{"id":291,"date":"2025-09-29T02:52:36","date_gmt":"2025-09-29T02:52:36","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/jaredpeel\/?p=291"},"modified":"2025-09-29T02:52:36","modified_gmt":"2025-09-29T02:52:36","slug":"nist-cybersecurity-framework-1-1-and-2-0-differences","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/jaredpeel\/2025\/09\/29\/nist-cybersecurity-framework-1-1-and-2-0-differences\/","title":{"rendered":"NIST Cybersecurity Framework 1.1 and 2.0 Differences"},"content":{"rendered":"The NIST Cybersecurity Framework (CSF) 2.0, released in 2024, introduced several important changes and enhancements over the previous version 1.1 (released in 2018). While the core intent of helping organizations manage cybersecurity risks remains the same, version 2.0 reflects the evolution of cybersecurity challenges and practices since 1.1. Here are the key differences: <br \/><br \/> <br \/><br \/>\ud83d\udd11 1. Expanded Scope: From Critical Infrastructure to All Organizations <br \/><br \/>CSF 1.1: Primarily focused on protecting critical infrastructure (e.g., energy, water, healthcare, transportation). <br \/><br \/>CSF 2.0: Explicitly broadens its scope to be applicable to all organizations, regardless of size, sector, or maturity. <br \/><br \/>Impact: This shift makes CSF 2.0 a more inclusive, universal cybersecurity framework. <br \/><br \/> <br \/><br \/>\ud83c\udd95 2. New Govern Function (Making it Six Functions) <br \/><br \/>CSF 1.1: Featured 5 core functions \u2014 Identify, Protect, Detect, Respond, Recover. <br \/><br \/>CSF 2.0: Adds a 6th function: Govern. <br \/><br \/>\ud83d\udd38 The Govern function covers: <br \/><br \/>Organizational context <br \/><br \/>Risk management strategy <br \/><br \/>Roles, responsibilities, and policies <br \/><br \/>Oversight and accountability <br \/><br \/>Impact: Elevates cybersecurity governance to a first-class element in risk management and strategic alignment. <br \/><br \/> <br \/><br \/>\ud83d\udd01 3. Updated and Expanded Categories &amp; Subcategories <br \/><br \/>CSF 2.0 reorganizes and updates many of the existing categories and subcategories (formerly 108, now 106 in 2.0). <br \/><br \/>Modernization includes: <br \/><br \/>Greater focus on supply chain risks <br \/><br \/>Software security, such as secure development practices <br \/><br \/>Identity management and access control improvements <br \/><br \/>Enhanced attention to data management and resilience <br \/><br \/>Impact: More comprehensive and current representation of modern cybersecurity challenges. <br \/><br \/> <br \/><br \/>\ud83c\udf10 4. Integration with Other Frameworks and Resources <br \/><br \/>CSF 2.0 improves linkage to NIST\u2019s other resources (e.g., NIST SP 800-53, 800-171, NICE Framework, Privacy Framework). <br \/><br \/>Includes a more extensive CSF Reference Tool and Quick Start Guides. <br \/><br \/>Impact: Easier for organizations to map CSF to other standards and controls and adopt practices relevant to their sector or regulatory needs. <br \/><br \/> <br \/><br \/>\ud83d\udcc8 5. Emphasis on Continuous Improvement &amp; Outcomes <br \/><br \/>CSF 2.0 emphasizes cybersecurity outcomes rather than prescriptive controls. <br \/><br \/>Introduces the concept of organizational profiles (Current and Target) and Implementation Examples. <br \/><br \/>Impact: Encourages organizations to tailor the framework to their maturity and goals, promoting continual evolution and measurable improvement. <br \/><br \/> <br \/><br \/>\ud83d\udee0\ufe0f 6. Updated Implementation Tiers <br \/><br \/>CSF 2.0 refines the Implementation Tiers (Partial to Adaptive) with more focus on governance and risk-informed decision-making. <br \/><br \/>Better aligned with the new Govern function and enterprise risk management (ERM). <br \/><br \/>Impact: Helps organizations better understand and communicate their maturity level and risk posture. ","protected":false},"excerpt":{"rendered":"<p>The NIST Cybersecurity Framework (CSF) 2.0, released in 2024, introduced several important changes and enhancements over the previous version 1.1 (released in 2018). While the core intent of helping organizations manage cybersecurity risks remains the same, version 2.0 reflects the evolution of cybersecurity challenges and practices since 1.1. Here are the key differences: \ud83d\udd11 1&#8230;. <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/jaredpeel\/2025\/09\/29\/nist-cybersecurity-framework-1-1-and-2-0-differences\/\">Read More<\/a><\/div>\n","protected":false},"author":31621,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/posts\/291"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/users\/31621"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/comments?post=291"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/posts\/291\/revisions"}],"predecessor-version":[{"id":292,"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/posts\/291\/revisions\/292"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/media?parent=291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/categories?post=291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jaredpeel\/wp-json\/wp\/v2\/tags?post=291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}