST CSF 2.0 Cyber risk governance and implementation hub and route the work by entity, product, team, or control owner.
- Use Assessment Autopilot to turn the guidance into owned tasks, evidence requests, and review checkpoints.
- Use SSOT to keep documents, evidence, and control records in one governed system.
- Move from artifact reading to accountable execution without rebuilding the guidance in separate files.

- [Open Assessment Autopilot](/solutions/assessment.md): Turn the guidance into owned tasks, evidence requests, and review checkpoints for NIST CSF 2.0 Cyber risk governance and implementation hub.
- [Open SSOT](/solutions/ssot.md): Keep documents, evidence, and control records in one governed system from the same artifact.
- [Talk through NIST CSF 2.0 Cyber risk governance and implementation hub](/contact.md): Review your current process, evidence model, and next steps for NIST CSF 2.0 Cyber risk governance and implementation hub.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/global/nist-csf-2-0